It would be very helpful if there was a way to see the devices associated with patches. Also I have environments where I don’t want to install a patch, but other environments that I do. For example, I have several segments that I do not want to update the browser version or Java, but for the rest of our environment we do want both the browsers and Java to be updated. Is there a way to approve the patch/update for only specific segments of our environment?
Thank you,
Brad
Page 1 / 1
You’re in luck - I just got to see a demo of this very feature. You’ll be able to search on the Devices page for devices for which a specific CVE patch is needed, or by patch severity, and see all the devices it applies to.
The filter options are nice, but they don’t allow me to filter on specific patches or to view updates/patches that need to be approved by device, which is what I am looking for.
Would a manual approval policy work better for you? That lets you see the patches and how many devices it will affect before you run them.
I’m assuming that which devices should and shouldn’t receive patches changes based on the situation? As in, you can’t just group devices to solve the issue, as those groupings change?
I already have a manual approval policy, but that only shows me the updates that need to be approved, but doesn’t show me what device it is associated with. For example, I will see the same update listed several times if it is for devices
with different versions of the same OS (Win10 1809 Win10 1909). On the flip side, if there are several devices with the same version of the OS then the patch will show as well, but I can’t tell if it is for one machine or 100 machines.
From the dashboard it is better in that it groups the patches for the same update even across multiple version of the same OS, but I still can’t see what devices and I also don’t have the ability to approve patches for specific policies/devices
and not allow that same patch for other devices/policies.
It sounds like you need dynamic groups, which is a popular feature request on our roadmap site:
which would then give you the ability to group a bunch of machines by criteria and apply the patches just to them and not others.
Thanks for giving me a clearer picture of your use case - I’ll pass that along to the product team to include in their feedback.
Would that allow me to see patches/updates that need approval by device?
I think that feature (I mean I’m guessing, we haven’t even designed it yet 🙂 ) would let you group a bunch of endpoints by dynamic criteria and then approve the patch only for the machines that meet that criteria.
Potentially we could approach your use case another way, which would be an ability to approve/ignore at the device level (without you have to manually go to each device one by one).
Sorry we don’t have a better workaround for you in the meantime.