I am looking for a way, whether relevance or a file check, to tell or verify when a new system has no more relevant patches in a baseline. If it does then re-run the baseline again against the system and if not then have the system moved to a new automatic group.
How are others handling auto patching of new systems that come online and need to be patched prior to being deployed to production.
curious to hear how others are managing this as well. I’ve been keeping my image updated about 4 times a year so they never fall too far behind. I have software deployment/configurations automatically applying after an imaged machine comes up, by tagging them with a custom client setting at time of imaging, and having open baselines dynamically targeting that client setting. I could see the same being done for baselines of patches for each month the image is out of date, but it would require some careful configurations to ensure deployment sequences remain proper.