In this guide we’ll show you how to get started with the JetPatch platform.
What is JetPatch?
JetPatch is a cloud patch management and vulnerability remediation platform. It uses machine learning and automation to optimize patch rollouts, resulting in more secure systems and shorter downtimes.
With JetPatch your organization can:
- Automatically execute patch rollout workflows by server groups and maintenance windows
- Accelerate testing-staging-production cycles
- Eliminate patch blind spots with full discovery of all servers, OSs and applications
- JetPatch Works seamlessly with your existing patch managers, ITSM and Down Time Manager
Preliminary connectivity test:
Login to your JetPatch account
- Enter your credentials
The JetPatch Main Menu
On the left-hand side of your screen, you will see the main JetPatch navigation menu, which lets you navigate to the desired functionality:
- Remediation Plans: This is the Remediation Plan Dashboard. Here you can see all of your Remediation Plans (RPs), their status and progress.
Patches: This is the patch inventory. You can filter and select patches to create a remediation plan that suits your needs.
- Management: Lists all endpoints discovered by JetPatch, including patching status, server compliance and more.
- Activities: Displays all tasks executed on each endpoint, including all pre- and post- patching automated tasks.
- Maintenance: Lists all maintenance windows as imported from ServiceNow or other ITSMs.
- Groups: View and assign endpoint groups.
- Computer Groups: View all computer groups created in JetPatch as well groups imported from external systems, such as WSUS.
- Maintenance Schedules: A library of maintenance time slots that are assigned to servers, Remediation Plans will run on each endpoint according to the maintenance schedule.
- Workflows: A library of workflows the system follows while executing the Remediation Plan.
- Tasks: A library of automated tasks the user can choose from when creating and editing workflows
- Scripts: A library of Scripts the automated tasks are based on
Remediation plans are like projects JetPatch automatically executes for you. You can also think about remediation plans as Policies. When a system does not comply with the policy JetPatch will create a mini project – a remediation plan — to fix it. Each Remediation Plan consists of patches, what action should be taken with each patch, and how the patch should be deployed on specific endpoint groups (workflow).
Remediation Plan Creation
Remediation plans are created automatically or manually. Automatic remediation plans are marked with a ‘#’ sign and manual RPs are marked with .
Automatic remediation plans group all patches that are not part of any other remediation plan and are needed on at least one endpoint in the environment. Patches can be grouped in one automatic remediation plan or separated into critical and non-critical remediation plans, based on defined JetPatch system settings. Critical remediation plans will be created or updated every 24 hours, assuming JetPatch discovered new critical patches. Non Critical remediation plans are created every 30 days.
As long as the remediation plan is in the New column, additional new patches are added to it automatically (based on system configuration). Once the remediation plan is activated, no additional patches will be added to it and a new remediation plan is automatically created.
Creating a Remediation Plan
- In the main menu, click Patches
- Select the Patches you would like to install. To easily create a Remediation Plan, you can filter by the specific patch name, patch severity, category, etc.)
- Click on Create Remediation Plan
- A popup message will confirm the remediation plan was created and will indicate its plan ID
Activating a Remediation Plan
After creating the remediation plan, the next step is to activate it. To do so, we would need to edit it. In the main menu, click on “Remediation Plans” to go to Remediation Plan Dashboard and click on the Edit button of the relevant remediation plan.
- Go to the Remediation Plan Dashboard
- Filter by the Remediation Plan number you were given in step 4 in “Creating a Remediation Plan” above. The Remediation Plan should be under the “New” column.
- Click on the edit button
- Select the actions you would like to perform on the patches : Install/Decline/Not Approved/Remove. You can also add patches to the Remediation Plan by clicking on the “Add Patches” button.
- After deciding which actions you would like to perform, click on “Save & Continue”
The Remediation Plan Dashboard
The remediation plan dashboard provides real time visibility for all remediation plans.
Remediation plans are placed in the following columns :
- New – all newly created remediation plans and rejected remediation plans will be listed here.
- Pending – all remediation plans that were activated and pending for approval from ITSM. NOTE: If JetPatch is not integrated with an ITSM (such as ServiceNow or JIRA), the remediation plan will automatically move from Pending to In Progress after a few seconds).
- In Progress – Remediation plans that are currently being executed.
- Completed – lists all remediation plans that have finished patch deployment
- Archived – a completed remediation plan can be moved to the Archived column by the user.
Remediation Plan Details
For each Remediation Plan in the dashboard, a number of details are displayed:
Editing a Remediation Plan
After creating the remediation plan, it must be edited in order to activate it.
Go to Remediation Plan Dashboard and click on the edit button for the relevant remediation plan.
From the patches you have initially selected, chose the action you would like to perform – Install Decline, not approve, remove and click save.
Please note that there will be no actions for patches that nothing was selected for them.
In addition, if there are patches you would like to add to the remediation plan, click on “Add Patches” button to do so.
After saving, you will need to select the computer groups you would like to install the patches on and the Workflow you would like JetPatch to follow before and after Patch deployment. Once you’re done, click on activate plan. Once the plan is activated, it should move to “Pending” – waiting to be approved / In progress – depends on system configurations.
This page contains patches that were discovered from both Windows and Linux servers.
In patches page you can view on how many devices the patches is needed on, which remediation plan the patch is associated with and more useful metadata.
After selecting patches from your inventory, you can create a remediation plan and start patching!
Updating the Patch Inventory
JetPatch automatically scans your servers and communicates with your WSUS server, so all you have to do is wait for new patches, we will take care for the rest
Linux patches will appear in the patch inventory once the Linux devices in your systems are connected and powered on. Please note it might take a few minutes for the initial patches to arrive.
We update the Windows patches inventory every 24 hours.
Computer groups combine a number of endpoints together. These groups are then set on the different remediation plans. You can only run a remediation plan on a group and not on an individual device. There are two types of Groups: WSUS groups, from the Microsoft platform (these cannot be edited in any way), and Internal groups that you can create, edit, and delete.
Creating a New Groups:
- Select Computer Groups from main menu
- Click on Create Computer Group
- Fill in the relevant details: Computer Group Name and Description
- Click Save
- Adding endpoints to a group in done via the Groups tab
The Group Library contains groups you have created and groups downloaded from WSUS.
- The Search bar at the top left corner will enable you to search by group name.
- In the table you will see the number of endpoints assigned to each Group.
- You can Edit, Delete or Unassign all endpoints in the internally created groups by clicking on the action button on the right.
- The Unassign all endpoints option will only appear when there are endpoints available to unassign
Maintenance Schedules are independent time slots that allow you to decide when you would like a Remediation Plan to run on your devices. Connecting a device to a Maintenance Schedules is done through the Maintenance tab under Servers.
Note: If a server is not connected to a maintenance schedule and is added to a Remediation Plan, it will not run and the RP will be suspended.
Create a new Maintenance Schedule:
- Select Maintenance Schedules from main menu
- Click on “Create Maintenance Schedule”
- Fill in the relevant details: Maintenance Schedule Name, Description, Time Zone
- Click Save
- Click Add Schedule Entry
- Fill in the relevant details: Schedule Entry Name, Description, From and To Date, Repeat Type.
- Click Save
Maintenance Schedule Library
The Maintenance Schedule Library contains the Schedules you have created.
- The Search bar at the top left corner will enable you to search through the Maintenance Schedules by name.
- In the table you will see the number of computers assigned to each Schedule.
- You can Edit, Delete or Unassign all computers by clicking on the action button on the right .
- The Unassign all computers option will only appear when there are computers to unassign
When creating a remediation plan, you will be asked to create a workflow. The workflow contains pre and post deployment tasks. Before creating the workflow, you should add tasks and scripts to your library.
Creating a New Workflow :
- Select Workflows from main menu
- Click on “Create Workflow”
- Fill in the relevant details: Workflow name, Operating System and Pre+Post tasks.
- Click save
Workflows that were not executed can be edited (no “In progress” remediation plan is currently using them)
Editing an existing Workflow:
- Select Workflows from main menu
- Click on actions button to your right :
- Set as Windows / Linux default: when creating remediation plans, this will be the default workflow selected when deploying the patches.
- Click edit → and you can edit your workflow tasks, name etc.
- Delete – the workflow will be deleted from your library. (Can be done only if the workflow is not used)
Tasks contain the deployment parameters you want to use in different remediation plans. When creating a task you can use a Script, an Execution Line or both. Before creating the Task, you should add scripts to your library.
Creating a New Task :
- Select Tasks from main menu
- Click on “Add Task”
- Fill in the relevant details:
- Task name
- Task execution: Choose Script , Execution Line or Both (you will be asked to add in the relevant information for each option).
- Execution preview
- Timeout (in seconds)
- Click save
The Task Library contains the tasks you have created.
- Searching through the table can be done by :
- Filter Option: Script, Category, Created by
- The search bar: Task Name, Script Name, Category, Created by
- You can Edit, Copy, or Delete Tasks by clicking on the action button on the right.
Here you can enter your installation specifications for the different patches. Scripts can be either uploaded files or one-liner scripts written directly in to the console. Each script must be connected to a task and can’t run independently.
Creating a New Script:
- Select Script from main menu
- Click on “Add Script”
- Fill in the relevant details:
- Script name
- Operating system (choose from Dropdown)
- Script source, you can either:
- Upload file
- Add a One-liner script
- Run type
- Exit codes
- New scripts are set as Enabled, you can change the setting in the top right corner of the pop-up box.
- Click Save
The Script library contains the Scripts you have created.
1.Searching through the table can be done by :
- Filter Option: Category, Created by
- The search bar : Script Name, Category, Created by
You can Edit, Delete Download Scripts by clicking on the action button on the right.
Supported Operating Systems
- RHEL 5
- RHEL 6
- RHEL 7
- Windows 2008 and up
For more information, visit the JetPatch knowledge center.