Hi All, not sure if this is the right place to ask, but here goes…
I’m looking for a way to use InsightVM to track patch compliance, for example with the monthly Microsoft ‘patch tuesday’ cycles, based on the MS KB Article numbers, rather than the CVEs… is that possible ?
I’d be keen to know how others are doing it.
I’d like to have a remediation project which I could track how many systems are showing as unpatched against say MS KB4560960(https://support.microsoft.com/help/4560960) - or whatever the latest KB article happens to be.
The idea being at the next patch Tuesday cycle, you can create the project and size up how many systems need to get patched - I’m focused on ensuring the security update rollups are deployed … tracking down those systems which aren’t getting patched (for whatever reason).
At the moment, I’m creating an asset filter, with a vulnerability filter of all the CVE’s covered in the patch tuesday update cycle… that will list the solutions (i.e. the update rollups) with assets affected and assets completed. But that doesn’t display the ‘unpatched’ systems in a straightforward manner.
What I’d like to be able to do is have a remediation project for say July 2020, and for each Security roll-up report the compliance based on assets patched, unpatched etc. Ultimately I’d like to be able to put this on some form of dashboard so we can present a guage-type card showing our progress. So that when you’re checking patching progress, that it’s quick to identify the hosts that haven’t been patched.
All of our assets/hosts have the insight agent installed, so it’s really trying to understand how to get the progress tracking setup.
Anyone doing something similar ? Thanks in advance