Patch Management Reports

You can create Patch Management reports using the provided templates, which allow you to generate specific, targeted reports. The Reports section allows you to create custom templates exclusively for Patch Management, enabling you to define the exact datasets and columns to include. These custom templates are intended for generating reports in CSV or Excel formats only.

Categories of Patch Management Reports

The following report templates are available for Patch Management. Patch Management reports are divided into two main categories, based on the data they use:

  1. Device Patch Scan Reports:

    • Patches by Device – Summary: Provides counts of missing and installed patches for the selected devices.

    • Patches by Device – Detailed: Provides details of missing and installed patches for the selected devices.

    • Devices by Patch – Summary: Provides counts of devices where the selected patches are missing and installed.

    • Devices by Patch – Detailed: Provides details of devices where the selected patches are missing and installed.

    • Devices by CVE – Summary: Provides count of the devices affected by the vulnerabilities for better risk assessment.

    • Devices by CVE – Detailed: Provides details of the devices affected by the vulnerabilities for better risk assessment.

    • Custom templates from Device Patch Scan dataset.

  2. Deployment History Reports:

  • Deployment History – Summary: Provides a list of devices where deployments have succeeded, failed, pending reboot, or rolled back.

  • Deployment History – Detailed: Provides a list of devices where deployments have succeeded, failed, pending reboot, or rolled back with details for each deployed item.

  • Monthly Maintenance: Provides information to track regular maintenance, priority updates, and zero-day response activities over different time periods.

  • Custom templates from Device Patch Deployment History.

Creating Custom Templates

Two datasets are available for creating custom templates:

Devices Patch Scan dataset

Each row contains detailed data for a device, patch, and Common Vulnerabilities and Exposures (CVE).

Device Patch Deployment History

This dataset is based on deployment events.

  1. Navigate to My Reports under Reports.
  2. Click Create Report Template on the Reports page.
    The Create Report Template page appears.
  3. Enter the name of the template in the Template Name.
  4. Enter the Description for the template.
  5. Select the dataset Device Patch Deployment History or Device Patch Scan dataset for which you wish to create reports. If you select Devices Patch Scan dataset, each row contains detailed data for a device, patch, and Common Vulnerabilities and Exposures (CVE). If you select Deployment History dataset, the dataset is based on deployment events.
  6. Select the columns you want to include in the report template.
  7. Click Save Template.

The template is saved and displayed under the Patch Management tab on the Create New Reports page.

Creating Reports

You can create a report either from the Reports > Create New Report menu item, or by clicking Create New Report on the Reports page.

To create a report:

  1. Click Create New Report.
    The Select Report page appears.
  2. Select the tab for the required Neurons feature, then select the report template you require.
  3. Click Next.
    The Report Details page appears.

  4. Enter a Report Name and Description.

  5. Select the format in which you want to export the report.

  6. Select one of the following to set the schedule on which you want to generate the report.

    1. On demand only – Select this option to generate the report when needed.

    2. Recurring schedule – Select this option to set the recurring schedule to automatically generate reports. Perform the following to set the schedule.

      1. Start date: Type the date or click the date list to pick the date from a calendar.

      2. Recur every: Schedules the task to recur periodically. Select Day, Week, or Month from the list to choose how often the report is to be generated. It repeats at the time set above.

        For daily recurrence:

        1. In the Recur every field, enter the number of days between each report (for example, enter “1” to run daily).

        2. In the interval drop-down, select Day.

        3. In the at field, set the time you want the report to generate.

        For weekly recurrence:

        1. In the Recur every field, enter the number of weeks between each report.

        2. In the at field, set the time you want the report to generate.

        3. Under the days of the week options, select each day you want the report to run.

        For monthly recurrence:

        1. In the Recur every field, enter the number of months between each report.

        2. In the interval drop-down, select Month.

        3. In the at field, set the time you want the report to generate.

          Choose either:

        • on date: Select the day of the month for the report to run (for example, “1” for the first day of the month),

        • on the: Select the week (for example, “First”), the weekday (for example, “Tuesday”), and optionally add a delay of days after the selected date.

      3. In the When should the schedule end? section, select one of the following options:

        • End by: Select this option and enter the end date. The system will stop the schedule on this date.

        • End after: Select this option and enter the number of report instances. The system will end the schedule after generating the specified number of reports.

        • No end date: Select this option to keep the schedule running indefinitely.

  7. Click Next.
    The Filters page appears.

  8. Set the date you want to include data up to in Status as of.

  9. If you choose the Select CVEs option, if you have selected Devices by CVE – Summary or Devices by CVE – Detailed as your report template, you can choose the Select CVEs option if you want report on particular CVEs, or you can choose the All CVEs option.

    1. If you have selected Select CVEs option, in the CVE Filters, select the Show missing patches only checkbox if you want reports on the missing patches.

    2. Select the CVE ID(s).

    3. Select the Vulnerability Risk Rating (VRR) scores.

  10. Choose Select devices and enter the device details if you want reports on specific devices or choose All devices.

  11. Choose Select patches and enter the patch details if you want reports on specific patches or choose All patches. This option does not appear for Devices by CVE – Summary and Devices by CVE – Detailed report templates.

  12. Click Next.
    The Share reports page appears.

  13. Select the recipients to share the reports.

  14. Click Submit.
    The report request is submitted, and the Reports page appears with your report added to the top.

If you want to receive a report as an email, when you generate a report, you have to add your email ID in the recipient list.
You can also share the reports with the members having access to Neurons platform.

The CVE reports will have a link that directs you to the CVE details in the National Vulnerability Database.

The reports in PDF or Excel format now feature deep linking for Device names, Advisory names, and Patch names. When you click on these entities in the report, you are directed to specific details within the Neurons platform. Access to these details is granted only if you have the necessary permissions for the entities.

Deployment Statuses

Below is a mapping of the different deployment statuses corresponding to the Failed, Success, Pending reboot, Rolled back, and Others column in Deployment History – Summary and Deployment History – Detailed reports:

Failed column Success column Pending reboot column Rolled back column Other column
Failed Success Pending reboot Rollback success Not started
Retries exhausted Success on retry Uninstalled reboot pending   In progress
Timed out Success with warnings Rollback complete pending reboot   Uninstalling
        Uninstalled
        Uninstall failed
        Retry
        Removed
        Rollback in progress
        Rollback failed
        [1,2,3…] retries remaining

Generating Reports and Device Scoping

The reports you generate are based on the device scope assigned to you. When you create a report, filters such as Device name, and Policy name display only the devices you have access to.

  • If device scope is not assigned to you, the reports you generate includes data from all devices in the tenant.

  • The system evaluates your device scope at the time you generate a report.

    • If your device scope changes, any new reports you create will reflect data based on your latest access.

    • Device scope is evaluated at the time of report generation. For example, if your scope changes, newly generated reports reflect your latest scope—even if the report covers historical data. Example: You are assigned to the North America device scope in January and are reassigned to the Europe device scope on February 1. If you generate a report on February 2, the report will cover data from January, but only include data for European devices.

Sharing Reports

The system enforces the device scope only when you generate reports and is not enforced when you share them. Shared reports are not re-scoped or filtered based on the recipient's device scope.

The Share permission allows you to share reports with others. An Administrator can grant or remove your Share permission to control who can share reports.

Understanding Key Dates in Patch Management Reports

Patch Management reports use up to 13 months of stored scan and deployment data. To get accurate analysis, it is important to understand these four key dates:

Report Generation Date: The date you create the report.

Report Status Date: The point in time you want the report to reflect, showing the state of devices, patches, or deployments on that day.

Example: If you generate a report on February 1 about device patch status as of January 1, February 1 is the Report Generation Date, and January 1 is the Report Status Date.

Patch Scan Date: The date a device was last scanned.

Device Deletion Date: The date a device was removed from the system.

Knowing these dates helps you better understand and analyze your Patch Management reports.

How Attributes Are Displayed in Reports

Attribute Device Patch Scan Report Deployment History Report
Device Group As of report generation date As of report status date
Policy Group As of report status date As of report status date
Patch Group As of report generation date As of report status date
Patch Configuration As of report status date As of report status date
Scope As of report generation As of report generation date

Example Scenario

On January 1, Device A is in Patch Group X.

On January 15, Device A is moved to Patch Group Y.

On February 1, you generate a "Patch by Devices – Summary" report, requesting the status as of January 1.

Since "Patch by Devices – Summary" is a Device Patch Scan report, it displays the Patch Group as of the report generation date.

Result: Device A appears in Patch Group Y in the report.

Device Deletion Logic

Attribute Device Patch Scan Report Deployment History Report
Device Deletion A device appears only if the scan date, deletion date, and report status date are all the same. If the dates do not match, the device will not show in the report. A device appears if it existed on the status/ deployment date, even if it was deleted later. Devices deleted after the deployment date will still show in the report.

Example Scenarios

Device A scanned on Jan 15, deleted on Jan 15, report for Jan 15:

  • Device appears in Device Patch Scan Report (scan date, deletion date, and report status date all match).

Device A scanned on Jan 15, deleted on Jan 15, report for Jan 16:

  • Device does NOT appear in Device Patch Scan Report (report status date is after device deletion).

Report Row Limits and Performance

  • Reports have a limit of about one million raw record rows. This limit applies to the raw records after filters are applied, but before any data aggregation.

  • For Devices Patch Scan reports, the limit applies to the total number of raw data rows, which are the device-patch-CVE combinations—not the summarized data in the final report.

    Example: If a device has 10 installed patches, and each patch is linked to 5 CVEs, that device will contribute 50 rows to the raw dataset.

  • For Deployment History reports, the limit represents the total number of individual patch deployments recorded for devices.

  • Reports with large datasets may take longer to generate.

  • For Out-of-the-box (OOTB) reports, report generation fails if the raw dataset exceeds one million rows.

  • For reports created with custom templates, generation completes, but only the first one million rows are included in the output.

  • If your report exceeds the limit, apply filters by device, patch, or CVE to reduce the dataset size.

Important Notes

  • Reports for missing patches include both superseded and non-superseded patches.

  • Within each filter, the system combines devices using full joins; across different filters, the system reports only devices present in all filters (an inner join). If you do not apply any filters, the system reports all devices.

  • The system combines patches within each filter using full joins. Across different filters, only patches present in all filters are reported (an inner join). If you do not apply any filters, all patches are reported.

  • Monthly Maintenance Reports include only successful deployments. If a patch is deployed successfully multiple times on the same device within a single day, the report records and counts only the final deployment for that day.

  • Deployment History Reports display only the most recent status if you deploy the same patch multiple times on the same device over different days.

  • If a patch scan occurred more than six months ago, Reports may show advisories that no longer appear in the Devices > Patches view.

  • When you change a device from Managed to Unmanaged, Reports continue to show its last managed status until the following Sunday at 00:00 UTC. After this time, the data for unmanaged devices is removed and no longer appears in Reports.

  • If more than one management source manages a device, Reports aggregate data from all applicable sources.

  • For Linux Notifications, Reports show installed and missing patch counts based on individual patches. The Devices > Patches view counts advisories instead.

  • For Linux Packages, Reports display the patch name in the advisory name and advisory ID columns. Installed and missing patch counts are based on individual patches.

  • Reports exclude devices that have not been patch scanned for 390 days.

  • For scheduled Deployment History – Summary and Deployment History – Detailed reports, each report shows deployment events that happened between the previous scheduled run and the current run.

    For example, if your reports are scheduled to run weekly every Monday, each report will include events from the previous Monday up to the current Monday.

  • For Patch Management reports, the system segments large files into smaller compressed files using the following criteria:

    • PDF files: Split every 3,000 rows.

    • Excel files with hyperlinks: Split every 65,000 rows.

    • CSV (Excel-compatible) files without hyperlinks: Split every 100,000 rows.