Schedule patches with the Vulnerability Response patch orchestration integration HCL BigFix

  • Release version: Xanadu
  • Updated August 1, 2024
  • 5 minutes to read

    • Schedule patches from Patch Update and Remediation task records in the Vulnerability Response application in your ServiceNow AI Platform instance.

    Before you begin

    Starting with version 16.1, you can schedule patches from the Vulnerability Response Workspaces or from the classic environment.

    Roles required:
    • sn_vul_patch_orch.configure_patch role to configure and schedule patches
    • sn_vul_patch_orch.read_patch to view (read only) patch information on records. This role is inherited with the sn_vul.remediation_owner and sn_vuln.vulnerability_analyst roles that are required for the IT Remediation and Vulnerability Manager Workspaces

    Procedure

    1. In the Vulnerability Vulnerability Response Workspaces, as a user with the sn_vul.remediation_owner role, navigate to All > Vulnerability Response > IT Remediation Workspace.
    2. On the Home page, click Preferred patch on VIs.
      The list of Patch Update records for the VIs with preferred patches that are assigned to you are is displayed.
    3. Locate a record that you want to open and click to open it.
    4. Alternatively, from the List view in the workspace, click Patches > All and locate a Patch Update record.
      The Patch Update record is displayed. You might prefer to review the data before you schedule a patch, because there might be other patches already scheduled.
    5. Refer to the following table about the data displayed and what you can do.
      TaskDescription
      Click a Related Items link
      • Overview - View details such as the patch update record number, the article and bulletin IDs, the release date and category of the update, the site name for the patch, Risk rating, Risk score, description, solution (if provided), and remediation status.
      • Associated Devices - The list of impacted configuration items affected by the patch and status.
      • Vulnerable items - The list of vulnerable items associated with the vulnerability and patch.
      • Patch Deployments - The names and information related to deployments of this patch on assets or asset groups for this patch.
      • Patch requests - A list of patch requests already submitted for this patch. This is displayed.
      Click a link to open a record From lists displayed on opened records from the related items links, view more details, including messages about missed targets.

      Once opened, records remain open as tabs until you close them.
      Schedule Patch

      When you are ready to schedule a patch or submit a request, click Schedule Patch. In the dialog that is displayed, fill in the fields. See the steps below for more details.
      Add a work note or attach a file In the far right of the screen, click the Activity icon (lightening icon) and enter a work note. Click the icon to toggle the panel.

      You can also upload a file.
    6. Click Schedule Patch.
    7. In the dialog, fill in the fields.
      FieldDescription
      Select Target  
      Assets Choose one from the list to continue. Computer Group is displayed by default.
      • Computer Group: Select this option if you want to choose a collection (a group of assets) for this patch.  The groups are made up of the configuration items that are imported from the BigFix application.
      • Computer List: Select this option if you want to choose individual computers (assets) for this patch. You can see data about the manufacturer, location, class, when it was last updated, and the maintenance schedule on the dialog that is displayed.

      Click Next to continue.
      Computer Group or Computer List Depending on your selection for Assets, one of the fields is displayed. Choose from the lists.
      Schedule  
      Deployment Name Enter a name for this patch deployment. This name helps you track your updates.
      Deployment type Choose one option from the list.
      Deadline time Set the value for the deadline time. This value is the time the patch is last available for deployment.
      Available time Set the value for the time the patch becomes available.
      Deployment time based on Select a time zone from the list to base your deployment time window on.
      Allow restart Default is deactivated. Activate (select) this option to instruct the machines in the group to restart automatically after the patch is successfully completed.
      Description Add more text for about the patch. This information is displayed on the Description field of the Patch Update records.
    8. Click Deploy.
      The patch request is sent to for review. You can view the status of all your submitted requests from Exception requests > My requests from the List view.
    9. Alternatively, you can schedule patches from remediation tasks (RT)s that are assigned to you or your group.
      Note:
      The option to schedule a patch from a remediation task record is available only if there are patches mapped to (associated with) the VIs in the task. These patches are displayed in the Preferred patch column if you scroll to the right of a remediation task records with the Overview tab selected.
      Figure 1. Remediation task with Preferred patches
      Preferred patch, Overview tab, and Schedule Patch UI button highlighted on remediation task record.
    10. Click Schedule Patch from the RT record and follow the steps listed above to schedule it in the dialog.
    11. You can schedule patches for the steps listed previously in the classic environment.
      To locate these records, follow these steps.
      1. In the classic environment, navigate to Vulnerability Response > Patches > All.
      2. From the list that is displayed, locate a Patch Update record.
      3. For remediation tasks, navigate to Vulnerability Response > Remediation Tasks and locate a record.
        The track the remediation status on the Remediation Status tab. On the bottom of the record, patch data is displayed on the Related Links.
      4. Click Schedule Patch and fill in the fields.
        Field Description
        Deployment Name Enter a name for this patch deployment. This name helps you track your updates.
        Patch update Choose one from the available patches on the list.
        Assets Choose one:
        • Computer Group: Select this option if you want to choose a collection (a group of assets) for this patch.  The groups are made up of the configuration items that are imported from the BigFix application.
        • Computer List: Select this option if you want to choose individual computers (assets) for this patch. You can see data about the manufacturer, location, class, when it was last updated, and the maintenance schedule on the dialog that is displayed.
        Start time and End time Enter the start and end times for the time window. Enter when you want the patch to start its deployment, and last day the patch can be installed.