When enabled, the Auto Remediation configuration identifies the security exposure level of a threat, ascertains the scope of the issue, and then finds and installs the patches that resolve the exposure, all without user intervention. Investigation, diagnosis, and resolution occur automatically, sending notification of all activities to the PatchExpress.log
file.
OneSite Patch includes the following configuration options for Auto Remediation:
Adaptiva provides configuration options for Critical, High, Medium, or Low Security Exposure Levels.
-
Select Auto Remediation on the left navigation menu of the OneSite Patch Dashboard.
This opens the Auto Remediation workspace, which defaults to the Critical exposure level settings.
-
Select the tab at the top left – Critical, High, Medium, or Low – that corresponds to the exposure level setting you want to configure.
Enable automatic remediation to automatically correct all issues associated with a security level. With Auto Remediation enabled, you can also enable pre-staging of patches, which downloads the content to devices as soon as the patch becomes available. This makes the patch content available on the devices at the scheduled deployment time, which reduces the time to complete the deployment.
Additional settings include adding a schedule to begin the remediation process and identifying roles that receive notification of the deployment. Repeat the Auto Remediation steps for each urgency level that will use auto remediation. At any time during these configuration steps, click Save on the upper-left corner of the template to save your changes.
-
Select the Automatically Remediate toggle in the Auto Remediation Settings section of the workspace.
-
When disabled, no auto remediation of vulnerabilities occurs for this security level (default).
-
When enabled, OneSite Patch remediates all vulnerabilities at the security level of the template.
-
-
Select the Pre-stage Patches toggle to enable the automatic download of patch content to all applicable and licensed devices as soon as the patch becomes available.
Important
Pre-staging does not install any content on devices. It downloads the content to the target devices, where it waits until the auto remediation schedule begins.
-
Select Browse next to Schedule to select the time parameters for running auto remediation:
-
Select Show All to see the available roles.
-
Select a Schedule on which to run auto remediation.
-
Select Add Schedule at the bottom left to save your changes.
-
-
Select Browse next to Role for Patch Deployment Notification to select the role of the administrators who require notification of this deployment:
-
Select Show All to see the available schedules.
-
Select a Role to identify who receives notification of this deployment.
-
Select Add Role at the bottom left to save your changes.
-
These settings determine which critical vulnerabilities Auto Remediation automatically resolves based on which service reports the vulnerability. You may enable one or more source settings.
Select the toggle next to the source you want to enable or disable. When enabled, Auto Remediation occurs for critical patch vulnerabilities reported by the source.
Configure the deployment settings for Auto Remediation in the production environment. These three settings identify the roles that provide initial approval prior to deployment, the amount of time to wait for the approval, and a period of load leveling across all target machines for patch installation.
Approval Role: Roles that provide initial approval prior to deployment.
Approval Time Frame: A zero value means that the deployment waits for approval indefinitely. A non-zero value means that deployment begins after the wait time passes, even if no one has approved.
Load Leveling: A zero value means that, after approval, deployment begins immediately on all devices. A non-zero value creates a window during which load balancing for production patch installation occurs across all target devices.
Use test deployment settings to deploy patches to a specific Business Unit first, such as test or lab units, to test deployment prior to initiating a deployment to the production environment. When enabled, complete the following steps to configure the test settings.
-
Select the Deploy to Test Group First toggle in the Test Deployment Settings workspace of Auto Remediation Settings. This enables automatic deployment of the Auto Remediation Settings to a test group.
-
Select Browse to select a Business Unit as the test destination.
-
Enter numbers for Days, Hours, and Minutes to set the Test Deployment Duration, which indicates how long production deployment waits after initiating test deployment to begin production deployment.
-
Select Browse to select a Role to receive deployment notification. This enables the Time Until Automatic Test Deployment Approval settings.
-
Enter numbers for Days, Hours, and Minutes to set the Test Deployment Duration, which indicates how long to wait for approval. A zero value means that the deployment waits indefinitely for approval. A non-zero value means deployment begins after the wait time passes, even if no one has approved.
-
Select Save on the upper left to save the test settings for the Auto Remediation.
-
Future deployments that match the exposure level you modified deploy to your test environment.
-
After verifying the operation of the remediation in your test lab, you can disable Deploy to Test Group First in the Auto Remediation Settings.
-
-
Select Home on the left navigation menu of the OneSite Patch Dashboard. Here you can view the high level-details of the patch environment. For more information, see OneSite Patch Home Dashboard and Performance Widgets.
-
Mouse over or click Patching State in the left navigation menu, and then select Devices. For more information, see Patching State Dashboard.
Comments
0 comments
Article is closed for comments.