A patch baseline is a collection of missing patches ready for installation on your instances. From a given feed, you can choose a subset of the packages that address key vulnerabilities. The package subset is your patch baseline.
You have the option of creating a static baseline or a dynamic baseline.
For a static baseline, you choose patches from the available patch list. The patch list remains fixed until you update it.
A dynamic baseline consists of a set of patches that meet select filter criteria. The dynamic baseline patch list varies as the available patches change, according to the filter criteria. Dynamic baseline filter criteria include properties such as severity, rating, and CVE IDs.
After configuring a patch baseline, you can:
- View missing patches.
- Do Patch compliance configuration.
To create a patch baseline:
Select a client from the All Clients list.
Go to AUTOMATION > Patch Management > Patch Baselines and click + Add.
In the Select Patches for New Patch Baseline section, enter the following information:
Parameter Description Name Patch baseline name Description Patch baseline description Client Client to whom to apply the patch baseline Feed Installed Windows and Linux integration feeds In the Select Patches to Include section, select:
- Include Selected Patches to define a static baseline.
- Include patches that satisfy the below rules(Dynamically applied) to define a dynamic baseline.
If you selected the Include Selected Patches static option, select patches from the list of available patches and click Save to complete the patch baseline specification.
If you selected the Include patches that satisfy the below rules dynamic option, continue with the following steps.
Specify the filter criteria using the drop-down menus:
Please select from the following patch classifications:
- Category
- Cve
- Patch name
- Rating
- Severity
Conditional:
- Contains
- Not Contains
- Equals
- Not Equals
- Starts With
- Ends With
Click the + icon to add additional search qualifiers.
Enter a comparison string in the edit box.
Click the Show Matching Members button to view patches that match your selection criteria. You must previously have defined the Feed and baseline Name for this baseline. The following properties are displayed for matching patches:
- External ID
- Patch Name
- Category
- Severity
- Release Date
From the list of available patches, select the patches you want to include in the patch baseline.
In the Select Patches to Exclude section, select the patches you want to exclude from the patch baseline.
Click Save to save your patch baseline specification.
To view the list of patch baselines you defined, go to AUTOMATION > Patch Management > Patch Baselines. The list entry summarizes the defined patch baseline properties:
Attribute | Description |
---|---|
Name | Patch baseline name |
Last Updated By | Name of the user who updated the patch baseline |
Last Updated Time | Last time and date the patch baseline was updated |
Included Count | Number of patches included in the patch baseline |
Excluded Count | Number of patches excluded from the patch baseline |
Enabled | Enable or Disable the patch baseline |