Patch Insights

1E Patch Insights provides an overview of the last mile patching required on your environment. It is centered around the final stages of your monthly patching process, with a view to allow you to identify the problematic devices in your environment. At this point of its development, Patch Insights does not remediate the cause of patch failures, or the inability to reach devices, but it gives a view of these, and once manual remediation action has been taken, the ability exists within Patch Insights to redeploy the failed patches using the power of 1E.

Patch Insights from 1E is an important part of keeping your devices secure, performant, and healthy. This has become more important than ever with hybrid work becoming the norm and employees embracing remote work. Patch Insights brings visibility, clarity, and peace of mind around device patching. Research and testing is made easier with comprehensive device and patch views. Vulnerabilities can be detected and closed in real time using the patch-view dashboard, and the power of Actions via Endpoint Troubleshooting.

1E Patch Insights features

1E Patch Insights contains key features like a real-time, filterable dashboard, patch scoring, filters, and direct patching from the dashboard.

This page shows a dashboard of the patch status for your estate.

Filters

The first row of tiles shows the Filters available on the page. For more information, refer to Filters.

Search and sort

You can search for a particular patch, remove, or include any archived patches using the Include archived toggle, and sort the patches by the following:

  • Highest impact score
  • Lowest impact score
  • Highest patching failures
  • Lowest patching failures
  • Newest
  • Oldest

Patches and status

The final rows are the actual Patches that devices have reported as having at least one of the following statuses:

  • Vulnerable: Count of vulnerabilities for the environment.
  • Failed: Count of failures for the environment.
  • Mitigated: Count of mitigations for the environment.
  • Reboot: Count of reboots required for patches deployed to the environment.

The following columns are displayed:

  • Left column: Displays the impact score. Refer to The Impact Score. The column also shows the KB number and the age of the patch.
  • Right column, top row: Displays the title of the patch, its KB, definition, and version (where available) To the right of the patch title is a count of the number of patches under this KB, the number of devices which report a requirement for this, and the option to archive the patch if it is not of interest.
  • Right column, bottom row: Displays the last patching event reported by a device and the status of the patch.

Drilling into the data

Selecting the link opens the drawer which displays to the right of the screen, and is displayed here for reference. This shows the information about the selected patch, with a link to the Microsoft support page for the patch, which opens in a new browser tab.

It is possible to drill down into the data to get a more granular view of where the patch has been deployed, and what state it is in on devices. Following any of the links in the row, apart from the opens the page screenshot displayed which shows the patching status as a percentage in colored bars. And the devices with their status in a table, with the Details listed this can include the error code, the last status or mitigated.

If the user has the relevant role then once a selection is made in the check boxes the Deploy Patch, Explore and Reboot buttons become enabled.

This page shows a dashboard of the patch status of the devices on your estate.

Filters

The first row of tiles shows the Filters available on the page, these are discussed here: Filters.

Categories

The next row has a number of columns relating to the device and the patch status, these are:

Device:

  • FQDN - The FQDN of the device
  • Last Seen - The last time the device was seen by 1E
  • Primary User - The primary user of the device

Patch:

  • Vulnerabilities - Count of vulnerabilities for the device
  • Failures - Count of failures for the device
  • Mitigations - Count of mitigations for the device
  • Requires Reboot - Count of reboots required for patches deployed to the device

If the user has the relevant role then once a selection is made in the checkboxes the Explore and Reboot buttons become enabled.

Drilling into the data

It is possible to drill into the data to get a more granular view of the status of patches on a specific device, clicking on the link in the FQDN column opens the screen to the right.

This shows the patching status as a percentage in colored bars. And the patches with their status in a table, with the Details listed, this can include the error code, the last status or mitigated.

The KB Number is also a link which will take you to the Patches page within Patch Insights.

From this page a user with appropriate permissions can click on the Explore button in the top right to open 1E Endpoint Troubleshooting and run any instructions they are permissioned to use. Or once a selection is made in the checkbox to the right of the KB number the Deploy Patch button will become enabled.

Clicking on the link in the Details column displays the events that have occurred on the device for the relevant patch. Shown to the right, it lists the machine fqdn and the logs for the KB article, with the Status Date and Detail showing, this log can be downloaded by clicking the Download full log link at the bottom of the screen.

Filters

Information about how to use the Filters bar that appears at the top of Patch Insights pages.

Patch Insights Filters

The Filters bar appears at the top of the pages in Patch Insights. Each section in the Filters bar allows a user to quickly and easily filter based on different categories. When a filter is set it applies to all the tiles on the page.

The Filters bar

The following sections are displayed on the Filters bar:

Section

Description

Applicable Devices

This section shows the total number of devices that have been selected for the current view and the percentage of the environment those devices comprise. If no filtering is selected, the applicable devices will be 100% of the environment and will display the total number.

Operating System

This section will allow you to create a filter based on the Operating System. The bars represent the different operating systems that make up the environment.

Device Model

This section will allow you to create a filter based on the Model. The bars represent all the models that are in the environment.

Criticality

This section will allow you to create a filter based on the Criticality setting of the devices. Criticality is set using an instruction. The details on setting Criticality can be found here Using Device Criticality.

Location

This section will allow you to create a filter based on the Location setting of the devices. Location is set using an instruction. The details on setting Location can be found here Using Location.

Management Group

This section will allow you to create a filter based on the Management Group membership(s) of the devices. Each bar represents a Management Group in 1E. The details on Management Groups can be found here Management Groups.

Collapse/Expand

The Up or Down Arrow on the far right of the Filters and Breakdown bar allows you to collapse or expand the bar. Collapsing removes the details from view and leaves only the title of the bar. This allows you to focus on the details of the data when you have the filter of your choice created.

Using the Filters Bar

The Filters bar can be used to immediately apply filters and, to the data that is displayed.

The Filters selector lets you choose from:

  • Operating System
  • Device Model
  • Criticality
  • Location
  • Management Group

Here the Operating System filter has been selected and the screen has refreshed to show only servers.