Patch Tuesday Remediation Project

ttek-mlf · June 15, 2023, 5:01pm

Hi All,
Our IT Team are using SCCM to package and push Microsoft Patch Tuesday updates to the Windows Server Estate.

Each month they have the list of Servers with their maintenance windows which are expected to be patched over the following week(s)

I’ve been trying to validate their progress with a Remediation Project to firstly list the servers in scope for this month, but also return the ‘Solutions’ which are going to be installed.

So I’ve setup a Site and imported this months servers via CSV and ran a discovery scan so the site can see the assets.

Then using the Static Scope, build a Query which pulls in Asset.Sites [Patch Tuesday Site] AND Vulnerability.datePublished.

However this seems to filter out some of the assets in the site.

Without the Vulnerability.Datapublished Query, the Asset.Site Query by itself pulls back all relevant assets.

So does anyone know if there’s a way to monitor the patching process from Rapid7?

Thanks

shane_turner · June 21, 2023, 6:48pm

Hello, can you please elaborate on your query? What is the exact operator and parameter you are using for Vulnerability.DatePublished? Also regarding your last question, there is a Goal in IVM for Patch Tuesday that will help you monitor progress specifically for the current list of vulnerabilities published during Patch Tuesday. You can also take the vulns listed in the Goal and spin off a static remediation project, if your custom query isn’t working properly.