Patches

• 2 min to read •

Syxsense Secure allows completing all operations related to patch management and system security in one console.

Effective patch management is crucial for mitigating the risk of cyber attacks and ensuring the smooth operation of IT infrastructure.

Patch Management process includes:

① Patch Scan which allows to identify missing software updates across your networked devices.

② Patch Deploy which allows deploying patches to devices where missing updates have been identified during the Patch Scan

A simple interface of Syxsense software is also a super convenient way to present the current state of the system to the senior executives and create detailed reports for external auditors.

Important Information

This section is titled Patch Manager in Syxsense Manage and Vulnerabilities in Syxsense Secure.

Please contact your Account Manager to upgrade.

Patch scans can take 10 minutes or longer to complete, we recommend scanning all devices every day.

Prerequisites 

A user with Admin or Vulnerabilities (Patch Manager) rights

Discovery: PatchesDiscovery: Patches

To review the content available within the Syxsense console, start by navigating to the Vulnerabilities tab in the Console menu. 

Select the Patches tab within the Vulnerabilities sidebar.

Once the Patch Library view has populated, you will see a long list of patches arrayed in a table, as shown below.Drop-down TitleDrop-down Title

The following information can be used for filtering the table columns ①

State Has the patch been detected?
Title The name of the patch provided by the vendor (For Microsoft, this is usually the KB title)
Description The description of the patch provided by the vendor (or crafted by Syxsense)
Installed Shows whether the patch is currently installed on the system.
Required Displays the number of systems where the patch is required for optimal security.
Not Required Indicates the number of systems where the patch is not necessary.
Not Checked Represents the number of systems where the patch status has not been verified.
CVSS The independent CVSS score represented as the number.
CVSS Severity The independent CVSS score represented as a title.
Severity The vendor-issued severity.
Vendor The name of the partner company providing the patch content.
Language

The language in which a software patch is written.

INTL - the patch is applicable for international language support.

CVEs Lists the Common Vulnerabilities and Exposures identifiers associated with the patch.
Date Published The date the patch was published.
Is Reboot Required Specifies whether a system reboot is necessary after applying the patch.
Repairable The indicator of the issue reparability.
Autofix If enabled, this patch will be deployed during a scan task if the patch is detected.
Type

The type of the patch. Type categories are listed below.

Public Aware

The method to expose the vulnerability is publicly aware.

 Publicly Aware vulnerabilities are often weaponized and therefore should be prioritized before they become weaponized.

Counter Measure An alternative solution exists where the patch can be mitigated, see vendor for full details.
Weaponized

The vulnerability is currently being exploited.

 Weaponized vulnerabilities should be treated as Zero-Day ones and deployed urgently.

Filtering Patch Content

There are many ways to organize and manipulate the data provided within the main Patch Library, without even creating custom queries or groups. You can filter down the list by the Type of the patch ②

Our patch content Types are organized into the following categories:

Windows General category for Windows-related patches
Microsoft Update  Standard Microsoft Patch Content
Microsoft hotfix  Special Released Content to fix a bug
Service Pack  A combined Release of Available Microsoft Updates
3rd Party  Content provided by our partner software vendors
Linux  Content discovered within found Linux repositories
Mac  Content discovered within MacOS’s update service

You are also able to filter patch content by device ③.

Filtering by device brings up the Device Targeting Wizard. Targeting a list of assets will narrow the scope of patch content down

to just the patches which are relevant to the listed endpoints.

Further filtering can be obtained by searching for specific content using the Search Input box.

Currently, Syxsense supports the following searches:

Title The Patch name provided by the vendor (For Microsoft, this is usually the KB title)
Description The Patch Description provided by the vendor (or crafted by Syxsense)
CVE The Identity provided to the patch by Mitre Corporation
Vendor The name of the partner company providing the patch content

Filter by patch status ④

Patch Icons

 A patch is current and not superseded.  

 At least one component of the patch is superseded and at least one component of the patch is still current.  

 All components in the patch are superseded.

The upper toolbar offers the following options:

 

To view review the explicit state of a patch or configuration.

 

To schedule a scan task either now or later. If you need to reinstate a previously blacklisted patch, highlight the blacklisted patch, and then select this button.

 

Patches that should never be scanned and deployed. This will blacklist the patch and remove it from your organizations patch inventory.

 If you need to conditionally blacklist content from a set of assets but wish to continue reviewing the item on other assets, we recommend filtering out the content by using a content query or group based task deployment. See Patch Queries and Default Queries for more information.

 To locate previously blacklisted content, navigate to the Advanced section within the Vulnerabilities sidebar > Select the operating system dropdown for the content type you need to whitelist > Select the Never Check or Install dropdown item to open the list of blacklisted patch and configuration contents.

This will check the Syxsense Database, which exists external to your Syxsense console for any changes since the previous automatic sync, which happens daily by default.  

To check if the patch has any new elements (like a change to its CVSS score, or a new CVE or more complete description), simply select an individual patch (or group of patches) from the rows of available data and select this button from the top toolbar.

Create Patch Groups

This export button will prompt you to save a CSV file to your computer containing the complete list of all patches incorporated in your filter or search. You can also export individual patches, or a subset of the patches displayed by control clicking or shift clicking rows of data within the console, and then selecting the Export button located in the top tool bar. The data exported using the tool bar option will be formatted as an xml file.

 Please, note, that this button is only available from the Advanced section toolbar.

Users can import patch data files in various formats, such as XML, CSV, or other compatible file types. Importing patch data enables users to update the patch information in the console, including adding new patches, updating existing patch details, or synchronizing patch data between instances for consistency across environments. 

Video Tutorials: How to Manage PatchesVideo Tutorials: How to Manage Patches

Learn how to stage patches using Task  Video

Learn how to stage patches using Cortex Workflow  Video

How to remove and restore a patch  Video

How to roll back a patch  Video

Patch query examples: Exclude Java updates, Weaponized or Public aware, Age of the patches  Video

Patch query example: Severity rating  Video

Patch query example: Publish date  Video

Patch query example: No Java updates  Video

Patch query example: If Reboot required  Video

Patch query example: CVSS score and Weaponized status  Video

Patch query example: Browser updates  Video

Create Baseline Patch Group  Video

Maintain Baseline Patch Group  Video

For more information refer to the following topics:

Advanced Patching Options

Patch Groups

Patch Queries and Default Queries

Patch Scan

Last Update: July, 2024

Copyright ©2024 by Syxsense, Inc. All Rights Reserved