Creating a Patching Strategy is a great way to get started using . Start with a common scenario, and then build a Patching Strategy to distribute a patch to active clients.
An administrator wants to build a Patching Strategy to update devices every day based on devices that have the following characteristics:
-
Company wide (all Clients).
-
Within a Falcon Host Group Business Unit.
-
Running a version of Google Chrome Enterprise other than the internally approved version.
-
Initial approval needed.
-
Immediate, mandatory update to approved version.
-
Follow the instructions in Create a New Folder for Objects.
-
Hover over or click Strategy in the left navigation menu of the Adaptiva OneSite Patch Dashboard, and then select Patching Strategies.
-
Select Show All to see all available Patching Strategies. This populates the Patching Strategies table with the available templates.
For descriptions of each template type, see Patching Strategy Templates.
-
Enter the Name of an existing strategy on the Search bar, and then click Search.
-
Select the Name of the strategy to open it.
-
Select More in the upper left corner of the template, and then select Save Patching Strategy As:
-
Enter a unique name that reflects what the strategy does conceptually. For example,
ITS Immediate Daily Product Patching
. -
Select OK. This opens your strategy template with all the default entries for the built-in strategy, including a detailed description.
-
Enter a detailed Description of your new template or keep the existing detail, and then click Save on the upper-left corner of the dialog.
-
Tip
Remember to click Save on the upper left corner to save your progress. After completing the Patching Strategy configuration, you must save and enable the completed strategy to make it available for use.
Deployment Settings for quick start purposes include selecting a built-in Deployment Wave, which already includes a Business Unit. For details on Deployment Waves, see Deployment Waves. When customizing an existing template, process and deployment fields may include tables with existing configuration selections.
-
Scroll down to Deployment Settings in an open Patching Strategy template.
-
Select Browse next to Add Deployment Wave.
This opens the Add Deployment Wave dialog.
-
Select Single Wave – All Clients.
This Deployment Wave includes a Business Unit called All Clients Business Unit. For information about Business Units, see Business Units and Rollout Processes.
-
Select Add Deployment Wave on the bottom-left corner of the dialog.
-
This returns you to the object template.
-
There is no need to modify the Deployment Bot Runtime settings for purposes of this exercise, but it is an important part of a Patching Strategy template. Be sure to review the Deployment Bot Runtime settings when you are creating your own Patching Strategies (see Deployment Bot Runtime Settings).
-
These properties allow administrators to enable automatic reevaluation of previously presented patches and software when patch metadata properties change. These settings allow OneSite to respond to changes in CrowdStrike Falcon metadata, particularly to the intelligence based EXPRT ratings.
All metadata objects have explicit properties, so if a Parent Business Unit has a property that a related child does not explicitly set, the child implicitly inherits the property. As a result, a change to the parent child might or might not result in a difference on the child.
When detects a change in a patch EXPRT rating, the Trigger Metadata Properties define whether to resubmit an already-routed patch based on the EXPRT rating change. For example, if a previously submitted, low vulnerability patch on a monthly update cycle becomes a critical vulnerability, and the Trigger Metadata Properties include an EXPRT setting, patch resubmits the patch to the critical exposure level patching cycle, which likely follows a more frequent schedule.
Set CrowdStrike Trigger Metadata Properties as part of creating a Patching Strategy.
When added to a Patching Strategy, the defined Trigger Properties prompt OneSite to resubmit an installable when a metadata property of the installable has been added, removed, or modified by either Adaptivaor CrowdStrike Falcon.
For example, with the Falcon.ExPRT trigger selected, when the ExPRT rating of a low vulnerability patch changes to a critical ExPRT rating, resubmits the now-critical patch, and resets the schedule to match the settings for the critical rating.
These changes occur when each of the following conditions are true:
-
Patching Strategy includes the related product.
-
Installable previously submitted to the Patching Strategy.
-
Installable applies to at least one device in the strategy.
Adaptiva provides several Trigger Metadata Properties, including properties specific to Adaptiva, CrowdStrike Falcon Spotlight, and Windows Defender Antivirus.
The first table you see shows all available trigger properties. The list includes Adaptiva, CrowdStrike Falcon Spotlight (if licensed), and Windows Defender Antivirus Patching properties.
-
In the Select Trigger Properties table of the Trigger Metadata Properties dialog, select one or more properties to use as triggers:
-
To find a specific trigger, enter a trigger name on the Search line, and then select Search.
-
To sort the list of Trigger Properties, click Property to reverse the alphabetical support order.
-
To page through the available trigger properties, use the navigation tools on the bottom-right of the dialog.
-
-
Select OK on the bottom-left corner of the dialog to save your selections and return to the Patching Strategy template.
In the Select Trigger Properties table of the Trigger Metadata Properties dialog, enable a view of CrowdStrike Falcon properties only.
-
Scroll down to Trigger Metadata Properties in an open Patching Strategy template. If the Patching Strategy includes Trigger Metadata Properties, the table under +Select lists those properties.
-
Select the ellipsis (…) under Actions for the trigger you want to remove, and then select Remove.
-
Select Save on the upper-left corner of the Patching Strategy to save your changes.
For this exercise, we will add one product using the Products workspace near the top of an open Patching Strategy template.
-
Select + Add Software Products in the Products workspace of an open Patching Strategy template.
-
Select the Down Arrow next to Search Columns and verify that the only box checked is next to Name.
-
Enter Chrome on the search line, and then click Search.
-
Select Google Chrome x64, and then click Add Software Products on the lower-left corner of the dialog.
-
Scroll up to General Settings to enable the strategy.
After completing the Patching Strategy configuration, including Add Software Products, you must enable the Patching Strategy. When enabled, the strategy runs according to the configured schedules.
After you Enable the Patching Strategy, you can view the pending approval request.
-
Select the Approval Requests in the left navigation menu of the OneSite Patch Dashboard.
-
The view defaults to All requests, which includes pending and completed.
-
The Patching Strategy you just enabled appears in the Approval Summary table with a Request Status of In Progress and Awaiting Response.
-
-
Select Flex Controls > Patching Cycles from the left navigation menu of the OneSite Patch Dashboard.
-
Check the Running Patch Processes table, which lists the status of the Patching Strategy as Waiting.
-
Select Approval Requests in the left navigation menu, and then click the Patching Strategy in the table.
-
Select Approve, and then click Back to Approval Requests. You can wait until the patch time passes, or you can start the deployment manually.
After the Patching Strategy approval process status shows Completed, you can wait until the time setting for patch deployment, or you can start the deployment immediately.
-
Select Flex Controls > Patching Cycles, and then click the name of the Patching Strategy to open the Cycle Information.
-
Select Play under Cycle Information, and then click Close. This returns you to the Patching Cycles workspace where you can view Running Patch Processes.
-
Select the Patching Strategy name to view details about the patching process.
The exercise in Introduction to Patching Strategies uses the minimum requirements for a Patching Strategy.
Additional settings in the Patching Strategy template include those listed below, though you do not need them for quick start purposes. Configuration steps for each are documented as part of Creating a Patching Strategy.
|
Comments
0 comments
Article is closed for comments.