Qualys Patch Management

Patch Management Training Documents

§ Patch Management Lab Tutorial Supplement

§ Patch Management Slides for Lab Tutorials

§ Download these from qualys.com/learning

2 Qualys, Inc. Corporate Presentation

 Play Lab Tutorials

3 Qualys, Inc. Corporate Presentation

 Agenda

§ Introduction to Qualys Patch Management (PM)

§ PM Activation & Setup
§ PM Application Overview
§ PM Deployment Job
• Patching from VM and VMDR (Prioritization Report)
§ PM Uninstall Job
§ PM Assets
§ Patch Catalog

4 Qualys, Inc. Corporate Presentation

 Introduction

5 Qualys, Inc. Corporate Presentation

 Qualys VMDR Lifecycle

Asset Vulnerability &

Inventory Config Assessment

VMDR®
Patch Threat Risk and
Management Prioritization
 OS Platform Support

§ XP SP3+ § Red Hat Enterprise Linux § OS X 10.10

§ Vista § CentOS Yosemite
§ Windows 7 § SUSE Linux § OS X 10.11
§ Windows 8/8.1 § Oracle Enterprise Linux El Capitan
§ Windows 10 § Ubuntu § macOS 10.12
§ Server 2003 SP2+ Sierra
§ Server 2008/R2 § macOS 10.13
§ Server 2012/R2 High Sierra
§ Server 2016 § macOS 10.14
§ Server 2019 Mojave
§ macOS 10.15
Catalina

7
Patch Sources

OS and Application Patches come from:

§ Vendor Global CDNs (e.g., Oracle, Adobe, Microsoft, Apache, Google, etc...)
• Qualys uses both digital signatures and hash values to validate downloaded patches, which
are validated again, via Qualys Malware Insights.

§ Local repository (i.e., Qualys Gateway Server)

• Patch downloads requested by one agent, are cached on QGS and made available “locally”
for other agents that need the same patch.

• QGS also provides a cache for manifests and agent binaries.

8
Patch Management Features & Benefits

§ Automatically correlates discovered vulnerabilities with their required

patches.
§ Leverage your existing Qualys Agents to deploy and uninstall patches.
§ Provides OS and Application patches, including patches from third-party
software vendors (e.g., Adobe, Java, Google, Mozilla, Microsoft, etc...)
§ Provides patching just about anywhere an Internet connection is
available (e.g., airports, coffee shops, remote offices, etc...).
§ Qualys Agents determine which patches are missing or required and
can identify superseded patches.
§ Build patch jobs that target specific vulnerabilities, severity levels, and
9
known threats.
 Activation & Setup

10 Qualys, Inc. Corporate Presentation

Qualys PM Workflow

1. Install Cloud Agent on target host.

2. Assign target agent host to a CA Configuration Profile that has PM
enabled.
3. Activate PM module on target agent host.
4. Assign target agent host to an enabled PM Assessment Profile.
5. Assign hosts to PM Jobs (configure license consumption).
6. Deactivate PM module
 Lab Tutorial 1

PM Activation & Setup, pg. 3

10 min.

12 Qualys, Inc. Corporate Presentation

PM Workflow Diagram

Assign Target Host Configuration

to CA Config. Settings
Profile with PM Downloaded to § BEST PRACTICE:
enabled Target Host Add a ”static” tag to
the agent Activation
Key, in step 1.
Install Qualys Activate PM Deactivate PM
Cloud Agent on Module on Target Module on Target
Target Host Agent Host Agent Host

Host Patch
Assign Target Host Assign Hosts to PM
Assessments
to an enabled PM Jobs (activate
Performed at
Assessment Profile license)
Regular Intervals
CA Configuration Profile

§ Assign target hosts to

CA Configuration
Profile that has PM
enabled.
§ Set “Cache size” to at
least 2048 MB, to
accommodate
Windows Updates.
Activate PM Module for Target Host

• Select the PM
module in the Agent
Activation Key,
before and after
agent deployment.

OR
• Use the “Quick Actions” menu to
activate PM for any agent host or
use the Qualys Cloud Agent API.
 Patch Assessment Profile

• Specifies frequency of patch assessment scans, which assess agent host

assets for missing and/or installed patches.

16 Qualys, Inc. Corporate Presentation

 Application Overview

17 Qualys, Inc. Corporate Presentation

Patch Management UI

• CONFIGURATION – Configure the frequency in which patch assessments

are performed and allocate patching licenses.
• JOBS – Deploy and/or uninstall specific patches for targeted groups of
host assets using one or more PM Jobs.
• ASSETS – List of agent host assets the PM module activated.
• PATCHES – Catalog containing application and OS patches.
• DASHBOARD – Contains “widgets” that monitor important patch statistics.
 Configuration: Assessment Profile

• If you do not create one or more Assessment Profiles, the System Profile will be
used (by default).
• Assessment scans identify the missing and installed patches for an agent host.

19 Qualys, Inc. Corporate Presentation

 Configuration: License Consumption

• Use Asset Tags to specify which agent host assets are eligible for patching.
• Use the “Exclusion” check box to restrict patching on targeted assets.

20 Qualys, Inc. Corporate Presentation

 Deployment Job

21 Qualys, Inc. Corporate Presentation

 Patch Jobs

1. This section will focus on the steps to deploy patches (PM, VM, VMDR).
2. After examining different patch deployment options, we’ll turn our focus on
uninstalling patches.

22 Qualys, Inc. Corporate Presentation

 Lab Tutorial 2

PM Deployment Job, pg. 5

10 min.

23 Qualys, Inc. Corporate Presentation

 Targeted Assets

• Add assets to a Deployment Job by Asset Name or Asset Tag.

24 Qualys, Inc. Corporate Presentation

 Targeted Patches

• Build more efficient patch jobs by focusing on patches that have

not been superseded.

25 Qualys, Inc. Corporate Presentation

 “Within Scope” Patch

• “Within Scope” only includes patches needed by your

targeted host assets.

26 Qualys, Inc. Corporate Presentation

 Schedule Deployment

• Run jobs ”on demand” or schedule them to run at regular frequencies.

27 Qualys, Inc. Corporate Presentation

 Opportunistic Patch Download

• You can “Enable opportunistic patch download,” to allow agents to

download required patches prior to the start of a scheduled job.

28 Qualys, Inc. Corporate Presentation

 Patch Window

• A job will display the “Timed out” status, if the patch installation does not
start within a specified patch window.
• Select the “None” option to give patch jobs an unlimited amount of time.

29 Qualys, Inc. Corporate Presentation

 Communication Options

• Choose the type of “Deployment and Reboot Communication

Options” for each Deployment Job.
30 Qualys, Inc. Corporate Presentation
 Host “Pop-Up” Messages

• “Pre-Deployment
and “Reboot
Request
messages can
be configured
with deferment
options.

31 Qualys, Inc. Corporate Presentation

 PM Processes & Executables

• When patching is active on a

Windows host, patching
messages and notifications
are managed by the “Qualys
Cloud Agent UI” process
(QualysAgentUI.exe)
• ‘stdeploy.exe’ is the name of
the patching executable.

32 Qualys, Inc. Corporate Presentation

 Job Status

View Job Status:

• Enabled – Job is presently active.
• Disabled – Job is presently inactive.
• Completed – Job has completed.

33 Qualys, Inc. Corporate Presentation

 View Job Progress

34 Qualys, Inc. Corporate Presentation

 Update Existing Jobs?

• Scheduled (Recurring): Disabled and Enabled

• Scheduled (Run Once): Disabled Only
• On Demand: Disabled Only

35 Qualys, Inc. Corporate Presentation

 Session Break

30 min.

36 Qualys, Inc. Corporate Presentation

Patching from VM and VMDR
 Vulnerabilities Section

§ Both VM and VMDR support patching from the VULNERABILITIES

section.

38 Qualys, Inc. Corporate Presentation

 Lab Tutorial 3

VM & VMDR Vulnerabilities, pg. 10

10 min.

39 Qualys, Inc. Corporate Presentation

 Patchable Vulnerabilities

1. Vulnerability must be addressed in the Qualys Patch Catalog.

2. Cloud Agent must be installed on the vulnerable host.
3. Patch Management module must be activated for agent host.

40 Qualys, Inc. Corporate Presentation

VMDR Prioritization Report
 VMDR Prioritization Report

• Add threat intelligence, asset context and other priority dynamics to the
vulnerabilities of targeted assets.
42 Qualys, Inc. Corporate Presentation
 Lab Tutorial 4

VMDR Prioritization Report, pg. 11

10 min.

43 Qualys, Inc. Corporate Presentation

 Asset Tags Add Context

• Select Asset Tags that help to distinguish the “context” of your assets.

44 Qualys, Inc. Corporate Presentation

 Priority Options

• Prioritize discovered vulnerabilities by Age, RTIs, and Attack Surface.

45 Qualys, Inc. Corporate Presentation

 Available Patches

• Add prioritized
patches to a new or
existing job.

46 Qualys, Inc. Corporate Presentation

 Uninstall Job

47 Qualys, Inc. Corporate Presentation

 Patch Jobs

§ Uninstall jobs are created exclusively in the Patch Management

application.
§ The workflow for creating uninstall jobs is very similar to deployment
jobs.

48 Qualys, Inc. Corporate Presentation

 Lab Tutorial 5

Uninstall Job, pg. 13

10 min.

49 Qualys, Inc. Corporate Presentation

 Uninstall or “Rollback” Patches

• Only “rollback”
patches are
displayed when
creating an uninstall
job.
• Not all patches can
be uninstalled.

50 Qualys, Inc. Corporate Presentation

 Assets

51 Qualys, Inc. Corporate Presentation

 PM Assets

• Displays host assets with the PM module activated.

• A successful assessment scan will also display the number of
MISSING and INSTALLED patches.

52 Qualys, Inc. Corporate Presentation

 Lab Tutorial 6

Assets, pg. 14

10 min.

53 Qualys, Inc. Corporate Presentation

 Quick Actions

• Use the “Quick Actions menu to view asset details, add assets to an
existing job, or add assets to a new job.

54 Qualys, Inc. Corporate Presentation

 Add Assets to Existing Jobs

• Additional assets can be

added to any deployment
job, before it is enabled
• Additional assets can be
added to a “recurring” job,
both before and after it is
enabled.

55 Qualys, Inc. Corporate Presentation

 Patches

56 Qualys, Inc. Corporate Presentation

 Patches

• The Patch Catalog contains tens of thousands of OS and application

patches.
• Presently, you can add up to 2000 patches to a single job.

57 Qualys, Inc. Corporate Presentation

 Lab Tutorial 7

Patches, pg. 16

10 min.

58 Qualys, Inc. Corporate Presentation

 Catalog’s Default Display Filters

• The default filters in the

Patch Catalog, display
patches that are missing
from the assets in your
account and only the latest
patches (non-superseded).

59 Qualys, Inc. Corporate Presentation

 Linux Patches

§ Default filters are NOT applied when viewing Linux patches.

60 Qualys, Inc. Corporate Presentation
 Acquire From Vendor

• Patches identified with the “key-shaped” icon, cannot be downloaded by

Qualys’ Cloud Agent.
61 Qualys, Inc. Corporate Presentation
 Uninstall or “Rollback” Patches

isRollback:true /* patches that can be uninstalled */

62 Qualys, Inc. Corporate Presentation

 Add Patches to Existing Jobs

• Additional patches can be

added to any deployment job,
before it is enabled
• Additional patches can be
added to a “recurring” job,
both before and after it is
enabled.

63 Qualys, Inc. Corporate Presentation

 PM Certification Exam

Participants in this training course have the option to take the PM Certification
Exam:
§ 30 multiple choice questions.
§ Answer 75% of the questions correctly to receive a passing score.
§ Candidates will receive 5 attempts to pass the exam.
§ You may use the PM presentation slides and lab tutorial supplement to help you
answer the exam questions.
§ You may also use the “Help” menu (in the Qualys UI) to answer exam questions.

64 Qualys, Inc. Corporate Presentation

 Thank You

training@qualys.com

65 Qualys, Inc. Corporate Presentation