How can I add the severity of a patch to the inventory? I want to generate queries for computers that are missing critical patches but that is currently not part of the inventory information.
This can be done using a couple of rules inside of Data Translation Services. Follow the steps below to add this information to the inventory tree.
1. Edit the file \Program Files\LANDesk\ManagementSuite\Datamartpm.xml.
2. Add the following line to the ComputerVulnerability table section under the last column tag: Severity type=Varchar(30) displayName=Severity >
3. Save the file.
4. Run the following command from the \Program Files\LANDesk\ManagementSuite directory. coredbutil /xml=datamartpm.xml Then select Build Components when the dialog appear.
5. Reload the LANDesk console. If you look in the Query dialog, you should now see a Severity attribute of the Security and Patch Definitions component.
6. Go into the Data Translation Services console and create a new Import Data rule.
7. Enter a name for the rule, in this example we will use Set Patch Severity , and click Next.
8. Select Management Suite , Computer Data and click Next.
9. Enter the information for your Management Suite database and click Next.
10. Enter Vulnerability for the table, or select it from the list.
11. In the Where statement textbox enter the following: Vul_ID = !Computer.Security and Patch Definitions.Vulnerability ID!
12. Click Next.
13. Click Add to add a column to import.
14. For the LANDesk Attribute select Computer.Security and Patch Definitions.Severity.
15. For the Column select Severity.
16. For the Data Type select STRING.
17. Click OK . 18. Click Add to add a second column. 19. For the LANDesk Attribute select Computer.Security and Patch Definitions.Vulnerability ID . It is necessary to add this column, since it will be used to match the Vulnerability that the computer reported to the vulnerability that is in the Vulnerability table. Since it already exists as part of the computer data, it will not be imported, but is used as the Key field to match the two records. 20. For the Column select Vul_ID . 21. For the Data Type select STRING . 22. Click OK.
23. Select the second attribute (Computer.Security and Patch Definitions.Vulnerability ID) and click Key.
24. Click Next.
25. Click Finish.
Since the Security and Patch information is not sent in as part of a regular inventory scan, it is not usefel to set this rule Active. Instead we recommend that you schedule this rule to run on a regular basis (perhaps every night, but often enough that the data is updated before you run a report. To schedule a rule, right click on the rule and select Schedule . Once you schedule the rule, you can change the settings for it, by looking in the Scheduled Tasks tool. The name will be _. Depending on how many vulnerabilities you are scanning there may be thousands for each computer. This may then take a long time to run the rule. However, since this data is sent in as part of a Security scan, it will not get overwritten and will stay once it is set. So it is not necessary to always run the rule to keep the data from getting erased during an inventory scan.
It is possible to set the rule to run only against computers that it needs to be run against. To do this follow these steps:
1. Create a new Query in the console.
2. Give it a Name , in this example, Computers needing Severity information.
3. Select Computer.Security and Patch Definitions.Vulnerability ID as the Machine Component.
4. Select Exists as the operator.
5. Click Insert. This will select all computers that have patch information.
6. Select AND from the drop down.
7. Select Computer.Security and Patch Definitions.Severity as the second Machine Component.
8. Select Not Exists as the operator.
9. Click Insert.
10. Click Save.
11. Right click on the DTS rule and select Set Targets.
12. Expand Queries on the right and select the query you just created.
13. Drag the query to the left. It should now be in the queries list on the left.
14. Click OK.
You have now setup the rule that will import the Severity type from the Vulnerability table in Patch Manager and add to the inventory of a Management Suite computer. However, the Severity column is an integer. To make it more useful, we should change it into a string, the same as shows up in the Security and Patch Manager console. The simplest way to do this is with a Normalize rule that converts the number into a string. Follow these steps to setup this rule:
1. Create a new Normalize rule.
2. Enter a Name for the rule, in this example we will use Normalize Severity Name.
3. Select Computer.Security and Patch Definitions.Severity as the Database Attribute and click Next.
4. Select 0 from the Existing Values list and click Add Map.
5. Change the map from 0 to Service Pack.
6. Drag 0 from the Existing Values list to the Service Pack map. 0 should now show up under Service Pack.
7. Repeat steps 4-6 for 1-6, using the following text: 1 - Critical 2 - High 3 - Medium 4 - Low 5 - N\A 6 - Unknown
8. Click Finish .
Since these two rules need to run together to properly set the patch severity, you should schedule this rule to run as well, after the first rule is complete. Since this rule will run much faster than the import rule, you may not need to set Targets for it. However, if you wish to set targets, create a query where Computer.Security and Patch Definitions.Severity = 0, 1, 2, 3, 4, 5, or 6. This will ensure that only computers that need the rule run will have it run for them. Also, since you want to run these two rules together, you can also create a rule group. So instead of dragging a computer down to the import rule and then dragging it to the normalize rule, you can drag it onto the group and both rules will run in sequence. To do this complete the following:
1. Right click on the bottom of the left treeview in the Data Translation Services console.
2. Select Add Group.
3. Give the groug a name, in this example, Patch Severity.
4. Click on Import Data in the treeview and drag the import rule onto the group, in this case we called the rule Set Patch Severity.
5. Click on Normalize in the treeview and drag the normalize rule onto the group, in this case we called the rule Normalize Severity Name.
You should see the two rules in the Patch Severity Group. Make sure that the Group Run Order is set to so Set Patch Severity runs before Normalize Severity Name. If you need to change this, right click on the Group and select Set Group Run Order. To further help customize this, you can also schedule the two rules to run one after the other, however this is not handled in the UI. When a rule is scheduled it creates a script file that executes the rule. It is possible to combine these two script files into one so that the normalize rule is run immediately after the import rule is finished. To do this follow these steps:
1. Right click on the import rule, in this example Set Patch Severity , and click Schedule.
2. Set the parameters you wish and click OK.
3. Right click on the normalize rule, in this example, Normalize Severity Name , and click Schedule.
4. Set the parameters you wish and click OK.
5. Go the \Program Files\LANDesk\ManagementSuite\Scripts directory on the core server. You will see the two script files with names of _.ini.
6. Edit the Set Patch Severity ini file. The test should look something like this: LOCEXEC0=C:\Program Files\LANDesk\ManagementSuite\MPRUNSCHED.EXE 225 , ASYNC 7. Change the ASYNC to SYNC . This way the next step will not complete until the rule has completed running.
8. Edit the Normalize Severity Name.ini file.
9. Copy the LOCEXEC line into the Set Patch Severity file and modify so it looks something like below: LOCEXEC1=C:\Program Files\LANDesk\ManagementSuite\MPRUNSCHED.EXE 226 , ASYNC
10. Save the Set Patch Severity file.
NOTE: The numbers after MPRUNSHED.EXE are specific to your database and that instance of the rule. If you delete the rule and recreate it or import it into a different core server, the numbers will change and you will need to reschedule the rule to generate a new script file and find out what the ID number is of that new rule. Now when the Set Patch Severity Scheduled Task is run, it will first import the patch severity field and then normalize the name. (NOTE: Replace with the character)