In Nebula, the Patch Management module allows you to apply an operating system (OS) patch using the Windows API. Security fixes are available through OS patches, so keeping your devices up to date is essential.
Microsoft may require reboots to install OS patches, so applying patches to your endpoints during nonoperating hours is recommended.
TIP - Keep the operating system patch information in Nebula accurate by running or scheduling an Inventory & Vulnerability scan. This will ensure that any OS patches you install from Nebula are the latest. For more information, see Configure Patch Management in Nebula.
Use one of the following methods below to keep your operating systems up-to-date. View the Investigate > Events page to confirm the patch installed successfully.
Scheduled patches
Create a schedule that regularly installs OS patches to ensure your devices stay updated. This schedule applies all Windows OS patches found when the schedule is run. To create a schedule:
- On the left navigation menu, go to Configure > Schedules.
- Click New.
- Enter a schedule name and choose Install OS Patches for Type.
- Optionally, filter which operating system patches install based on category and severity.
- Configure OS patch settings with the options in the Patch settings table below.
- On the Schedule groups tab, select target groups for the schedule.
- On the Schedule frequency tab, set the frequency, start date, and start time.
- Toggle on Run missed scans as soon as possible to allow the schedule to run if the endpoint was offline during the configured schedule time.
Note: To avoid unexpected updates after a powered-off endpoint comes online, toggle this setting off. - Click Save.
Patch Categories
Patch categories are defined using Windows standardized terminology for operating system services.
Category | Definition |
Critical Update | A broadly released fix for a specific problem addressing a critical, non-security-related bug. |
Definition Update | A broadly-released and frequent software update containing additions to a product's definition database. Definition databases often detect objects with specific attributes, such as malicious code, phishing Web sites, or junk e-mail. |
Driver | A software component necessary to control or regulate another device |
Feature Pack | New product functionality that is first distributed outside the context of a product release and usually included in the next full product release. |
Security Update | A broadly released fix for a product-specific security-related vulnerability. |
Service Pack | A tested, cumulative set of all hotfixes, security updates, critical updates and updates, as well as additional fixes for problems found internally since the release of the product. |
Update | A broadly released fix for a specific problem addressing a noncritical, non-security-related bug. |
Update Rollup | A tested, cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment. |
Upgrade | A new product release brings a device to the next version, containing bug fixes, design changes, and new features. |
OS patch settings
Setting | Description |
Don't reboot servers |
Prevent servers from rebooting after an operating system patch. |
Use existing reboot settings | Follow the policy reboot settings. |
Override existing reboot settings |
Override the policy and customize the reboot settings. |
Message displayed for required reboot | The message displayed to users if an operating system patch requires a reboot. |
Reboot automatically after | The time before the endpoint automatically reboots. |
Enable pre-deployment message | Allow users to see a custom message before the update is deployed. |
Message to display prior to deployment | The message displayed to users before the update is deployed. |
Delay deployment | The time before the patch is installed. |
Note: A user can postpone a reboot indefinitely unless the reboot delay time is reached. Subsequent popups will wait 1 minute for additional postponement. Otherwise, the endpoint will reboot. If a user postpones a reboot, the Events screen shows an Audit event.
Patch Management page
Navigate to the Patch Management page to view and install available operating system patches across your environment.
- go to Manage > Patch Management on the left navigation menu.
- Select all or check specific boxes for system patches you want to install.
- Click Actions > Apply patches.
- In the confirmation window, click Install.
After the OS patch is complete, the patch is removed from the Patch Management page with the next scheduled Inventory & Vulnerability scan. You can also manually update the Patch Management page by issuing an Inventory & Vulnerability scan task from the Endpoints page.
Patch information
View the following information for each available patch:
Column | Description |
Application | The affected application. |
Category | Type of patch. |
Description | Short description of the patch. |
Domain name | The corresponding domain of the endpoint. |
Endpoint | Host name of the endpoint. |
Group | The corresponding group of the endpoint. |
Identified date | Date the available patch was detected on the endpoint. |
KB ID | Knowledge base ID of the patch. |
Patch | Name of the available patch. |
Restart required | Requirement of a reboot to complete the installation of the patch. |
Severity |
Severity level of the patch determined by the vendor:
Note: Unknown patches are released patches that are not associated with a severity level by the vendor. |
Size | File size of the patch. |
Vendor | Vendor name for the available patch. |
Endpoints page
On the Endpoints page, add a new column to see how many available patches there are for each endpoint. The following column is available:
- Patches available: Shows the number of available OS patches and 3rd-party software updates. Click the value to go to the endpoint's Update tab.
To apply a system patch:
- Select all or check specific boxes for system patches you want to install.
- Click Apply patch.
- In the confirmation window, click Patch.
To update software, see Update software with Patch Management in Nebula.
Return to Patch Management guide.