Patch Groups

Ivanti Neurons for Patch Management Patch Groups allows you to organize patch information within the Ivanti Neurons Platform in a way that is relevant to your environment. Reduce time to patch by managing patch actions and gaining patch insight.

When creating Patch Groups it may be helpful to filter the patch catalog to target the type of patches you are interested in. Here are some filter examples:

Advisories > All Patches - review patches for the full patch catalog.

  • Patches that were released on Patch Tuesday - use the Patch Tuesday chart
  • Recently released patches - use the Patch Types chart
  • Threat & Risk measures - use the grid filters: VRR Group, CVE Count> Exploited
  • Reliability & Social measures, useful when planning test cycles - use the grid filters: Reliability, Reported Issues

Advisories - Affects my environment toggle On - review patches that have been identified as missing for devices in your environment.

  • Patches for devices out of SLA or near SLA - use the Devices Exceeding SLA chart
  • Vulnerabilities and Exploited patches - use the Known Vulnerabilities chart

Patch Groups are created, viewed and managed in Patch Intelligence, and associated with a Patch Configuration and deployed in Patch Settings. To learn more refer to Patch Management > Patch Settings > Patch Groups.

  1. Navigate to Patch Management > Patch Intelligence.
  2. On the Advisories page in the Patch Summary section, select Patch Groups > Add Patch Group.
  3. In the Add Patch Group dialog, enter a name for the new Patch Group.
  4. Click Add.
    The new group is created, a toast notification appears in the top right to inform you if the group has been created successfully. You are returned to the Patch Summary grid, ready to select which patches you want to add to the group.
  1. Navigate to Patch Management > Patch Intelligence.
  2. On the Advisories page in the Patch Summary grid, filter the view to manage the patches on display.
    For example, filter by Vendor if you only want to include vendor specific patches, such as Microsoft. Or, by VRR Group if you only want to include high risk vulnerability patches.
  3. Select the check box next to all the patches you want to add to a patch group.
  4. Select Patch Groups > Add to a Patch Group > locate the name of the patch group you want to add it to and select it.
    The Add to a Patch Group dialog appears.

    5. If you do not have permissions to deploy patch configurations, the patches are added to the patch group and a toast notification appears in the top right to inform you if the patches have been added successfully. This is the end of the process and step 5 does not take place.

  5. Select one of the following actions:
    • Save: Select to add the patches to the Patch Group, without making the new version of the configurations active to the endpoints.
    • Save and make active: Select to add the patches to the Patch Group, and make the new version of the configurations active to the endpoints via the associated Policy when the agent next polls.
    • Cancel: Select to exit without adding the patches to the Patch Group.

    6. If the patch group is associated with any Patch Configurations, the patch configuration will be updated and a new version created. A toast notification appears in the top right to inform you if the patch has been added successfully.

    This step only applies to users that have permission to deploy patch configurations. (Ivanti Neurons > Admin > Access Control > Roles > Permissions > Patch Management > Patch Settings > Deploy Patch Configurations)

  1. Navigate to Patch Management > Patch Intelligence.
  2. On the Advisories page in the Patch Summary section, select Patch Groups > Open Patch Group > locate the name of the patch group you want to open and select it.
    The Patch Summary grid is now filtered to only show the patches that are in the selected patch group. The patches displayed are also subject to any other filters that have been applied.

    3. To remove the Patch Group filter select Clear filters.

  1. Navigate to Patch Management > Patch Intelligence.
  2. On the Advisories page in the Patch Summary section, select Patch Groups > Manage Patch Groups.
    The Patch Groups page appears.
  3. All active Patch Groups are listed with the following details: number of patches in the group, changes since the group was last saved, date, time, and name of the person that last modified the group.
    The list is filtered by default on Status: Active, but can be updated to include, or show only, Archived patch groups.

    4. Linux packages may be associated with multiple advisories. As a result, the Recent changes for a Patch Group may be a larger number than the Patch count for a Patch Group as it also references all affected advisories.

  4. The following actions are available:
    • Add Patch Group: Select to create a new patch group. Refer to How to add a new Patch Group for details.
    • Actions: Select the check box next to the patch group you want to carry out the action on, select one of the following actions:
      • Rename Patch Group: Select to rename a patch group. The Rename Patch Group dialog appears, enter the new name and click Rename Patch Group.
      • Open Patch Group: Select to see which patches are included in the Patch Group. The Advisories page appears, with the Patch Summary grid displaying only the patches assigned to the selected Patch Group. The patches displayed are also subject to any filters that have been applied.
      • View change history: Select to view the Patch Group audit page. The Patch Group audit page appears.
      • Archive Patch Group: Select to archive the Patch Group, the Patch Group status changes to Archived and is unavailable for use.
        If you do not have permissions to deploy patch configurations, the patch group is archived and a toast notification appears in the top right to inform you if the patch group has been archived successfully.
        If you do have permissions to deploy patch configurations, the Archive Patch Group dialog displays.
        If the Patch Group is associated with any patch configurations, a new configuration version is created without the Patch Group.
        Select one of the following actions:
        • Archive only: Select to archive the Patch Group, without making the new version of the patch configurations active to the endpoints.
        • Archive and make patch configuration active: Select to archive the Patch Group, and make the new version of the patch configurations active to the endpoints via the associated Policy when the agent next polls.
        Select OK to confirm the selected action, or Cancel to exit without archiving the Patch Group, the Patch Group status remains unchanged.
      • Restore Patch Group: To see archived patch groups, update the Status filter to include Archived, you can then select an archived patch group to restore. The Patch Group status changes to Active and is available for use. A toast notification appears in the top right to inform you if the patch group has been restored successfully.

    Select OK to confirm the selected action, or Cancel to exit without archiving the Patch Group, the Patch Group status remains unchanged.

  1. Navigate to Patch Management > Patch Intelligence.
  2. Select Patch Groups > Open Patch Group locate the name of the patch group and select it. The Patch Summary view displays only the patches in the selected Patch Group. The patches displayed are also subject to the dashboard filter: Affects my environment and Include superseded, so you may need to update this filter accordingly.
  3. Select the check boxes for the patches you want to remove from the patch group.
  4. Select Patch Groups > Remove from this Patch Group.
    The Remove from patch group dialog appears.

    If you do not have permissions to deploy patch configurations, the Patches are removed from the patch group and a toast notification appears in the top right to inform you if the patches have been removed successfully. This is the end of the process and step 5 does not take place.

  5. Select one of the following actions:
    • Save: Select to remove the patches from the Patch Group, without making the new version of the configurations active to the endpoints.
    • Save and make active: Select to remove the patches from the Patch Group, and make the new version of the configurations active to the endpoints via the associated Policy when the agent next polls.
    • Cancel: Select to exit without removing the patches from the Patch Group.

    6. If the Patch Group is associated with any patch configurations, the configuration will be updated and a new version created. A toast notification appears in the top right to inform you if the patch has been removed successfully.

    This step only applies to users that have permission to deploy patch configurations. (Ivanti Neurons > Admin > Access Control > Roles > Permissions > Patch Management > Patch Settings > Deploy Patch Configurations)

To access the Patch Group audit page, navigate to one of the following:

  • Patch Intelligence > Patch Groups > Manage Patch Groups > click a number in the Recent changes column.

  • Patch Intelligence > Patch Groups > Select a check box next to the patch group that you want to view the change history of, select Actions > View change history.

  • Patch Settings > Patch Groups tab > click a number in the Recent changes column.

The Patch Group audit panel lists all patches in the selected patch group, you can filter the display to Latest changes or All changes.

The Action states are: Patch added, Patch removed, Group created, Group archived, and Group activated.

Actions:

  • Select Export to create a CSV file of the patch audit page. The patch group name is added to the file name, and it's saved to the browser download folder by default. The patch group ID and patch ID is included in the export report.

Example: Patch Group creation

This example runs through creating a new patch group to include only Patch Tuesday patches with a severity of Security Critical, the example has 2 steps:

  • Step I: Creating the new Patch Group
  • Step II: Populating the Patch Group with targeted Patches

Step I:

  1. Start on the Patch Intelligence dashboard: Ivanti Neurons Platform > Patch Management > Patch Intelligence.
  2. Select Patch Groups > Add a patch Group.
    The Add a Patch Group dialog appears.
  3. Enter a name for the patch group, for example Patch Tuesday - Security Critical.
  4. Click Add Patch Group. The Patch Tuesday - Security Critical patch group has now been created and is ready to be populated with patches.

Step II:

  1. On the Patch Intelligence Advisories dashboard, make sure you have the Affects my environment toggle off, so that the Patch Tuesday chart displays.
  2. On the Patch Tuesday chart click on the Security Critical bar, this filters the summary grid to show only the Security Critical Patch Tuesday patches.
    The chart bars could include more than one vendor, so be aware of which portion of the bar you click on, if you are only interested in Microsoft patches make sure you click on the Microsoft segment of the bar, so that the filter is correctly applied to the summary grid.
  3. In the Summary grid use the Reliability & Social and Threat & Risk data to decide which patches you want to include in the Patch Group.
    If you want all of the patches, select the check box in the header to select all the patch check boxes.
    Alternatively, select the check box alongside each individual patch you want to include.
  4. Once you have made your patch selection, select Patch Groups > Add to Patch Group > scroll to locate, and click, the Patch Group Patch Tuesday - Security Critical.
    The Add to Patch Group dialog appears.
  5. Click Save to commit the patches to the Patch Group.
  6. The Patch Tuesday - Security Critical Patch Group now contains the selected patches.

Next steps:

  • Assign the Patch Group to a Patch Configuration.
  • Associate the Patch Configuration with a Policy for deployment to endpoints.

Learn more on Patch Configurations.

Related topics

Patch Summary

Patch Details

Patch Advisories

Patch Management

Patch Settings