CCS v10.0 Reporting and Analytics: Windows Patch Assessments - Best way to run?
(I'm coming from SecurityExpressions to Control Compliance Suite...FYI)
Within Reporting & Analytics (v10.0), I need to check all Windows servers Microsoft OS patches and service packs (any version of Win Server from 2000, 2003 Standard & Enterprise, 2008 Standard and Enterprise both 32 & 64-bit) and report on what is missing. I need to:
- Collect (Data Collection) the patch assessment information.
- Run an Evaluation based on a Standard.
- Run a report to show each server's % compliance.
- Run a report to show only the missing patches grouped by server name simply showing a missing patch(es) in row(s) under each server.
- Track ongoing progress of remediation from the initial findings - either through periodic reports or through dashboarding.
I successfully ran a Patch Assessment query in RMS to initially find all missing patches on each server. Great! Now, I need to get this into Reporting & Analytics. I have created numerous Data Collections based on various Patch Assessment standard checks trying to find the most efficient way to obtain and report on the missing patches but nothing is as fast or as simple as the RMS query (I'm finding this is the case on just about anything in R&A).
I'm betting that someone else has a great process they are using and would like to share? A while back, I thought I came across some How-To articles on the best way(s) to run Windows Patch Assessments but can't find anything now.
- First, is there a simple process in R&A to import the results of the RMS query for reporting? Or, do I really have to run a Data Collection, Evaluation, and Reporting (either all in one or separately)?
- Otherwise, how does anyone else run their Microsoft Windows Patch Assessment?
- Which Patch Assessment checks do you run?
- Did you create a separate custom standard for each version of Windows Server? Or did you create one standard for all versions?
- Do you run the patch assessment checks for all servers at once (let's say based on having 250 Windows servers in a single domain - I'll worry about other domains/DMZ/etc. later)? Or run checks by OS type/version?
- What report would be best just grouped by server name with it's missing patch info by MS bulletin and/or Q/KBname? Seems like I have ran all reports available and can't seem to find just a basic report.
I found the Standard that basically says it's the same as running the RMS Patch Assessment query. But, it doesn't report very well as everything all rolls up to pass or fail on "are all patches installed?" or "are all service packs and security patches installed?" rather than by the individual check.
I've spent the better part of the last two weeks just trying to do all of this in R&A and just takes so much time in getting everything set just right but still don't have a fairly automated way to run a Windows Patch Assessment.
Hope this finds you well and that you might have a few minutes to spare and share to help a fellow CCS Admin. :-)