Create Patch level policies

(imported topic written by jpeppers91)

How do I create patch level policies rather than leaving actions open?

jp

(imported comment written by jessewk)

Please explain further. I don’t understand what you mean by a “patch level policy”.

(imported comment written by jpeppers91)

Instead of having different baselines of monthly Microsoft patches, can there be a policy defined to say xyz minimum patches need to be installed on all machines as opposed to having several actions open. We are in the process of working with Cisco and integrating NAC in our environment. The term Bigfix policies kept coming up but they couldn’t show me because this was a kick off meeting.

I’m looking on how to do Bigfix Client Compliance…

(imported comment written by jessewk)

Hi jpeppers,

I’m still not too clear exactly what you’re trying to do, but let me throw 2 scenarios at you and tell me if either is what you want.

‘Define a policy that xyz patches must be installed’: You would normally do this by creating a baseline with xyz patches and taking an action to target that baseline.

‘How to do BigFix Client Compliance’: There are many ways to do this, but typically they involve crafting compliance documents that query the client about its state. A compliance doc is essentially a list of relevance questions, all of which must evaluate to true in order to be considered compliant. There are wizards that help create the document, or you can write custom queries. Example queries would be ask things like, “Are there no more than 5 critical patches relevant? Is AntiVirus running? Are AV definitions up-to-date?” Etc. In the Cisco NAC scenario, you can feed the results of evaluating the compliance doc to the cisco trust agent to accomplish posture validation.

(imported comment written by jpeppers91)

I’m trying to do the second option.

(imported comment written by jessewk)

Okay, that’s great. We have a number of customers with similar scenarios. However, it can be somewhat complicated to get all the pieces put together correctly since every NAC project is different. I’d suggest you get in touch with your sales/pro serv contact at BigFix and see if they can provide a resource to steer you through our solutions.

(imported comment written by jpeppers91)

We have a Cicso resource for NAC. I’m just trying to get more info on creating policies in Client Compliance.