Introduction
A patch baseline is a collection of missing patches ready for installation on your instances. You can choose a subset of the packages that address the key vulnerabilities from a given feed. The chosen set of packages forms the patch baseline.
You can create baselines based on one of the following categories:
Important
All partner users and corresponding client users can access a partner baseline. However, when a client creates a baseline, only client users can access that baseline.Static baseline
OpsRamp allows you to choose a list of patches from the available list that forms the baseline. The list of patches in the baseline does not change unless updated by the user.
Dynamic baseline
Dynamic baselines consist of a set of patches that meet the selected filter criteria. The list of patches in a dynamic baseline varies as the available patches change when the filters are applied dynamically with the change.
Note
You can define a baseline by selecting only the packages from the feed that satisfy the conditions defined on the properties on the feed such as severity, rating, and CVE IDs.Creating patch baselines
To configure the baseline for Windows and Linux devices:
- Select a client from the All Clients list.
- Go to Automation > Patch Configuration> Patch Baselines.
- From Patch Baselines, click + Add.
- From Add Patch Baseline, go to Select Patches for New Patch Baseline and provide details for the following parameters:
- Name: Refers to the name of the Patch Baseline.
- Description: Refers to the information related to the patch baseline
- Client: Refers to the client to apply the baseline.
- Feed: Refers to the installed Windows and Linux integration feed.
- Go to Select Patches to Include and provide one of the following options.
- Include Selected Patches.
- Include patches that satisfy the below rules(Dynamically applied).
- If you have selected Include Selected Patches, you can select the desired patches from the available list of patches.
- If you have selected Include patches that satisfy the below rules, do the following actions:
- From the available conditions, configure a policy.
- After configuring the policy, go to Select Patches to Exclude.
- From select Patches to Exclude, you can select the desired patches from the available list of patches.
- Click Save.
Patch Baselines screen displays the configured baselines.
After configuring the baselines, you can use them while performing the following patch activities:
- View missing patches.
- Patch compliance configuration.
After configuring the Patch Baseline, you can view the baseline details on the Patch Baselines page.
Viewing patch baselines
View the configured patch baselines in Patch Management > Patch Baselines.
The following table describes patch baseline attributes.
Attribute | Description |
---|---|
Name | Patch Baseline Name. |
Last Updated By | Name of the author who updated the baseline. |
Last Updated Time | The time and date of the recently updated baseline. |
Included Count | The number of patches included in the baseline. |
Excluded Count | The number of patches excluded in the baseline. |
Enabled | Enable or Disable the configured baselines. |