Get Started with Patch Management

Qualys Patch Management saves you time and effort by automating patch management on your Windows and Linux assets.

With the Patch Management 2.0.0.0 release, MacOS support is also now available in Patch Management.

Experience the MacOS support!

Contact your Technical Account Manager (TAM) to get the compatible Mac agent binary 4.25 or later for x64, x86_64, and binary 4.26 or later for arm64 architecture. For more information, refer to the Release Notes.

How does Patch Management Work?

-  You get instant visibility on patches available for your assets. Also, you can understand whether these patches are already installed on your assets.

-  You can automatically deploy new patches as and when they are available.

-  You can install Microsoft and Non-Microsoft patches for Windows by using a single patch management application. You can also deploy patch jobs on Linux and Mac assets.

-  You can create jobs to automate patch installation for Windows, Linux, and Mac assets. A single job deployment can have either Windows or Linux or Mac assets. A job that combines Windows, Linux, and Mac assets is not supported.

Note:
-  The Windows and Mac Cloud Agent downloads the required patches from external sources. However, patches that require authentication cannot be downloaded by the agent. You can manually download and install such patches on the assets. Qualys Patch Management will then identify these patches as installed.

-  We do not support scanning assets running Windows evaluation versions. These assets are scanned for missing and installed patches once they are upgraded to the full version of Windows.

Start Here

Install and configure agent:

Install Cloud Agents (using the CA app)

Enable PM in a CA configuration Profile (using the CA app)

Manage PM Licenses

Deploy patches:

Create a custom assessment profile (Optional)

Reviewing Missing and Installed Windows Patches

Reviewing Missing Patches for Linux Assets

Reviewing Missing and Installed Mac Patches

Deploy patches on assets

Review patch deployment results (success / failure)

Roll Back Windows patches:

Create a custom assessment profile (Optional)

Review missing and installed patches

Roll back patches from assets

Review patch roll back results (success / failure)

Time Zone Settings

You can select the time zone from the Administration module. Before the Patch Management 1.9.0.0 release, the only supported time zone was the browser time zone. With the Patch Management 1.9.0.0 release, the custom time zone is also supported. As the time zone is selected from the user profile, it is addressed as profile time zone.

When you select the required time zone, wherever the date and time details are shown on the Patch Management UI, they are shown according to the profile time zone that you have selected.

Consider the following examples to understand the scenarios, wherein the time details are shown according to the profile time zone, UTC, or Agent Timezone.

Example 1:

(1) Represents the job result history of the latest ten job runs for recurring jobs

     When a job is scheduled to run in a specific time zone, the job run history list shows the time details according to UTC.

     When the job runs according to the agent time zone, the job run history list shows the time details according to the Agent Timezone.

(2) Represents the date and time details according to the profile time zone that you have selected.

Time Zone Representation

Example 2:

In the following "Job Details" page, you can see the time details for fields, such as "Created On" or "Next Schedule" according to the profile time zone that you have selected. But you can see the time details for the "Timezone" and "Start Date time" fields according to the time zone that you selected at the time of job creation.

Time Representation

Up to date patch visibility

We'll continuously keep your account updated with the latest information about your assets and related patches. The search box with advanced search capabilities gives you instant visibility all in one place, all about your assets and required patches.

How to Search

Search tutorial

Using filters

Customizable Dynamic Dashboards

Dashboards help you visualize your assets, see the open vulnerabilities, leverage saved searches, and patch Windows, Linux, and Mac vulnerabilities quickly.   

Qualys Patch Management integrates with Unified Dashboard (UD) to bring information from all Qualys applications into a single place for visualization. UD provides a powerful, new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.

Qualys Patch Management offers several out-of-the-box widgets. Each widget displays a short description of the information it offers. You can also easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your view.

We have:

-  Total 7 out-of-the-box widgets for Windows patches, out of which 5 are the system-defined widgets, and 2 are editable.
-  4 out-of-the-box widgets for Linux patches.
-  Total 7 out-of-the-box widgets for Mac patches, out of which 5 are the system-defined widgets, and 2 are editable.

You can customize and add these widgets based on your preferences. To add Windows to the old widget titles, you must delete and re-import the old widgets.

See the Unified Dashboard help for more information.

Fallback to a free version

Patch Management will revert to the Free version once your Trial or Full subscription expires. Existing scan intervals of less than 24 hours will get converted to intervals of 24 hours. Your existing jobs will be disabled, and you can re-enable them once you renew your subscription.

The free version allows you to create assessment profiles with a minimum scan interval of 24 hours and see a list of missing and installed patches on the assets in your environment. It doesn’t allow you to create deployment or rollback jobs.

Patch Management API Support

A few Patch Management features are available through REST APIs. You can use the Swagger tool to access the REST APIs we support. You cannot use Patch Management APIs with the Free License.

Note:
-  For Windows and Linux, Patch Management APIs support fetching a maximum of 10K records only. The API support is not yet available for Mac.

-  For other APIs, the rate limit is as mentioned in your subscription.

-  For Patch Reports APIs, the API rate limit is 10 times per hour per customer. For more information,  refer to the Get Assets Tab Report, Get Deployment Job Progress Report, Get List of Generated Reports, Get Patches Tab Report, and Get Report in CSV Format from the Patch Management API User Guide.