In OneView, you can use the Vulnerability and Patch Management module to install updates on software applications such as Adobe Acrobat, Mozilla Firefox and Zoom. Software applications are updated frequently to resolve critical bugs or patch exploits, so it is important to keep scanning your endpoint's software for available updates.
TIP - Keep the software update information in OneView accurate by running or scheduling an Inventory & Vulnerability scan. This will ensure that any third-party software updates you install from OneView are the latest versions available. For more information, see Enable Vulnerability and Patch Management in OneView.
This article details the several methods to update software with Vulnerability and Patch Management.
Scheduled software updates
A scheduled software update is configured in your OneView console and automatically schedules updates to an outdated software application on an endpoint. Schedules apply to all endpoints in the selected groups when run.
To create a schedule:
- On the left navigation menu, click Configure > Schedules.
- In the upper-right, click Add schedule .
- Enter a schedule name and choose Install Software Updates for Type.
- Optionally, specify which supported third-party applications to update or exclude from updating.
- Configure endpoint reboot settings with the options in the table below.
- In the Schedule groups tab, choose Global (All sites) or select a site.
- Select available groups from the selected sites to scan.
- On the Schedule frequency tab, set the frequency, start date, and start time.
- Toggle on Run missed scans as soon as possible to allow the schedule to run if the endpoint was offline during the configured schedule time.
- Click Save.
Reboot settings
Setting | Description |
Don't reboot servers |
Prevent servers from rebooting after a software update. |
Use existing reboot settings | Follow the policy's reboot settings. |
Override existing reboot settings | Override the policy reboot settings and customize the following settings: |
Message to display when a reboot is required | The message displayed to users if a software update requires a reboot. |
Reboot automatically after | The time before the endpoint automatically reboots. |
Allow end user to postpone reboot |
Allows the end user to postpone the reboot for 10, 30, or 60 minutes. |
Note: A user can postpone a reboot indefinitely unless the reboot delay time is reached. Subsequent popups will wait 1 minute for additional postponement otherwise the endpoint will reboot. If a user postpones a reboot, the Events screen shows an Audit event.
Patch Management page
Navigate to the Patch Management page to view available software updates across your managed sites and endpoints. Use this page to manually apply patches to endpoints if they are outside of patch schedule time frames or if critical patches are required.
- On the left navigation menu, click Manage > Patch Management.
- On the Software Update tab, select all or check specific boxes for software patches you want to install.
- In the top right corner, click Update Software.
- In the confirmation window, click Update.
After the software update is complete, the item is removed from the Patch Management page with the next scheduled Inventory & Vulnerability scan. You can also manually update the Patch Management page by issuing an Inventory & Vulnerability scan task from the Endpoints page.
Software update information
View the following information for each available software update:
Column | Description |
Application | Name of the application requiring an update. |
Application version | Application information of the installed version. |
CVE count | Number of CVE's available to update. |
Domain name | The corresponding domain of the endpoint. |
Endpoint | Host name of the endpoint. |
Group | The corresponding group of the endpoint. |
Identified date | Date the available update was detected on the endpoint. |
Installed date | Date the update was installed on the endpoint. |
OS platform | Windows or macOS. |
OS release name | The public release name of the operating system. |
OS type | Workstation or server. |
OS version | The operating system version. |
Sites | Site name assigned to the endpoint with the available update. |
Vendor | Vendor name of the software requiring a patch update. |
Version available | Current software version available to install on the endpoint. |
Filter available updates
The Patch Management table helps you manage the available information pulled from your endpoints. Use filters within this table to sort your patching information into specified results.
Customize data in the results list in the following ways:
- Reset filters: In the upper-right corner of the page, click Reset filters to go back to the default filter settings.
- Add / Remove Columns: In the top-right of the table, click Add / Remove Columns to customize the table columns.
- Column pinning and auto-sizing: Next to a column header, click the filter button to display a checkbox list of different sub-filters you can apply. Click the filter tab to pin or auto size for the selected column.
- Right-click menu: In the table, click and drag to select and highlight a section of the table. Right-click on your selected information to copy or export a .csv or a .xlsx file.
Export data
Download all update and patching information to your local machine for auditing purposes or external reporting.
- Select all or check specific boxes for the rows you want to export.
- At the top-right of the Software Inventory page, click the ellipsis icon .
- Click Download .csv or Download .xlsx to export your data.
Software Inventory page
The Software Inventory page provides an overview of all installed software across your environment. Use this page to filter through installed software for sites and endpoints to identify applications requiring updates.
To install an update:
- Filter using the Update available column to identify software with updates available.
- Select all or check specific boxes for applications on endpoints you wish to update.
- At the top-right of the Software Inventory page, click Update Software.
- In the confirmation window, click Update.
Endpoints page
Individual endpoints have a details page which includes the Software tab. This tab displays all available software updates for installed applications on the selected endpoint. This tab is useful if a specific endpoint requires multiple software application updates and you want to patch a single machine.
To locate the Software tab:
- On the left navigation menu, click Manage > Endpoints.
- Click an endpoint name to view the endpoint's properties.
- Click Software, then filter with the Update available column.
To install an update:
- Select all or check specific boxes for applications on endpoints you wish to update.
- At the top-right of the Software tab, click Update Software.
- In the confirmation window, click Update.
Vulnerabilities page
On the Vulnerabilities page, select a CVE and click Update Software to update vulnerable 3rd-party applications. For more information, see Manage vulnerabilities in OneView.
Return to Vulnerability and Patch Management.