Windows Patching Report

ipsql · June 21, 2023, 8:57am

Am trying to get a dashbaord together to report on Windows Patching compliance to see if there are any security updates that we may/may not have/missing.

Is there a way of getting this information using SquaredUp?

Jelly · June 21, 2023, 9:11am

What tool do you use to manage your patching?

The crux is you can either utilize the existing SCOM Discoveries for Windows Operating System which can show you the version installed:

Or you can utilize SquaredUp’s integrations to pull the data from the tool that manages your patching, depending on what that tool allows you to pull out.

ipsql · June 21, 2023, 9:18am

Thanks for the quick response. Is there any way of seeing this at a higher level?

As an example our set of SQL databases servers we can see which are not compliant with the latest patched version of SQL and highlights it as “Product Version Compliance”.

I am trying to find something similar with Windows patching, to ensure we have the latest KBs installed and which servers could be missing that.

Jelly · June 21, 2023, 9:27am

Absolutely - You can use the Matrix tile to show a list of objects and their properties.

Scope to the class that the properties are discovered for:

Or for SQL, you may want to choose the MSSQL on Windows: DB Engine class (if your using the version agnostic MPs):

And then utilize the properties in the json, as per this article: https://scomsupport.squaredup.com/hc/en-us/articles/8862937032221-How-to-use-the-Matrix-tile

You’ll need to drilldown into the objects you’ve scoped in, then view Monitored Entity to gain the property names.

Example for the OsVersion property:

JSON:
[ { "_type": "celltile/status", "config": { "display": { "cellWidth": "30%", "labelTemplate": "{{properties.principalName}}" } }, "title": "Status" }, { "title": "OS Version", "_type": "celltile/text", "config": { "display": { "contentTemplate": "{{properties.osVersion}}" } } } ]

The properties need to be added in camelCase.

ipsql · June 21, 2023, 2:25pm

Thanks for that, really useful.

So with the SQL Patching compliance it says SQL version is X when it should be Y with Y being the most recent.

Does the Windows Compliance Patching have anything similar.

For example, running the JSON I can now see that Server version is X which is great but when new patches come out each month, we want to ensure the servers are then flagged as not the latest.

Basically does SquaredUp/SCCM offer a similar process to the way SQL compliance is done?

Jelly · June 21, 2023, 2:40pm

SquaredUp is only ever the visualization on top of what SCOM collects. You can build monitors to detect when a version does not match the latest version available. This requires an amount of SCOM authoring.

You can, however, do some simple custom labels on the matrix tile to highlight when something does not match the expected result.

KB for custom labels: https://scomsupport.squaredup.com/hc/en-us/articles/8862936650397-How-to-use-Custom-Labels

And some examples here:

github.com

squaredup/samples/blob/master/mustache-and-custom-labels/if-statements.md

# If Statements
## Uses

If statements can be used on returned values to adjust the way the data is displayed. For example, replacing the value ```healthy``` with a healthy status image (check mark), or changing the displayed values color to display a threshold that has been breached.


# Examples
## Color replacement
Simple replacement based on the value uses HTML tags. For example, Low (Yellow), Warning (Orange), Critical (Red):

![image](https://user-images.githubusercontent.com/45064152/125918677-0844f670-8b79-4deb-af1a-290bd886f980.png)

### Custom Label

```
{{#if value == "low" }} <p style="color:Yellow;">{{value}} </p> {{elseif value == "critical" }} <p style="color:Red;">{{value}} </p>{{elseif value == "warning" }}  <p style="color:Orange;">{{value}} </p> {{/if}}
```

## Image replacement
In the image below, you can see the grid tile (SQL, PowerShell, Web API) is used with replacements of different values for the severity and integration logo:

This file has been truncated. show original

SCCM should give you reporting for this, though it’s not my area of expertise. You can use the same SQL queries or PowerShell tiles to visualize the information using SquaredUp integrations.