Get Started with Patch Management
Qualys Patch Management saves you time and effort by automating patch management on your Windows, Linux, and Mac assets.
How does Patch Management Work?
- You get instant visibility on patches available for your assets. Also, you can understand whether these patches are already installed on your assets.
- You can automatically deploy new patches as and when they are available.
- You can install Microsoft and Non-Microsoft patches for Windows by using a single patch management application. You can also deploy patch jobs on Linux and Mac assets.
- You can create jobs to automate patch installation for Windows, Linux, and Mac assets. A single job deployment can have either Windows, Linux, or Mac assets. A job that combines Windows, Linux, or Mac assets is not supported.
Note:
- The Windows and Mac Cloud Agent downloads the required patches from external sources. However, patches that require authentication cannot be downloaded by the agent. You can manually download and install such patches on the assets. Qualys Patch Management will then identify these patches as installed.
- We do not support scanning assets running Windows evaluation versions. These assets are scanned for missing and installed patches once upgraded to the full version of Windows.
Start Here
Install and configure agent:
Install Cloud Agents (using the CA app)
Enable PM in a CA configuration Profile (using the CA app)
Deploy patches:
Create a custom assessment profile (Optional)
Reviewing Missing and Installed Windows Patches
Reviewing Missing Patches for Linux Assets
Reviewing Missing and Installed Mac Patches
Review patch deployment results (success / failure)
Roll Back Windows patches:
Create a custom assessment profile (Optional)
Review missing and installed patches
Review patch roll back results (success / failure)
Best Practices for Qualys Patch Management
Refer to the Best Practices article to follow when using Qualys Patch Management. The best practices explained in this article facilitate effectively deploying patches on your assets.
By effective patch deployment, we mean that remediating your assets from vulnerabilities is achieved by running optimum patch jobs with a lesser number of reboots and by avoiding hindrance in the end user’s day-to-day work.
Up-to-date patch visibility
We'll keep your account updated with the latest information about your assets and related patches. The search box with advanced search capabilities gives you instant visibility all in one place, all about your assets and required patches.
Customizable Dynamic Dashboards
Dashboards help you visualize your assets, see the open vulnerabilities, leverage saved searches, and patch Windows, Linux, and Mac vulnerabilities.
Qualys Patch Management integrates with Unified Dashboard (UD) to bring information from all Qualys applications into a single place for visualization. UD provides a powerful, new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.
Qualys Patch Management offers several out-of-the-box widgets. Each widget displays a short description of the information it offers. You can also easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your view.
We have:
- Total 7 out-of-the-box widgets for Windows patches, out of which 5 are the system-defined widgets, and 2 are editable.
- 4 out-of-the-box widgets for Linux patches.
- Total 7 out-of-the-box widgets for Mac patches, out of which 5 are the system-defined widgets, and 2 are editable.
Note: You can also add the "SUCCESSFULLY INSTALLED PATCHES" widget that shows the count of successfully installed patches across all platforms. For more information, see Patch Management Widgets.
You can customize and add these widgets based on your preferences. To add Windows to the old widget titles, you must delete and re-import the old widgets.
See the Unified Dashboard help for more information.
Fallback to a free version
Patch Management will revert to the Free version once your Trial or Full subscription expires. Existing scan intervals of less than 24 hours will get converted to intervals of 24 hours. Your existing jobs will be disabled, and you can re-enable them once you renew your subscription.
The free version allows you to create assessment profiles with a minimum scan interval of 24 hours and see a list of missing and installed patches on the assets in your environment. It doesn’t allow you to create deployment or rollback jobs.
Patch Management API Support
A few Patch Management features are available through REST APIs. You can use the Swagger tool to access the REST APIs we support. For more information, see the Patch Management API User Guide.
Note:
- You cannot use Patch Management APIs with the Free License.
- For Windows and Linux, Patch Management APIs support fetching a maximum of 10K records only. The API support is not yet available for Mac.
- For other APIs, the rate limit is as mentioned in your subscription.
- For Patch Reports APIs, the API rate limit is ten times per hour per customer. For more information, refer to the Get Assets Tab Report, Get Deployment Job Progress Report, Get List of Generated Reports, Get Patches Tab Report, and Get Report in CSV Format from the Patch Management API User Guide.
Time Zone Settings
You can select the time zone from the Administration module. You can choose the time zone from the Administration module. The browser time zone and custom time zone are the supported time zones. As the time zone is selected from the user profile, it is addressed as the profile time zone.
When you select the required time zone, wherever the date and time details are shown on the Patch Management UI, they are displayed according to the profile time zone that you have selected.
Consider the following examples to understand the scenarios wherein the time details are shown according to the profile time zone, UTC, or Agent Timezone.
Example 1:
(1) Represents the job result history of the latest ten job runs for recurring jobs
When a job is scheduled to run in a specific time zone, the job run history list shows the time details according to UTC.
When the job runs according to the agent time zone, the job run history list shows the time details according to the Agent Timezone.
(2) Represents the date and time details according to the profile time zone that you have selected.
Example 2:
In the following "Job Details" page, you can see the time details for fields, such as "Created On" or "Next Schedule" according to the profile time zone that you have selected. But you can see the time details for the "Timezone" and "Start Date time" fields according to the time zone you selected at the time of job creation.
