Welcome to the {CWoC} Patch Trending SiteBuilder download.
Content:
Features
The Patch Trending site builder generates static web-site to visualize Patch Compliance Trending Data stored on a Symantec_CMDB database. It has the the following attributes:
- A landing page showing:
- global compliance graphs
- a bulletin search function
- link to custom compliance views
- a dynamic page (html + javascript) to quickly access compliance per bulletin
- static pages to show updates details per bulletins
- Custom compliance view, which is a set fully custom pages to show groups of bulletins graphs
- Troubleshooting pages listing "bottom-10-compliance" by bulletin and "top-10-vulnerable" bulletins
Top
Prerequisites
A mechanism to do Patch trending data collection is required, as the tool only tries to get data from a table named "TREND_WindowsCompliance_ByUpdate". Such mechanism already exist on Symantec Connect: Adding Patch Compliance Trending Capacity to SMP is as Simple as Running a Report Daily :D
Top
Usage
We have kept the tool to the simplest possible usage: it accepts 1 command line argument <site-layout-path> and if the argument is not provided we will try to load the filesite-layout.txt from the working directory.
So here is the complete list of valid invocations:
sitebuilder sitebuilder <site-layout-filepath>
The site layout file format use comma separated value (with or without spaces) with the first entry being the page name and following entries being bulletins to be added on the page. If the bulletin name is invalid no page will be generated.
A sample site-layout page is attached.
Top
Patch Trending Samples
If you want to skip the talking and go straight to the sample, click here :D.
This sample depict a perfect set of curves for an hypothetical release of MS13-058. The bulletin was released by Microsoft in July 2013 and was activated on Patch Management on the 13th. The Applicable curve is a little slow compared to what we normally see in large production environment (the Patch Assessment Scan returns information for most of the managed estate (75%) with 3~4 days). But ideally, with most of the estate operational (i.e. not off like during the Summer holidays) the Patch Compliance level should reach the 75% quickly and then 85~90% before flattening out a little for the last 5~9% to install the update(s).
And yes, this implies that 95-99% compliance is the desired goal for Windows updates. Remains to ascertain in your environment what the standard pattern to get there really is.
Note that you are more than welcome to submit sample data to be included in this site. This would allow us to spotlight standard trends and how well the software performance (Patch Management Solution) in certain environments. If you want to submit data, please send a direct message to ludovic_ferre on Symantec Connect or email me (@symantec.com).
Note! The below sample is an image - but follow the image link to access the tool mini-site with live graphs (using the google API and Javascript):
Top
Release Notes
Release 0.6.6c
Fixed a problem with Internet Explorer support. The pages now render properly for IE 8.0 and above. It may work with IE 7 but was not tested yet.
Release 0.6.6b
Switched the compliance data to be computed from the installed versus applicable datasets, thus reducing the amount of SQL queries executed by half.
Release 0.6.6
Introduced vulnerable count on the Installed vers Applicable graphs. This gives us 3 lines (curves) that are easy to comprehend as you can see from the sample above.
Release 0.6.5b
Corrected some performance issues from the previous build and added instrumentation. The site builder now logs entry in the Altiris Logs and will indicate the count of html and js pages generated as well as the count of SQL queries it ran. During the performance issue troubleshooting we considered using a single Databasecontext entry but this was a wrong lead. The problem was database performance as the use of code based stop watch indicated. This was fixed by a non-clustered index on the table to keep track of data by updates.
Release 0.6.5
Refactored the graph per update generation. Added the link to the bulletin update page on the bulletin view and on the various aggregate pages.
Release 0.6.4
Introduced the Updates per bulletin pages. This pages are crafted for all the bulletins found in the trending table, and each page is named after the bulletin (escaped by replacing dot and hyphens with underscore.
Release 0.6.3
Introduced the global compliance graphs on the landing page. This makes the first look at the site very powerful, as we get compliance levels for the entire estate.
There were no prior release (or production use) of the tool.