Managing patches

You can manage patches with patch lists and blacklists. Patch lists are groups of patches that can be applied on the targeted computer groups. Blacklists are groups of patches that are specifically excluded from being downloaded or deployed to the targeted computer groups.

Patch list rules

Although you can manually select patches to include in a patch list, it is more efficient to use rules to dynamically populate lists of patches. As patches are added to the Available Patches list, Tanium assesses those patches for inclusion on a list by comparing them to rules. You can create rules from customized conditions that define which part of the patch description to examine.

By default, superseded patches are not included when you configure a patch list. You can choose to include superseded patches when you create a rule. Consider including superseded patches if you want to install a specific superseded patch or if you want to see installed patches where a patch has been superseded.

Build conditions using one option from each condition field:

Table 1:   Rule condition options
Condition Available options
Column
  • Title
  • Severity
  • Release Date
  • Bulletins
  • KB Articles
  • CVE
Type
  • Contains
  • Equals
  • Does Not Contain
  • Release Date on or After
  • Release date on or Before
Expression The search criteria used in the expression.

When a rule has more than one condition, the conditions are connected with the AND operand. Patches must meet both conditions to be included. When a list has multiple rules, the rules are connected with the OR operand, so patches that meet either rule are included on the list.

Create a patch list

Sort patches into manageable patch lists for use in deployments. You can add individual patches to the list or populate the list dynamically with rules.

  1. In the Patch menu, click Patch Lists.
  2. Click Create Patch List.
  3. Name the list.
  4. Add patches.
    Adding patches dynamicallyAdd patches manually
    1. Click Add Rule.
    2. Name the rule.
    3. Select Include superseded patches when applying rules if you want to include these patches in your patch list.
    4. Select a Comparison Column and Comparison Type.
    5. Type in the expression to search. Searches are not case sensitive.
    1. Click Add Patches Manually.
    2. Select the patches that you want.
    3. (Optional) Click the patch title to see the details in a new browser tab.

    You can get details about the patch, visibility into the results by computer group, and the associated lists.

  5. Preview the changes.
  6. Click Create.

To distribute the patches to endpoints, see Create a deployment to install patches.

Exclude patches with blacklists

A blacklist is a collection of patches that are prohibited from downloading or deploying to the targeted computer groups. You can add individual patches to the list or populate the list dynamically with rules. Unlike patch lists, you do not need to create a deployment to enforce a blacklist.

Blacklist patches with the Title containing either "Quality Rollup" or "Security Only" to avoid redundant patch deployments.

  1. In the Patch menu, click Blacklists.
  2. Click Create Blacklist.
  3. Name the list.
  4. Add patches.
    Adding patches dynamicallyAdding patches manually
    1. Click Add Rule.
    2. Name the rule.
    3. Superseded patches are automatically included in blacklists.
    4. Select a Comparison Column and Comparison Type.
    5. Type in the expression to search against. Searches are case-insensitive.
    1. Click Add Patches Manually.
    2. Select the patches that you want.
    3. (Optional) Click the patch title to see the details in a new browser tab.

    You can get details about the patch, visibility into the results by computer group, and the associated lists.

  5. Preview the changes.
  6. Click Create.
  7. On the Blacklist Details page, scroll down and select the targeted computer groups.

The Blacklist is distributed to the selected endpoints, blocking those patches.

If an endpoint is brought online with a patch already installed that is blacklisted, the patch remains until it is uninstalled.

Create lists from the Patches view

In addition to creating a list from the Patch Lists or Blacklists page, you can also select individual patches to build lists.

  1. In the Patch menu, click Patches.
  2. Select one or more patches.
  3. From the More drop-down menu, select the list type.
  4. Complete the list.

Edit a list

When a user changes an existing list, the changes become a new version of the list. With some basic changes, such as adding a rule for each new month, you can refine your patch testing and roll up changes without creating a new list.

  1. In the Patch menu, click Patch Lists or Blacklists.
  2. Click the list name.
  3. Click Edit.
  4. Make your changes.
  5. Preview the changes.
  6. Click Save.

Check patch visibility

You can get details about the patch, the installation results by computer group, and the associated lists.

  1. In the Patch menu, click Patches. To see only patches that are not installed, expand Filter Results: and select Applicable from the Patches drop-down menu.
  2. Click the patch name.
  3. Expand the section you want to see.
    • Patch Summary shows the severity and the associated lists. Patch Details has release date, bulletins, KB articles, CVEs, files, size, URLs, and a link to Microsoft support.
    • Visibility splits out the patch results by computer group. To see results by endpoint, hover over the name and click the Interact icon.
    • Patch Lists and Blacklists are summaries that include the number of patches on the list, rules, version, and creation details.

Export a list

You can facilitate the migration of patch content by exporting lists. The exported file includes rules manually added patches. This is particularly useful in a progressive deployment models where patches must be moved from a testing to a production environment.

  1. In the Patch menu, click Patch Lists or Blacklists.
  2. Click the list name.
  3. (Optional) Select the version.
  4. Click Export .

The JSON file is available in your downloads folder. The file name is the list identifier, the actual list name appears after import.

Import a list

You can import an exported list into a new environment. The import contains the latest version of the list and the version is set to 1 in the new environment.

You cannot import a list with the same name as an existing list.

  1. In the Patch menu, click Patch Lists or Blacklists.

    Take care to only import the list as the right type.

  2. Click Import .
  3. Browse to the list JSON file.
  4. Click Import.

Delete a list

Deleting a list does not delete patches, it only deletes the assembled list and any previous versions.

Remove computer group enforcements before deleting a blacklist.

  1. In the Patch menu, click Patch Lists or Blacklists.
  2. Select the list name.
  3. Click Delete.
  4. On the confirmation window, click Delete.

Add a custom Patch field

You can add a custom field to your patches based on a mapping that you provide in a CSV file. You might use this custom field to override the severity of a patch.

  1. From the Patch home page, click Settings and then click Custom Field.
  2. Click Choose File and add the CSV file.
  3. The Custom Column shows up in your patch list views.

Example CSV

The following example maps the Vendor KB value to a new custom value.

KB,IAVM
KB829438,1234-A-0016
KB822362,1234-A-0016
kb828037,1234-A-0017

Last updated: 8/9/2018 12:06 PM | Feedback