A patch baseline is a collection of missing patches ready for installation on your instances. From a given feed, you can choose a subset of the packages that address key vulnerabilities. The package subset is your patch baseline.

You have the option of creating a static baseline or a dynamic baseline.

For a static baseline, you choose patches from the available patch list. The patch list remains fixed until you update it.

A dynamic baseline consists of a set of patches that meet select filter criteria. The dynamic baseline patch list varies as the available patches change, according to the filter criteria. Dynamic baseline filter criteria include properties such as severity, rating, and CVE IDs.

After configuring a patch baseline, you can:

  • View missing patches.
  • Do Patch compliance configuration.

To create a patch baseline:

  1. Select a client from the All Clients list.

  2. Go to AUTOMATION > Patch Management > Patch Baselines and click + Add.

  3. In the Select Patches for New Patch Baseline section, enter the following information:

    ParameterDescription
    NamePatch baseline name
    DescriptionPatch baseline description
    ClientClient to whom to apply the patch baseline
    FeedInstalled Windows and Linux integration feeds
  4. In the Select Patches to Include section, select:

    • Include Selected Patches to define a static baseline.
    • Include patches that satisfy the below rules(Dynamically applied) to define a dynamic baseline.
  5. If you selected the Include Selected Patches static option, select patches from the list of available patches and click Save to complete the patch baseline specification.

If you selected the Include patches that satisfy the below rules dynamic option, continue with the following steps.

  1. Specify the filter criteria using the drop-down menus:

    • Please select from the following patch classifications:

      • Category
      • Cve
      • Patch name
      • Rating
      • Severity
    • Conditional:

      • Contains
      • Not Contains
      • Equals
      • Not Equals
      • Starts With
      • Ends With

    Click the + icon to add additional search qualifiers.

  2. Enter a comparison string in the edit box.

  3. Click the Show Matching Members button to view patches that match your selection criteria. You must previously have defined the Feed and baseline Name for this baseline. The following properties are displayed for matching patches:

    • External ID
    • Patch Name
    • Category
    • Severity
    • Release Date
  4. From the list of available patches, select the patches you want to include in the patch baseline.

  5. In the Select Patches to Exclude section, select the patches you want to exclude from the patch baseline.

  6. Click Save to save your patch baseline specification.

To view the list of patch baselines you defined, go to AUTOMATION > Patch Management > Patch Baselines. The list entry summarizes the defined patch baseline properties:

AttributeDescription
NamePatch baseline name
Last Updated ByName of the user who updated the patch baseline
Last Updated TimeLast time and date the patch baseline was updated
Included CountNumber of patches included in the patch baseline
Excluded CountNumber of patches excluded from the patch baseline
EnabledEnable or Disable the patch baseline