Typical disclaimer: I *really* need to stress that everything below is based on my own research and findings - the information below does not indicate official documentation or support, however some of this may be accurate.
I developed a "CIO level" patching report this morning and am sharing it, in case it might be useful to any other kboxers out there. ^_^
Hope that helps!
John
___________________________________
*Title*
Vendor severity with machine count and completion rates
*Description*
Lists all active patches by vendor severity, with an applicable machine count, total number patched, total number unpatched and percent patched for each severity level. Keep in mind is that not all patches apply to all machines, so the machine count will vary for each severity level.
*Select Statement*
SELECT (IF(V.ATTRVALUE <> '', V.ATTRVALUE, 'Not Available')) AS VENDOR_RATING,
ROUND((SUM(MS.STATUS='PATCHED')/COUNT(MS.MACHINE_ID)) * 100, 2) AS COMPLIANCE,
COUNT(MS.MACHINE_ID) AS APPLICABLE,
SUM(MS.STATUS='NOTPATCHED') AS NOTPATCHED,
SUM(MS.STATUS='PATCHED') AS PATCHED,
SUM((MS.DEPLOY_ATTEMPT_COUNT >= 3 and MS.STATUS != 'PATCHED')
OR MS.STATUS = 'FAIL' or MS.DEPLOY_STATUS = 'FAIL') AS ERROR
FROM KBSYS.PATCHLINK_PATCH P
LEFT JOIN KBSYS.PATCHLINK_VENDORATTRIBUTE V ON V.PATCHUID = P.UID
LEFT JOIN PATCHLINK_MACHINE_STATUS MS ON MS.PATCHUID = P.UID
JOIN PATCHLINK_PATCH_STATUS PS ON PS.PATCHUID = P.UID
WHERE V.ATTR = 'MaximumSeverityRating'
AND V.ATTRVALUE not rlike '8211|recommended'
AND PS.STATUS = 0
GROUP BY VENDOR_RATING
*Example Output*
Just want to get an explanation of the None Field. Official was "Patches that don’t have a listed vendor". They ask ,"How do we know it's a patch ?" If you could give one example a Patch in the 'None" category. I'd be Golden.
Again
Thanks for your expeditious help!!
Cheers,
Matt - mk357 10 years ago
Chuck - Thanks for the heads up, should work as expected now.
Matt - No problem, but please use this revised query instead of the one I wrote yesterday.
As for patches in the "None" category, you can do the following on your K1000 to have a list:
1) Navigate to Security > Patching
2) Set the View by drop-down on the right to All Patches
3) Click the Custom View tab (right side, next to the Create Smart Label selection)
4) Set the criteria as follows:
* Status = Active
* Severity = None
5) Click on Test View
Note that the patches returned will be those with a *Vendor Assigned* severity level. You'll notice this is not the same as the Impact, which is what I had mentioned yesterday. Personally, I always went with the Impact over the Severity classification, but I understand that requirements are different in every environment.
Hope that helps! ^_^
John - jverbosk 10 years ago
Need to get my Low's over 23% compliant all others are 93.5% or higher. - petelanglois 10 years ago
Is it possible to add a date between date1 and date2? . To show the results of the period. Also want to switch over to BY Impact, Any canned Exec.Summary Reports out there for impact
criteria?
Thanks Before Hand.
Cheers,
Matt - mk357 10 years ago