|
1. In this lab, you will automate the patching of web browsers. This will reduce organizational risk but with minimal impact. You are in the Prioritized Products section of Qualys Patch Management. Click on the Filters drop-down to continue. |
|
2. If required, you can choose to filter the list by vulnerability severity. For now, let's leave the filter on the default. Click on Chrome to continue. |
|
3. Click the checkbox next to Edge
|
|
4. Click the checkbox next to Firefox
|
|
5. You have selected to configure a patch job for all Cloud Agents and all vulnerability severities. These options can be changed later if required. Click the Actions button |
|
6. Click Create Job using Query
|
|
7. Click in the Title field
|
|
8. Type Zero Touch Patching Web Browsers and press Enter
|
|
9. Click Next
|
|
10. The asset selection is inherited from the Prioritized Products page. You can change the selection if desired or choose to exclude certain assets. Click the checkbox next to "Add Exclusion Asset Tags" |
|
11. Click the Plus icon on the right
|
|
12. Click All Tags
|
|
13. Click in the Search field
|
|
14. Type do not patch and press Enter
|
|
15. Click the checkbox to select the Asset Tag. |
|
16. Click Add Tag
|
|
17. You can later apply the DO NOT PATCH tag to any assets which need to be excluded from this job. Click Next |
|
18. Pre-Actions can be included if required. For example run a script or change a Registry key. In this example we will just configure to apply the patches. Click Next to continue. |
|
19. The patch selection has been inherited from Prioritized Products and is in the form of a query. This means that each time the job runs, the specific patches will be determined by each Cloud Agent. Click Next to continue. |
|
20. Post-Actions can also be chosen if required. Further information about Pre-Actions and Post-Actions can be found HERE. Click Next to continue. |
|
21. A "Zero Touch" patch job includes selecting the patches using a query, and also a recurring schedule. Click Schedule to continue |
|
22. Click the calendar icon next to Start Date
|
|
23. Click on Saturday, December 23rd, 2023
|
|
24. Now click on the Clock icon next to "Start Time"Â
|
|
25. Click PM
|
|
26. Click 11
|
|
27. Click 00
|
|
28. Click the Recurring Job checkbox
|
|
29. Click the drop-down next to "Daily"
|
|
30. Click Weekly
|
|
31. Click the checkbox next to Saturday (the final "S")
|
|
32. Note that by default, the scheduled time will occur using each Agent's local timezone. Click on the radio button next to "Set Duration" to set a maximum duration for this patch job. The job gets timed out if it does not start within this window.  |
|
33. Click your mouse in the "Patch Window" field, to select it.Â
|
|
34. Type 3 and press Enter
|
|
35. Click Next
|
|
36. The options include notifications to the end users. For this example, click on the toggle switch next to "Deployment in Progress".Â
|
|
37. You can change the text of the notifications as required. Click on the scrollbar on the right to scroll down the page. |
|
38. Click the toggle switch next to "Enable opportunistic patch download". This setting enables the Agent to download the patches before the scheduled time. |
|
39. We can allow users to minimize the job progress window if we wish. Click the toggle button next to "Minimize job progress window" |
|
40. Click Next
|
|
41. It's usually a good idea to select co-authors who can edit this job later, if the current author is unavailable. For this lab, click Next without selecting any co-authors. |
|
42. On the final summary screen, you can review, and also go back to change choices if desired, by clicking on the Edit hyperlinks. You have a choice of saving the job, or save and enable. For now, click Save |
|
43. The job has been created but is still disabled. That is, it will not run at the scheduled time. Click on the Filters drop-down |
|
44. Note that the display defaults to your own jobs only, and doesn't include jobs created by other users. This can be changed using the filters drop-down menu. Click anywhere to continue. |
|
45. Let's now enable this patch job. Click on the checkbox in the STATUS column. |
|
46. Click the Actions button
|
|
47. Click Enable
|
|
48. Click Enable
|
|
49. In this lab, you created a zero-touch patch deployment job using "Prioritized Products" to help you target certain applications. The job would continue to patch those web browser vulnerabilities according to its schedule. That's it, you're done! |
49 steps should take 5 minutes