Category filter
Dashboard view of Patch Management metrics in Hexnode
The Patches and Updates dashboard in Hexnode provides IT administrators with key patch management metrics that help measure the progress of patch management in your organization. It brings together necessary insights on how various patches/updates exist on the devices of your company network, enabling a quick overview of missing updates, vulnerable devices, and much more. This visibility allows for proactive management of critical security patches and software updates. By using these metrics, IT teams can stay ahead of potential threats, ensure regulatory compliance, and maintain the overall security of their IT environment.
Metrics displayed on the dashboard
To get an overview of all the details related to patches and updates in Hexnode, follow these steps:
- Log in to your Hexnode UEM portal.
- Navigate to the Patches and Updates tab.
- By default, you will be taken to the Dashboard. If not, click on the Dashboard section to view all the details.
The Patches and Updates dashboard displays all of the details mentioned below.
Patch status overview
In this section, there are five types of patch statuses:
- Applicable Updates Awaiting Approval: This section lists the number of updates applicable on the targeted devices and are yet to be approved by the administrator. These updates may include security patches, system updates, or application fixes. Administrators can review these updates and approve them from the Available Patches tab based on organizational policies to ensure timely deployment.
- Devices Missing Updates: This metric represents the number of devices that have at least one available update that has not been installed. These updates may include essential security patches, bug fixes, or feature improvements that have not yet been installed. Devices missing updates are vulnerable to cyberattacks, so administrators need to prioritize these updates and ensure timely installation.
- Devices Pending Reboot: Certain updates require a system reboot to be fully applied. This section lists the number of devices that need a restart to complete the installation of pending updates. Rebooting devices ensures that security patches and updates take effect.
- Fully Patched Devices: This section represents the total number of devices that have all available updates installed and do not have any pending patches.
- Applicable Critical Updates: Critical updates address high-priority security vulnerabilities and significant system performance issues. This section shows the number of critical updates that are applicable for the installation.
Missing Updates by Product
This section categorizes missing updates by product, providing administrators with a clear breakdown of which applications or operating systems require updates. The count represents the number of updates that are available for installation and have not yet been installed on at least one targeted device. For example, a value of 5 for ‘Windows OS’ under ‘Missing Updates by Product’ means there are 5 pending updates not yet installed on at least one targeted device.
Missing Updates by Severity
This section categorizes missing updates based on their impact, helping administrators prioritize patches effectively. Updates are classified into four severity levels Critical, Important, Moderate, and Low based on vendor-defined ratings from Microsoft, Apple, or third-party vendors in the case of applications. Updates are classified into four severity levels: Critical, Important, Moderate, and Low. The count represents the number of patches available for installation on at least one affected device in each severity category. Updates are arranged in descending order of severity, with Critical updates at the top of the list, followed by others.
Activity Feed
This section logs all actions related to Patches and Updates, including update approvals, revocations, newly detected updates, and initiated patch deployments. It offers administrators a real-time overview of these activities, giving them visibility into what has been done and enabling them to track progress.
Vulnerabilities by Device
This section highlights devices with the highest number of critical updates pending installation, which address significant security vulnerabilities, system bugs, or other high-risk issues affecting device functionality. Critical updates are those that address significant security vulnerabilities, system bugs, or other issues with high risk to device functionality. Each device is listed along with the number of available updates, prioritized by severity. Critical updates are shown first, followed by important, moderate, and low-severity updates.
Vulnerabilities by Severity
Vulnerabilities are security weaknesses that can be exploited if left unpatched. The severity is classified based on their potential impact, such as critical, important, moderate, or low. This section provides a breakdown of vulnerabilities along with the available updates to address them. Critical vulnerabilities pose the highest risk and should be patched immediately. Understanding severity levels helps IT administrators prioritize updates, reduce security risks, and strengthen overall system protection.
Vulnerabilities by Patching Status
This section displays the patching status of detected vulnerabilities, helping to track the progress of patch installations.
- Installable: The number of vulnerabilities that can be addressed with available patches but have not yet been installed.
- Idle: The update is in an inactive state, possibly waiting for installation or download on the device, which could be affected by factors like network connectivity or others.
- Downloading: The number of vulnerabilities where patches are being downloaded.
- Downloaded: The number of vulnerabilities for which patches have been downloaded but not yet applied.
- Installing: The number of vulnerabilities where patches are being installed.
- Waiting for Reboot: The number of vulnerabilities awaiting a system reboot for the patches to be fully applied.
- Installed: The number of vulnerabilities that have been resolved through patch installation.
Vulnerabilities by CVE
This section highlights the top 7 CVEs (Common Vulnerabilities and Exposures) based on severity, offering a focused view of the most critical vulnerabilities that need to be addressed. By prioritizing CVEs with higher severity levels, organizations can allocate resources efficiently to mitigate the most pressing risks.