Is there a way to get a notification, when a Scheduled Patch Policy has been completed?
thank you,
My initial answer is “No” as we don’t have specific notification built into Patch Policies like we can do with Server Automation in LifeCycle - and there is no tie between patch policies and server automation.
Technically, a patch policy is potentially never complete as it is policy and can have a very open window/schedule to auto refresh and deliver content - But I get what you are asking.
Offering management and Dev lurk here and might have better insight. I do believe your ask would be a request for enhancement.
2 Likes
There’s no notification in Patch Policy, a reason is what Dan reports above. A patch policy can be seen as a desired state, the policy, for a set of devices, the targets/group. The patch policy by its nature should be subject to constant changes and therefore the “complete” state is hard to define.
Could you elaborate more on the use case you have in mind ?
thanks,
Rosario.
thank you for your reply.
So here is our use case:
We are implementing Patch Management in our Dev\PQA build automation and validation process for our offerings. BigFix will be used to deliever these patches.
In phase 1, of our PoC we can deliver & schedule Patchs to selected system(s). We are currently working on using the BigFix Compliance API to determine the status of a Patch(s), before and after, it has been applied.
We would like to get a notification, that the scheduled patch(s) were completed, so we can get a Status.
Thank you for your time.
I see, thanks for describing your use case.
Your option right now is to pool the REST API and compare the number of devices you have submitted the request to Vs the that have reported a “complete” status success or error that is. That way you have control of what your logic considers “complete” and you can then move on with your next step in your workflow.
I am not even sure if an RFE should be opened for this as it may be hard to implement a logic that fits this use case and the principle of “desired state” that is intrinsic in the Patch Policy feature.
Rosario.
Hello Rosario, Thank you again. I wonder if I didn’t explain myself well or not. What I find strange, I haven’t ever used a Patch Management solution, where I couldn’t get a notification that patches were applied successfully, e.g.; wsus, and other vendors. Maybe I’m not understanding the larger scope. But, It would seem; you’d want to have a notification, that patches were applied (successful, or not), without haven’t to visit and login to a portal to get that information.
Thank you.
Hello Brian,
if you apply set of patches via baselines, which is what most people do with BigFix, there’s a notification mechanism that you can use. Details on how to do it can be found at this link. Notification via Patch Policy is what seems trickier.
Rosario.
1 Like
Hello Rganeml, correct me if I am wrong. Maybe this is a catch22. If I set patches via baselines, I would then lose the “BigFix Compliance API’s”. However, I would be able to use WebReporting. But, with WebReporting I wouldn’t be able to extract data (csv, xml, api) for my Phase 2. Where Phase 2, is custom dashboard on the status & details of a patch status.
Thank you
I think we may be getting confused on the concept of “Complete”. Patch Policy behaves more like a “Desired State” configuration - it may never be “Complete” because as you add more computers, they also become relevant and automatically patch themselves, i.e. the policy doesn’t “end”. Think of it more like setting a Group Policy, it’s always there, reapplying when needed.
Would something like a daily progress be helpful, showing patches that were installed on given machines that day / how many became relevant ?
1 Like
Hello Jason, yes, I that would be very helpful.
Thank you
Would be great… this is nice for me as well. Do you have anything about this?