SanerNow Patch Management Solution offers automation rules to remediate vulnerabilities soon after detection. You can automate the entire patch management cycle from scanning to deployment with the automation rules.
Let us learn how to automate patch management in SanerNow.
- Go to Patch Management Tool: You will land on the patch management dashboard
- Click on Automation
- Select desired Asset Group and Asset Family
- Now, select the assets by clicking the checkboxes
- Click on Create Automation Rule
The Schedule Task Window is displayed to create an automation rule.
In Schedule Task Window, you can opt for patching options.
- Decide on patch severity to remediate: Critical, High, Medium, Low
Note: Vendor Advisories (such as USN, RHSA, or CESA) are not considered for patch severity because there is no definite CVE score associated with them.
- Choose patch installation type: You can choose both security and non-security patches
- Click on the Future Assets checkbox to include upcoming assets for patching
- Now, click next to go to the schedule a task window
Again, in Schedule Task Window, you can set schedule options.
- Select how often the patching process must take place.
- If you select the After Scheduled Scan option, patching happens every time after the scan
- If you select to patch Daily at a specific time, mention the start and end time
- If you want to patch Weekly, schedule the week and the day along with a start and end time to run the automation rule
- If you’re going to run the rule for every month, select the month, week, day, and dates along with a start and end time to run the automation rule
- From the dropdown list, schedule Reboot time after patching. You got three options,
- Do not reboot
- Reboot Automatically: Here, you can give a reboot pop-up message before rebooting starts
- You can also schedule a reboot by setting reboot time and reboot message
Note: This value specifies the local date and time at which reboot will be mandated on all endpoints. Logged-in users are allowed to postpone reboot on their machines until this date time value is reached. A prompt will appear on user’s screen before initiating reboot.
How to run Pre-remediation and Post-remediation scripts? #
- You can choose to run Pre-remediation and Post-remediation Scripts before and after patching activity. Click on Choose File to upload the script from your device.
- Supported file formats in the script are:
- Windows: inf, reg, ps1, bat, exe, msi, msp
- Linux: sh, deb, rpm
- macOS: sh, pkg, dmg (pkg, app)
- Assign the desired Task name
- You can write a customized message to notify patching activity in the Patching Activity Notification field
- You can also assign a post-patching activity message in the Post Patching Activity Notification field. These notifications will keep you notified about the patching activity.
- Lastly, select the asset group from the dropdown list and click on Create Automation Rule
You have successfully created an automation rule in SanerNow.