Software Management features

NAVIGATION  Software Management > Management > Dashboard

The Dashboard page provides a dashboard view of Software Management metrics and activities. Hover over any pie slice to see statistics for that pie slice.

Actions

  • Dashboard Settings: Provides a dynamic view of vulnerabilities. This option allows for dashboards to reflect vulnerabilities and other metrics including/excluding rejected patches.
    • Dashboard Vulnerability Filtering
      • Include Rejected Patches: If selected, patches marked as Rejected will be included in dashboard results.

    • NOTE  This setting is for dashboard settings only and will reflect on the user level.

The Dashboard page includes the following metrics and activities:

  • Total # Vulnerabilities
    • Agent Icon
    • Machine Name
    • Group Name
    • Operating System
    • Vulnerabilities count per Machine
    • Approved (Count): Rejected (Count): Pending (Count)
  • # Machines Vulnerable
    • Agent Icon
    • Machine Name
    • Operating System
    • Vulnerabilities count per Machine
    • Group Name
    • Last Scan Date
    • Last Deployment Date
    • Scan Profile
    • Deployment Profile
    • Third Party Profile
    • Alert Profile
    • Last Reboot Time
    • Last Check-in Time
    • Status (Suspended/Active)
  • Top 5 Vulnerabilities (grouped by vulnerability per machine, such as Windows, Firefox, and so forth)
    • Vulnerability (patch name)
    • Release Date
    • CVE Code
    • 3rd-Party
    • Patch Impact
    • # Machines Affected
    • Vendor
  • % Machines Vulnerable
    • Not Vulnerable
      • Agent Icon
      • Machine Name
      • Group Name
      • Operating System
      • Last Scan Date
      • Last Deploy Date
      • Scan Profile Name
      • Deployment Profile Name
      • Status (Suspended/Active)
    • Vulnerable
      • Agent Icon
      • Machine Name
      • Operating System
      • Vulnerabilities count per Machine
      • Last Scan Date
      • SM Status
      • Last Deploy Date
      • Scan Profile Name
      • Group Name
      • Deployment Profile Name
      • Last Check-in Time
      • Last Reboot Time
  • Top Vulnerable Machines
    • Agent Icon
    • Last Scan Date
    • Last Deploy Date
  • % Machines In/Out of Compliance
    • Not Compliant
      • Agent Icon
      • Machine Name
      • Group Name
      • Operating System
      • Last Scan Date
      • Last Deploy Date
      • Scan Profile Name
      • Deployment Profile Name
      • Non-Compliant Message
      • Last Compliance Check Date
    • Compliant
      • Agent Icon
      • Machine Name
      • Group Name
      • Operating System
      • Last Scan Date
      • Last Deploy Date
      • Scan Profile Name
      • Deployment Profile Name
      • Last Compliance Check Date

NAVIGATION  Software Management > Management > Machines

The Machines page manages the assignment of Software Management profiles on selected machines. This page can also execute a manual scan of machines, suspend and resume Software Management tasks, and remove profile assignments.

Upper panel actions

  • Assign Profiles: Assigns profiles to selected machines.
  • Remove Profiles: Removes a selected type of profile from selected machines.
  • Suspend/Resume: Suspends or resumes Software Management activities on selected machines. Agent Suspension now includes Software Management tasks (Scanning and Deployment).
  • Scan Now: Executes a scan on selected machines immediately. A machine must be assigned a Scan and Analysis profile.
  • 3rd-Party Support: Enables or disables third-party installations and patching for selected machines without having to adjust the profile assigned to the machine.
  • Force Update: Initiates a scan, then deploys all installed and approved patches immediately, rebooting as often as necessary. Ignores the Deployment profile assigned to a machine.

    • IMPORTANT  The Force Update option ignores any Reboot Actions and Blackout Windows set in the Deployment profile assigned to the machine and will reboot the machine as required.

  • Scan Now: Executes a scan on selected machines immediately. A machine must be assigned a Scan and Analysis profile.
  • Licensing: Profiles Software Management license counts for third-party installations and patching. Software Management license counts also display on the Administration > Manage > License Manage page.
    • Purchased
    • Available: Purchased not applied or expired.
    • Applied: Active license applied to a machine.
    • Expiration Date: Licensing sets the Software Management expiration date equal to the VSA maintenance expiration date.
    • # of Days Remaining: Days remaining before all licenses expire.
  • Clear
    • Pending Actions
    • Errors
  • Disconnect from Patch Mgmt: Disconnects selected agents from being managed by Patch Management. A corresponding Attached to Patch Management column indicates if an agent is currently being managed by Patch Management.
  • Cancel Action: Cancels ad-hoc scans, deployments or Force Update tasks that were scheduled using the Schedule Action control. This action will not affect scans or deployments that are scheduled by profiles.
  • Refresh: Refreshes the grid.

NOTE  The grid does not refresh automatically.

Upper panel columns

  • Agent ID
  • Status
    • Icon Description
    Managed by Software Management
    Software Management activities suspended
  • Machine Id
  • Pending Actions
    • Icon Description
    Scanning
    Deploying a patch
    Rebooting or waiting for a reboot
    Inside the blackout window
    Warning
    Error
  • Vulnerabilities
  • Scan and Analysis Profile
  • Scan and Analysis Schedule
  • Deployment Profile
  • Deployment Schedule
  • 3rd-Party Software Profile
  • 3rd-Party Support

    • NOTE  This field is either enabled or blank.

  • Last Scan Date
  • Last Deploy Date
  • Attached to Patch Management
  • Progress

Lower panel tabs

  • Vulnerabilities: Profiles identified vulnerabilities for the selected machine.
    • Deploy Patches: Schedules patch deployments for selected vulnerabilities to the selected machine.
    • Refresh: Refreshes the tab.
    • Suppress: Suppress the selected patch.
    • Reject: Reject the selected patch.
    • Status: Defines the statuses of vulnerabilities.
      • Available: For packages that can be installed for all ProductVersion objects of 3PP title that supports only latest version installation. The ProductVersion Status field is set to Available for each new ProductVersion object added from Software Catalog server. For the rest, ProductVersion item Status should remain the same.
      • Not Available: For packages that can’t be installed for all ProductVersion objects of 3PP title that supports only latest version installation. The ProductVersion Status field should be changed to Not available once the VSA Server receives cheksum mismatch error for it. During scheduled deployment, 3PP vulnerabilities with the Not Available status should be skipped. 3PP vulnerabilities with the Not Available status should be sent to install when selected to Deploy in the Machines > Machine > Vulnerabilities tab.
      • Installing: Installation of the vulnerability is currently in progress.
      • Error: The last installation of the vulnerability failed.
      • Pending Review: Waits for user review to be approved or rejected.
      • Suppressed: The vulnerability won't be installed and is also hidden from the Vulnerabilities tab.
      • Approved: The vulnerability is approved and will be installed during the next scheduled deployment.
      • Rejected: The vulnerability won't be installed but will be visible in the Vulnerabilities tab.
    • Product
    • Vendor
    • Identifier: 3PP app version is displayed.
    • Patch Name
    • Impact
    • CVE Code
    • CVSS Base Score
    • Hyperlink
    • Description
    • Release Date
    • 3rd Party
    • Engine:

      • NOTE  The New Engine field is renamed Engine.

  • Profiles: Displays the profiles assigned to the selected machine.
    • Scan and Analysis Profile
    • Deployment Profile
    • 3rd-Party Software Profile: Lists the assigned software by vendor, title, and version.
    • Override Profiles: Lists overrides by Name, Type, and Sort Order. Overrides have precedence from highest to lowest in the list. You can reorder overrides for the selected machine using the Move Up or Move Down buttons. You can also Delete an override for the selected machine.
  • Pending Patches: Profiles the pending patches set to Review by the latest Scan and Analysis scan of a machine. Refer to Patch Approval.
    • Approve: Approves pending patches for deployment.
    • Reject: Rejects pending patches for deployment. Rejected patches can be subsequently approved and deployed using the History tab.
    • Suppress: Suppresses pending patches for deployment.
    • Refresh: Refreshes the tab.

      • NOTE  The tab does not refresh automatically.

    • Vendor
    • Product
    • Patch Name
    • Identifier
    • Release Date
    • Impact
    • CVSS Base Score
    • Hyperlink
    • Engine

    • NOTE  The New Engine field is renamed Engine.

  • Suppressed Patches
    • Approve: Approve suppressed patch.
    • Reject: Reject suppressed patch
    • Refresh: Refreshes the tab.

      • NOTE  The tab does not refresh automatically.

    • Status
    • Product
    • Vendor
    • Identifier
    • Patch Name
    • Impact
    • CVE code
    • CVSS Base Score
    • Hyperlink
    • Description
    • Release Date
    • 3rd Party
    • Engine
  • Errors: Profiles Software Management task errors for a selected machine.
    • Delete: Deletes a reported error. Deleted errors can still be identified in Agent > Agent Logs > Diagnostic Logs > Endpoints > Software Management Logs.
  • History: Shows the history of completed and rejected patches.
    • Approve: Approves selected rejected patches.
    • Name: Name of the patch.
    • Status: Can be Completed or Rejected. Completed means it was patched successfully. Rejected means either the patch is rejected in the Scan and Analysis profile, or it was rejected manually from the Pending Patches tab.
    • User
    • Identifier
    • Status Date: The date the patch was put in Completed or Rejected status.
    • Engine
    • Suppress
    • Refresh: Refreshes the tab.

      • NOTE  The tab does not refresh automatically.

  • Audited Applications: Displays the history of any K3PP-supported software in order to understand change log history of package title in relation to endpoint.
    • Uninstall
    • View Application History
    • Refresh: Refreshes the tab.

      • NOTE  The tab does not refresh automatically.

    • Version
    • Architecture: Displays the architecture string.
    • Language: Displays the language string.

NAVIGATION  Software Management > Management > Patch Approval

The Patch Approval page approves pending patches set to Review by the latest Scan and Analysis scan of a machine.

Only profiles which have at least one machine assigned with vulnerabilities will be displayed on this page. When selecting a profile, the Pending Review tab will show patches which do not already have an automatic approval rule. The Approve, Reject, or Suppress buttons will create an automatic rule for the selected patches, which will apply to the following:

  • Machines that currently belong to the selected Scan and Analysis profile and are affected by the vulnerability. The Machines Affected column in the patch grid lists these machines.
  • Any new machines that are added to the profile later or have the vulnerability detected.

The automatic rule can be created only once for each patch within a profile. On creation, the patch will be displayed in the Approved, Rejected, or Suppressed tabs. From there, its approval status can be updated (for example, from Approved to Rejected), but the change will be applied only to new machines which are added to the profile after the change or have the vulnerability detected for the first time. In this scenario, changes to the approval status for machines that were already in the profile with the vulnerability detected can be done only on a per-machine basis from the Machines page.

NOTE  Patch approval rules created from Override profiles take precedence over rules defined in the Scan and Analysis profile or using an automatic rule created from the Patch Approval page.

Actions

  • Approve: Approves pending patches for deployment.
  • Reject: Rejects pending patches for deployment. Rejected patches can be subsequently approved and deployed using the History tab on the Machines page.
  • Suppress: Suppresses the selected patch.

Middle pane columns

  • Profile
  • Patches Pending

Right-side pane columns

  • Vendor
  • Product
  • Patch Name
  • Release Date
  • Machines Affected
  • Impact
  • Hyperlink
  • Description

NAVIGATION  Software Management > Management > Vulnerabilities

The Vulnerabilities page lists the vulnerabilities discovered on all scanned machines in the VSA. If you have chosen a third-party vulnerability and your machine does not allow for third-party patching on the Machines page, it will not be deployed.

Vulnerabilities are security risks associated with a machine. They can include the configuration of the operating system, applications, firewall settings, browser plugins and extensions, antivirus and antimalware support, removable devices, scripts and macros, and so forth. A vulnerability is no longer displayed for a machine once scanning confirms the corresponding install or patch has been deployed to the machine.

  • Missing tab: Displays all the unapplied patches with respect to the Vulnerability Definition Option default setting. By default, the this tab is active.
  • Installed tab: Displays the vulnerabilities data for the already installed patches via VSA. This tab provides the full list of all discovered patches within a given tenant with respect to the Vulnerability Definition Option default setting.

NOTE   Vulnerability Definition Option is used to include or exclude suppressed patches from the result view. It can be edited on the Software Management > Configuration > Settings page.

Actions

  • Deploy Patches: Schedules patch deployments for selected vulnerabilities to selected machines.
  • Refresh

Columns

  • Vendor
  • Product
  • Patch Name
  • Identifier: 3PP app version is displayed.
  • Release Date
  • Impact
  • Machines Missing
  • Machines Installed: This column is only available with the Installed tab.
  • Hyperlink
  • Description
  • CVE Code
  • CVSS Base Score
  • 3rd-Party
  • Engine
  • Architecture

NAVIGATION  Software Management > Management > Patch History

The Patch History page shows the history all approved and rejected patches for a selected profile. Select the hyperlink of a listed patch to view its details.

This page has a global filter bar with the ability to filter results by Organization, Machine Group, or View.

Upper pane columns

  • Machine Id
  • Machine Group
  • View

Actions

  • New
  • Edit
  • Reset

Middle pane columns

  • Profile Name
  • Approved Patches
  • Rejected Patches
  • Suppressed Patches

Tabs

  • Installed Patches
    • Machine Id
    • Identifier
    • Patch Name
    • User
    • Approved Date
    • Install Date
    • Engine
  • Approved Patches
    • Reject: Rejects the selected approved patches.
    • Suppress: Suppresses the selected approved patches.
    • Machine Id
    • Identifier
    • Patch Name
    • User
    • Approved Date
    • Install Date
    • Engine
    • Engine
  • Rejected Patches
    • Approve: Approves selected rejected patches.
    • Suppress: Suppresses the selected rejected patches.
    • Machine Id
    • Identifier
    • Patch Name
    • User
    • Rejected Date
    • Engine
  • Suppressed Patches
    • Approve
    • Reject
    • Machine Id
    • Identifier
    • Patch Name
    • User
    • Suppressed Date
  • Gear icon
    • Export: Exports the selected profile's patch history.
      • All
      • Selected
      • Current Page
    • Refresh: Refreshes the list.
    • Reset: Clears any filtering set for this list.

Columns

  • Machine ID
  • Patch Name
  • User
  • Approved Date
  • Install Date

Refer to Software Management profiles.