Patch Management global rules

NAVIGATION   Modules > Patch Management > Global Rules

SECURITY   All users

From the Global Rules page, you can view and manage the top-level patch rules that apply to all OS and third-party software updates in your environment. Global rules are tenant-level rules assessed for all patches and supersede patch policy and individual patch rules.

This article describes the page's layout and functions.

NOTE   To learn how to automate your patch review process, consult Automating patch review.

Overview

From the left navigation menu in VSA 10, navigate to Patch Management > Global Rules.

As you navigate, you'll see the following features and fields:

FeatureDefinition
OS Rules tab

The OS Rules and 3rd Party Software Rules tabs enable you to define the logic that VSA 10 will use, at a global level, to determine whether it should apply available Windows and third-party application patches to the endpoints in your environment.

3rd Party Software Rules tab
Rule hierarchy

This table enumerates all global OS rules and third-party software rules in effect for your environment, ordered by priority.

VSA 10 consults these rules first when analyzing a newly-discovered patch. They supersede all other rules and apply in a top-down order. You can set various criteria, such as patch name, description, category, or severity metrics, to approve or reject the patch.

Common use cases for global rules include excluding drivers or patches with known deployment issues. If a patch doesn't meet any global rules criteria, VSA 10 will next evaluate it by patch policy rules.

Add Rule

Begins the rule creation workflow; to learn more, refer to Create a global rule.

FieldDefinition
Rule behavior
Approval action
Rejection action
Rule

Type of rule (Severity, Name, Description, Category, Days since release, CVE code, CVSS score), validation criteria, and defined behavior

Actions

Move your mouse over any list entry to reveal the following options:

EditOpens the rule for editing
Move UpRaises the rule's order of importance
Move DownLowers the rule's order of importance
Move FirstMoves the rule to the top priority
Move LastMoves the rule to the bottom priority
DeleteDeletes the rule

How to...

Create a global rule

  1. On the Global Rules page, click the OS Rules or 3rd Party Software Rules tab.

  2. Click Add Rule.

  3. The Add Rule modal will open.

  4. Select a validation category (A), validation criteria (B), and the rule's behavior (C).

  5. Click Save. VSA 10 will immediately begin enforcing the rule based on its position in the hierarchy. To learn more about VSA 10's Patch Management logic, refer to OS Rules and 3rd Party Software Rules.

Lean more

The following additional resources will help you get the most out of VSA 10's patch management features: