Manage PM Licenses
The Licenses tab, enabled only for paid subscribers, shows the Licenses consumption details and the steps to install the Qualys TruRisk Eliminate Plugin.
License Consumption
Qualys TruRisk Eliminate MCM Plugin
License Consumption
The Licenses tab shows the number of licenses consumed by Patch Management (PM).
- You can see the type of Patch Management License and the related details. Example: Full
- You can see whether the Extended Security Update (ESU) license is enabled or disabled for you. The ESU patching is feasible only when the ESU license is enabled. Contact your Technical Account Manager (TAM) for the ESU license enablement.
- The ESU patching is supported for Windows Server 2012 and Windows Server 2012 R2 operating systems.
Only admin and super users can manage licenses. Sub-users can only view the license information.
From the Licenses tab, you can add necessary tags and assets associated with those tags to consume the Patch Management License. You can include asset tags to allow installing or uninstalling patches on the assets that are contained in those asset tags. Assets in the excluded asset tags are not considered for patch management, and you cannot deploy patches on those assets.
When the license consumption calculation is already in progress and you add new asset tags, the license consumption calculation for newly added asset tags will start only after the first request is completed. The auto refresh rate to show data in the License Details section is 1 minute.
The license details for Linux, Windows, and Mac assets are shown separately. However, as the licenses are assigned to the assets in the background, a dynamic consumed license count is shown on the Licenses tab.
One license is consumed per asset. See the following screenshots that show the Total Consumption in various scenarios:
- License consumption within your license limit:
- License consumption matches your license limit:
- License consumption exceeds your license limit:
- The total consumption counter exceeds 100% if the number of assets activated for PM is more than the number of PM licenses you have.
- If the Total Consumption counter exceeds 100%, licenses will be consumed based on the asset activation time stamp in ascending order.
About Available License Count
The Vulnerability Management, Detection and Response (VMDR) application provides a free Patch Management license for the assets that are enabled for the VMDR application. However, these licenses have a limited feature capability. The licenses that are enabled for Patch Management have complete capabilities for the Patch Management application.
The Cloud Agent UI shows the total number of licenses, which include the licenses for VMDR and Patch Management combined. This might cause a discrepancy in the number of licenses shown in the Patch Management UI and the Cloud Agent UI.
For example, 100 licenses are purchased for the VMDR application and 50 for the Patch Management application.
If so, on the Cloud Agent UI total of 150 available activations are shown, and on the Patch Management UI, only the patch management licenses purchased, which is 50, are shown.
Qualys TruRisk Eliminate MCM PlugIn
Patch Management provides an option to download the Microsoft Configuration Management plugin and generate an activation key. This plugin installs Microsoft patches for the detected and prioritized vulnerabilities in the VMDR application through the MCM application.
Prerequisites
- Qualys TruRisk Eliminate subscription to install and use the MCM Plugin.
- To download the VMDR prioritized vulnerabilities report from the VMDR application, contact your TAM to enable the download functionality.
Installation and Activation of the MCM Plugin
Navigate to the Configuration > Licenses tab and complete the following steps:
1. To download the plugin, click Get Installer. The installer file gets downloaded to your local hard drive.
2. To get the activation key, click Generate Activation Key. This downloads the activation key file to your local drive.
After you run the installer file, the Qualys TruRisk Eliminate node appears under the Software Library in the MCM application.
Click Activate Trurisk Eliminate. The current license status is not activated. Click Add Activation Key, an Enter Activation key window appears. Copy the generated activation key from the downloaded file, paste in the Activation Key field and click Activate.
The license status is now activated. This license's expiry date is dependent on the expiry date of the Qualys TruRisk Eliminate subscription.
Create Software Update Group and Device Collection Group
To create a software update group, you must import the prioritized vulnerability report from the VMDR application. To download this vulnerability report, contact your TAM. For more information, see Generate Vulnerability Report in VMDR.
The report contains details of the assets activated for mitigation and the associated patches for those assets. Navigate to Qualys TruRisk Eliminate > Software Updates and click Import Vulnerability Report on the top taskbar. The report data gets populated under the Software Updates tab. Select all or only the required software updates, click Create Software Update Group, and provide a name for the group. The created software group appears under the Software Library > Software Updates Groups.
On the Associated Devices tab, select all or only the required devices and click Create Device Collection. Provide a name for the device collection group. The created device collection group appears under the Assets and Compliance tab.
The MCM team can now proceed to deploy the detected patches on the assets.