8 Replies Latest reply on Jan 31, 2012 4:31 AM by zman

    Request for input: Patch Manager Reporting

    LANDave SupportEmployee

      As the Patch Manager Product Engineer, I have been receiving an increasing number of requests for our Patch Manager reports to be enhanced.


      I am working with our Product Management and Product Development teams regarding this, and I wanted to get feed back from you, our esteemed users about the following.


      • What Patch Manager reports do you regularly use?
      • What can be done to make those reports even better?
      • What reports are missing that you would like to see in the product?


      If you have custom reports you have created, I would much appreciate seeing those as well.   I would like to get some further reporting into the product in the future.


      I would also encourage anyone who has made custom reports that they find useful to share them with the Community in the following section:



        • 1. Re: Request for input: Patch Manager Reporting

          I find the "Custom group trend information"  and the "Definition trend information" in the dashboard the most informative.  These tell me pretty much all I need to know about how we are doing repairing vulnerabilities in our environment.


          Trend Chart.JPG


          These graphs report quickly (as apposed to the regular reports, which contain too much detail and take forever to run).


          I would like to see some enhancements to this....


          1. The ability to put a start and end date instead of "Previous x days"

          2. The ability to show all currently scanned vulnerabilities instead of a group or individual vul ID

          3. The ability to export the raw data to a .csv



          • 2. Re: Request for input: Patch Manager Reporting



            I would also like to point out a problem with  some of the charts on the dashboard. These may have been fixed in SP3.  Let me know if they have.


            The issue is with any panel that list a bar chart with  a "Total" number. When you switch to a pie chart, the "Total" becomes a  slice in the pie chart.


            For example, when you switch the "Definition Counts" from a bar to a pie chart the "All Items" becomes 50% of the pie.




            • 3. Re: Request for input: Patch Manager Reporting

              One more.


              This slide I produce by   running sql query at the end of the month that counts daily patches   installed. I then copy the data to an excel spreadsheet to produce the   graph. This answers the simple question "How many patches did I install   each day".



              • 4. Re: Request for input: Patch Manager Reporting
                zman Master



                I believe I had posted some good suggestions on graphs in the SP3 Beta community but it this section appears to be gone now.  So...:

                1. Anytime devices are displayed, they should be able to be targetable. Ryan I think I won this one ;-) DH, check email I sent Ryan.
                2. Some reports - Computers with most detections . In regards to this graph it should be somewhat configurable. I believe it does not take into consideration the last vulscan date. So if a machine has been off for some time it will show in the list. Not sure I care about machines that are powered off (others may with vprop WOL), so maybe a criteria/filter to only show devices that have been powered on in the last X days. Maybe Right Click on graph and create a LDMS query from data.
                3. I believe that the way secondary is displayed on the graph (double clicking on certain areas) could be somewhat confusing to new users. The report mentioned in number two clicking on header pulls up certain information while clicking on the axis pulls up other information. If I'm a new user how do I know 1. to click on the graph and 2. where to click.
                4. Graphs should have the ability to set axis scaling.
                5. Save Graphs as pdf,csv, or spit right into Excel.
                6. Definitions with most reported failures. Nice to see a drill down on consolidated report on the errors. So say Vul1, double click on Vul1 and it show top x reported errors.
                7. Patch report showing roi of vulnerabilities remediated through the gateway.
                8. What patches were remediatied via scheduled task vs autofix
                9. Reports based on configurable locations (ip segment - AD). Succes fail rate on a custom group or just scan folder grouped by location. Can easily see if a site is having issue with patches
                10. Individual vulnerability average remediation time. What vulnerability takes the longest to remediate.
                11. Vendor Vulnerabilty grouping by numbers of vulns, and then broken down by severity.
                12. Ability to turn reports/dashboard on and off in console .Net memory leak.
                13. I think LANDesk should create some form of vulnerability index per device that has a configurable index and show that graphically. This index should somewhat configurable. If device X has at least X critical vulnerabilities and has been on since last x days = H|M|L
                14. Black text on blue ;-(
                15. Delete patches....settings. Report on patches removed and when. Historical running report.
                16. Vuln in scan folder and bits/exes are missing not downloaded.
                17. Compliance historical trend report.
                18. Compliance with monthly microsoft patches. It would be great to have a report that show current monthly patches and if we are missing any patches from that month.
                19. Hook LDDWNLD and show a report of what pref server most patches are downloaded from. Good for SD also.


                Right from the hip and mine is broken and I can't find my medical alert button. Also not sure your going to get a lot of responses with this as a discussion. Maybe post of the home page, blog, or something to pull it out.

                Here is what some of the other guys are doing


                So I was also thinking what if a graph object could carry out an action - smart objects?  Staying with my example report - Computers with most detections, say we could link a scheduled task to this graph. For the topmost X computers, automagically add the targets to a scheduled task (yes there are some of us not using autofix). Or make the graphs alertable. I have to think a little more on this but what if a data point exceeds a pre-defined threshold on a given axis alert. 
                • 5. Re: Request for input: Patch Manager Reporting
                  zman Master

                  Dude post that SQL.

                  • 6. Re: Request for input: Patch Manager Reporting

                    -- Query used to determine number of patches installed over a given time period for Ops Review


                    DECLARE @DateTime1 VarChar(30);
                    SET @DateTime1 = '2011-12-31 00:00:00.000';
                    DECLARE @DateTime2 VarChar(30);
                    SET @DateTime2 = '2011-12-31 23:59:59.000';


                    SELECT COUNT(Patch)
                       FROM dbo.PatchHistory
                       WHERE ActionDate BETWEEN @DateTime1 AND @DateTime2
                       AND Type =0
                       AND ActionCode = 2


                    -- Query to list all patches remediated over a given time period by Patch Name


                    DECLARE @DateTime1 VarChar(30);
                    SET @DateTime1 = '2011-10-01 00:00:00.000';
                    DECLARE @DateTime2 VarChar(30);
                    SET @DateTime2 = '2011-12-31 23:59:59.000';


                    SELECT Patch, COUNT(*) FROM dbo.PatchHistory
                       WHERE ActionDate BETWEEN @DateTime1 AND @DateTime2
                       AND Type = 0
                       AND ActionCode = 2
                       GROUP BY Patch
                       ORDER BY Patch
                    -- Query to help figure out what product a patch is for


                    SELECT Vul_ID,Vendor,Title,Description,Summary FROM dbo.Vulnerability
                       WHERE Vulnerability_Idn = (SELECT Vulnerability_Idn FROM dbo.Patch
                       WHERE UniqueFilename = 'vviewer2010-kb2553353-fullfile-x86-glb.exe')


                    SELECT Vul_ID,Vendor,Title,Description,Summary FROM dbo.Vulnerability
                       WHERE Vulnerability_Idn = '4557'

                    • 7. Re: Request for input: Patch Manager Reporting

                      The second and third queries I use for compling a report that list the number of patches installed by product, but the data still needs a good bit of manual manipulations becaue eache version of a "Product" in PM is listed separately. Also, suites of products have to be consolidated. For example, I include patches for Excel and Word in the total for Microsoft Office patches.


                      It would be nice if you could create goupings of products like this for reporting.

                      • 8. Re: Request for input: Patch Manager Reporting
                        zman Master

                        Thanks Peter.