Get Started with Patch Management
Qualys Patch Management saves you time and effort by automating patch management on Windows and Linux assets. For Windows, you can install both Microsoft and Non-Microsoft patches using a single patch management application. You can also deploy patch jobs on Linux assets. It provides instant visibility on patches available for your assets and tells you whether these patches are already installed. You can automatically deploy new patches as and when they are available. You can create jobs to automate patch installation for either Windows or Linux assets. A single job deployment can have either Windows assets or Linux assets. A job that combines Windows and Linux assets is not supported.
The Windows Cloud Agent downloads the required patches from external sources. However, patches that require authentication cannot be downloaded by the agent. You can manually download and install such patches on the assets. Qualys Patch Management will then identify these patches as installed.
We do not support scanning assets running Windows evaluation versions. These assets are scanned for missing and installed patches once they are upgraded to the full version of Windows.
Note: Qualys Patch Management 1.5 supports deploying patch jobs on Linux assets.
Start Here
Install and configure agent:
Install Cloud Agents (using the CA app)
Enable PM in a CA configuration Profile (using the CA app)
Deploy patches:
Create a custom assessment profile (Optional)
Review missing and installed patches
Review patch deployment results (success / failure)
Roll Back Windows patches:
Create a custom assessment profile (Optional)
Review missing and installed patches
Review patch roll back results (success / failure)
Time Zone Settings
You can select the time zone from the Administration module. Before the Patch Management 1.9.0.0 release, the only supported time zone was the browser time zone. With the Patch Management 1.9.0.0 release, the custom time zone is also supported. As the time zone is selected from the user profile, it is addressed as profile time zone.
When you select the required time zone, wherever the date and time details are shown on the Patch Management UI, they are shown according to the profile time zone that you have selected.
Consider the following examples to understand the scenarios, wherein the time details are shown according to the profile time zone, UTC, or Agent Timezone.
Example 1:
(1) Represents the job result history of the latest ten job runs for recurring jobs
When a job is scheduled to run in a specific time zone, the job run history list shows the time details according to UTC.
When the job runs according to the agent time zone, the job run history list shows the time details according to the Agent Timezone.
(2) Represents the date and time details according to the profile time zone that you have selected.
Example 2:
In the following "Job Details" page, you can see the time details for fields, such as "Created On" or "Next Schedule" according to the profile time zone that you have selected. But you can see the time details for the "Timezone" and "Start Date time" fields according to the time zone that you selected at the time of job creation.
Up to date patch visibility
We'll continuously keep your account updated with the latest information about your assets and related patches. The search box with advanced search capabilities gives you instant visibility all at one place, all about your assets and required patches.
Customizable Dynamic Dashboards
Dashboards help you visualize your assets, see the open vulnerabilities, leverage saved searches, and patch Windows and Linux vulnerabilities quickly.
Qualys Patch Management integrates with Unified Dashboard (UD) to bring information from all Qualys applications into a single place for visualization. UD provides a powerful, new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.
Qualys Patch Management offers several dashboards out-of-the-box. Each dashboard displays a short description of the information it offers. You can also easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your view.
We have seven out-of-the box widgets for Windows and 4 out-of-the-box widgets for Linux patches. You can customize and add widgets based on your preferences. To add Windows to the old widget titles, you must delete and re-import the old widgets.
See the Unified Dashboard help for more information.
Fallback to free version
Patch Management will revert to the Free version once your Trial or Full subscription expires. Existing scan intervals of less than 24 hours will get converted to intervals of 24 hours. Your existing jobs will be disabled and you can re-enable them once you renew your subscription.
The free version allows you to create assessment profiles with a minimum scan interval of 24 hours and see a list of missing and installed patches on the assets in your environment. It doesn’t allow you to create deployment or install jobs.
Patch Management API Support
A few Patch Management features are available through REST APIs. You can use Swagger tool to access the REST APIs we support. You cannot use Patch Management APIs with the Free License.
Note: Patch Management APIs support fetching a maximum of 10K records only.
For more information, see Patch Management API User Guide.