Starting with v16.1 of Vulnerability Response patch data and states are rolled up to Patch Update and other records in the Vulnerability Response application.

Patch Update records in the workspaces in the classic environment in Vulnerability Response

Information about patches, vulnerability solutions, and vulnerabilities is all connected in the Vulnerability Response application.

Patch data and patch rollup data and status are displayed on records in your instance. Patch records are included as part of the patch orchestration feature of this integration with Vulnerability Response. View Patch (VPU) records in Vulnerability Response Workspaces from the List view in the IT Remediation Workspace. Patch Update records in both the classic view and Vulnerability Response Workspaces include the following data:

  • Vulnerability solution data and information from patch vendors imported by the Vulnerability Solution Management application.
  • Source Remediation Status that includes the total number of devices that have a vulnerability that can be fixed by a patch, and any devices that are missing updates.
  • Remediation Status that includes % of VIs remediated, and the total VIs that have a patch as a preferred patch.
  • Associated Devices, Vulnerable Items, Patch Deployments and Patch Requests on the Related Links on records in the class view. This data is displayed on tabs on records in the Vulnerability Response Workspaces.
  • Patch Requests that remediation owners have submitted for approval.

Roles required

Users need roles that are specific to the patch orchestration integration you are using to view data and schedule patches. See the supported integrations for more information.

Patch data and state rollup

To view the vulnerable items that have patches and that are assigned to you in the classic environment, navigate to All > Vulnerability Response > Vulnerable items > Assigned to me with patches.

If a vulnerable item record is populated with a preferred patch, it transitions automatically to Awaiting Implementation only if the state of the VI is not Closed, Resolved, Deferred or In Review. To drill down into the data to view the preferred solution and other data, click the Remediation tab on the VI record.

Figure 1. Remediation Steps tab
Remediation steps tab on VI record
A VI with a preferred patch transitions to Awaiting Implementation in the following cases:
  • If a patch is scheduled for deployment on a CI that is part of a collection import, and the CI has an associated VI, the reason the VI is Awaiting Implementation is Patch Scheduled.
  • If a patch is scheduled for deployment on a CI that is part of a collection import, and the CI has an associated VI, and the Remediation target date (deadline) that is later than the Time to Remediation (TTR) date, the state of the VI is Awaiting Implementation with the reason as Patch Scheduled (Missing Target Date).
  • If a patch is not scheduled for deployment on a CI that is part of a collection import, the state of the VI is Awaiting Implementation, with the reason as Patch Not Scheduled.

Click the Preferred Patch information icon to open the Patch updates and view the following information on the Related Links:

Vulnerable items
Vulnerable items that are associated with this patch.
Associated Devices
Devices that have updates and those that are missing updates.
Patch deployments
Deployments scheduled for this patch on individual machines (assets) or on groups of assets.
Patch Requests
A list of patch requests that have been sent for approval before they are scheduled for deployment.
Potential Patches
Patches that might address a vulnerability.

Click the Preferred patch information icon to open the record to view the information listed previously, in addition to the following Patch Update data:

Source Remediation Status
The total devices that require this patch and any devices that are missing the patch.
Remediation Status
The status (total VIs, % remediated, VIs deferred) for the VIs that have this preferred patch.

Preferred patches and solutions

When an imported vulnerability matches an asset in your Configuration Management Database (CMDB), a vulnerable item (VI) is created in Vulnerability Response. If the configuration item (CI) that is associated with this VI is also imported from a third-party patch vendor and is shown as missing a patch for the same vulnerability, a preferred patch is listed and rolled up to your solutions. This information lets you know that an asset (CI) has a fix from an available patch that is the best match for its vulnerability.

Viewing patches without solutions

After an import, if no vulnerability solution data is available, the Vulnerability solution field on the Patch Update record is left blank. For more information about how to view information for these types of patches, see View patches without solutions in Vulnerability Response.