In Nebula, the Patch Management module allows you to install updates on software applications such as Adobe Acrobat, Mozilla Firefox and Zoom by retrieving the latest installers from the vendors.
Third-party vendors may require reboots to complete the installation of updates, so installing or scheduling software updates on your endpoints during non-operating hours is recommended.
TIP - Keep the software update information in Nebula accurate by running or scheduling an Inventory & Vulnerability scan. This will ensure that any third-party software updates you install from Nebula are the latest versions available. For more information, see Enable Patch Management in Nebula.
If the Vulnerability Assessment module identifies any vulnerabilities on the endpoint's applications, update them with Patch Management. Use the Investigate > Events page to confirm the software update applied successfully.
This article details the several methods to update software with Patch Management.
Scheduled software updates
Create a schedule to install third-party software updates regularly. This schedule installs all third-party software updates found when the schedule is run. Updating your software programs provides you with the latest features and covers any security holes or vulnerabilities. To create a schedule:
- On the left navigation menu, go to Configure > Schedules.
- Click New.
- Enter a schedule name and choose Software updates for Type.
- Optionally, specify which supported third-party applications to update or exclude from updating.
- Configure endpoint reboot settings with the options in the table below.
- On the Schedule groups tab, select target groups for the schedule.
- On the Schedule frequency tab, set the frequency, start date, and start time.
- Toggle on Run missed scans as soon as possible to allow the schedule to run if the endpoint was offline during the configured schedule time.
Note: To avoid unexpected updates after a powered-off endpoint comes online, toggle this setting off. - Click Save.
Reboot settings
| Setting | Description |
|
Don't reboot servers |
Prevent servers from rebooting after an application update. |
| Use existing reboot settings | Follow the policy reboot settings. |
| Override existing reboot settings | Override the policy and customize the reboot settings. |
Note: A user can postpone a reboot indefinitely unless the reboot delay time is reached. Subsequent popups will wait 1 minute for additional postponement; otherwise, the endpoint will reboot. If a user postpones a reboot, the Events screen shows an Audit event.
Patch Management page
Navigate to the Patch Management page to view available software updates across your environment. Use this page to manually apply patches to endpoints if they are outside of patch schedule time frames or if critical patches are required.
- On the left navigation menu, go to Manage > Patch Management.
- On the top-left, click Software Updates.
To install an update:
- Check the boxes for applications on endpoints you wish to update.
- Click Actions > Update Software.
- In the confirmation window, click Update.
After the software update is complete, the item is removed from the Patch Management page with the next scheduled Inventory & Vulnerability scan. You can also manually update the Patch Management page by issuing an Inventory & Vulnerability scan task from the Endpoints page.
Software Inventory page
On the left navigation menu, go to Monitor > Software Inventory to navigate to the Software Inventory page. This page provides an overview of all installed software across your environment and update them.
To install an update:
- Filter using the Update Available column to identify software with updates available.
- Check the boxes for applications on endpoints you wish to update.
- Click Actions > Update Software.
- In the confirmation window, click Update.
After the software update is finished, the update is removed from the Software Inventory page with the next scheduled Inventory & Vulnerability scan. You can also manually update the software inventory page by issuing an Inventory & Vulnerability scan task from the Endpoints page.
Software update information
View the following information for each available software update:
| Column | Description |
| Application | Name of the application requiring an update. |
| Application version | Application information of the installed version. |
| CVE count | Number of CVE's available to update. |
| Domain name | The corresponding domain of the endpoint. |
| Endpoint | Host name of the endpoint. |
| Group | The corresponding group of the endpoint. |
| Identified date | Date the available update was detected on the endpoint. |
| Installed date | Date the update was installed on the endpoint. |
| OS platform | Windows or macOS. |
| OS release name | The public release name of the operating system. |
| OS type | Workstation or server. |
| OS version | The operating system version. |
| Vendor | Vendor name of the software requiring a patch update. |
| Version available | Current software version available to install on the endpoint. |
Endpoints page
Individual endpoints have a details page which includes the Software tab. This tab displays all available software updates for installed applications on the selected endpoint. This tab is useful if a specific endpoint requires multiple software application updates and you want to patch a single machine.
To locate the Software tab:
- On the left navigation menu, click Manage > Endpoints.
- Click an endpoint name to view the endpoint's properties.
- Click Software, then filter with the Update available column.
To install an update:
- Select all or check specific boxes for applications on endpoints you wish to update.
- At the top-right of the Software tab, click Update Software.
- In the confirmation window, click Update.
Vulnerabilities page
On the Vulnerabilities page, use the Actions > Update Software button to update vulnerable 3rd-party applications. For more information, see Manage vulnerabilities in Nebula.
Return to Patch Management guide.