Patches
• 2 min to read •
Syxsense Secure allows completing all operations related to patch management and system security in one console.
Patch management is important because it helps you to reduce your security risks by fixing software flaws that can make your system vulnerable to cyber-attacks.
System security is crucial to protect your system from cyber-attacks. It is provided in 2 steps:
① Security Scan which allows detecting malicious processes and misconfigurations on the devices in the corporate network.
② Security Resolve which allows automatically fixing most of the detected security flaws via tested resolution workflows in Syxsense Cortex.
Syxsense makes the above-mentioned operations straightforward.
A simple interface of Syxsense software is also a super convenient way to present the current state of the system to the senior executives and create detailed reports for external auditors.
|
Important Information This section is titled Patch Manager in Syxsense Manage and Vulnerabilities in Syxsense Secure. Please contact your Account Manager to upgrade. Patch scans can take 10 minutes or longer to complete, we recommend scanning all devices every day. |
|
Prerequisites A user with Admin or Vulnerabilities (Patch Manager) rights |
Discovery: PatchesDiscovery: Patches
To review the content available within the Syxsense console, start by navigating to the Vulnerabilities tab in the Console menu.
Select the Patches tab within the Vulnerabilities sidebar.
|
Once the Patch Library view has populated, you will see a long list of patches arrayed in a table, as shown below.Drop-down TitleDrop-down Title  |
The following information can be used for filtering the table columns ①
| State | Has the patch been detected? |
| Title | The name of the patch provided by the vendor (For Microsoft, this is usually the KB title) |
| Description | The description of the patch provided by the vendor (or crafted by Syxsense) |
| Installed | Shows whether the patch is currently installed on the system. |
| Required | Displays the number of systems where the patch is required for optimal security. |
| Not Required | Indicates the number of systems where the patch is not necessary. |
| Not Checked | Represents the number of systems where the patch status has not been verified. |
| CVSS | The independent CVSS score represented as the number. |
| CVSS Severity | The independent CVSS score represented as a title. |
| Severity | The vendor-issued severity. |
| Vendor | The name of the partner company providing the patch content. |
| Language |
The language in which a software patch is written. INTL - the patch is applicable for international language support. |
| CVEs | Lists the Common Vulnerabilities and Exposures identifiers associated with the patch. |
| Date Published | The date the patch was published. |
| Is Reboot Required | Specifies whether a system reboot is necessary after applying the patch. |
| Repairable | The indicator of the issue reparability. |
| Autofix | If enabled, this patch will be deployed during a scan task if the patch is detected. |
| Type |
The type of the patch. Type categories are listed below. |
| Public Aware |
The method to expose the vulnerability is publicly aware. Publicly Aware vulnerabilities are often weaponized and therefore should be prioritized before they become weaponized. |
| Counter Measure | An alternative solution exists where the patch can be mitigated, see vendor for full details. |
| Weaponized |
The vulnerability is currently being exploited. Weaponized vulnerabilities should be treated as Zero-Day ones and deployed urgently. |
Filtering Patch Content
There are many ways to organize and manipulate the data provided within the main Patch Library, without even creating custom queries or groups. You can filter down the list by the Type of the patch ②
Our patch content Types are organized into the following categories:
| Windows | General category for Windows-related patches |
| Microsoft Update | Standard Microsoft Patch Content |
| Microsoft hotfix | Special Released Content to fix a bug |
| Service Pack | A combined Release of Available Microsoft Updates |
| 3rd Party | Content provided by our partner software vendors |
| Linux | Content discovered within found Linux repositories |
| Mac | Content discovered within MacOS’s update service |
You are also able to filter patch content by device ③.
Filtering by device brings up the Device Targeting Wizard. Targeting a list of assets will narrow the scope of patch content down
to just the patches which are relevant to the listed endpoints.
Further filtering can be obtained by searching for specific content using the Search Input box.
Currently, Syxsense supports the following searches:
| Title | The Patch name provided by the vendor (For Microsoft, this is usually the KB title) |
| Description | The Patch Description provided by the vendor (or crafted by Syxsense) |
| CVE | The Identity provided to the patch by Mitre Corporation |
| Vendor | The name of the partner company providing the patch content |
Filter by patch status ④
| Patch Icons |
|
A patch is current and not superseded. 
At least one component of the patch is superseded and at least one component of the patch is still current. 
All components in the patch are superseded.The upper toolbar offers the following options:
 |
To view review the explicit state of a patch or configuration. |
 |
To schedule a scan task either now or later. If you need to reinstate a previously blacklisted patch, highlight the blacklisted patch, and then select this button. |
 |
Patches that should never be scanned and deployed. This will blacklist the patch and remove it from your organizations patch inventory. If you need to conditionally blacklist content from a set of assets but wish to continue reviewing the item on other assets, we recommend filtering out the content by using a content query or group based task deployment. See Patch Queries and Default Queries for more information. To locate previously blacklisted content, navigate to the Advanced section within the Vulnerabilities sidebar > Select the operating system dropdown for the content type you need to whitelist > Select the Never Check or Install dropdown item to open the list of blacklisted patch and configuration contents. |
 |
This will check the Syxsense Database, which exists external to your Syxsense console for any changes since the previous automatic sync, which happens daily by default. To check if the patch has any new elements (like a change to its CVSS score, or a new CVE or more complete description), simply select an individual patch (or group of patches) from the rows of available data and select this button from the top toolbar. |
 |
Create Patch Groups |
 |
Export the patch list to the XML file. Export individual patches, or a subset of the patches displayed by control clicking or shift clicking rows of data within the console, and then selecting the Export button located. |
Video Tutorials: How to Manage PatchesVideo Tutorials: How to Manage Patches
Learn how to stage patches using Task Video
Learn how to stage patches using Cortex Workflow Video
How to remove and restore a patch Video
How to roll back a patch Video
For more information refer to the following topics:
Last Update: Mar 12, 2024
Copyright ©2024 by Syxsense, Inc. All Rights Reserved