Our IT Team are using SCCM to package and push Microsoft Patch Tuesday updates to the Windows Server Estate.
Each month they have the list of Servers with their maintenance windows which are expected to be patched over the following week(s)
I’ve been trying to validate their progress with a Remediation Project to firstly list the servers in scope for this month, but also return the ‘Solutions’ which are going to be installed.
So I’ve setup a Site and imported this months servers via CSV and ran a discovery scan so the site can see the assets.
Then using the Static Scope, build a Query which pulls in Asset.Sites [Patch Tuesday Site] AND Vulnerability.datePublished.
However this seems to filter out some of the assets in the site.
Without the Vulnerability.Datapublished Query, the Asset.Site Query by itself pulls back all relevant assets.
So does anyone know if there’s a way to monitor the patching process from Rapid7?