Discover / Report missing patch installations

Version 2
    Share This:

    Dear community,


    Whoever is going to start using patch management or to integrate a patch management process normally wants to start by discover or report the missing patch installations to create a baseline of information. By this it is possible to prioritize and schedule different tasks. There are some great report templates which will mainly use the data from a patch group (or multiple patch groups) or of course the patch jobs. So to use them you have to create and assign a patch group or patch job.


    There are of course different options to discover / report missing patch installations. As an example the group inventory could be used to gather this informations or export them. Based on the different projects about patch management over the couple of years I came down to one specific report layout / configuration which worked for the most situations and was easily configurable within the product.


    The report is based on 5 sub reports. Subreport 1-4 are used for graphics.


    Sub report1 - Missing Windows Server patches:

    Just an fast information how many patch installations are missing for the product family "Windows Server" and if they are "Critical", "Important" etc..


    Sub report 2 - Missing patches by severity:

    Complete overview over all missing patch installation by severity


    Sub report 3 - Missing critical patches by server

    Will just give you a quick view of the devices which have missing critical patches of the product family "windows server".


    Sub report 4 - Missing patches by product family

    Used to identify the product which has the most missing patch installations.


    While the sub report 1 und 3 mainly focus on servers sub report 2 and 4 use all data from the patch inventory



    If the report is assigned to a device group without servers be aware that sub report 1 and 3 will not be shown.


    Finally the last sub report will used for listing the devices and a count of the missing patches for specific product families.


    The sub report will only show the following product families:

    - .Net Framework

    - Adobe

    - Flash

    - IIS

    - Internet Explorer

    - Microsoft Exchange

    - Microsoft Office

    - Microsoft Silverlight

    - Sharepoint

    - SQL Server

    - Sun Java

    - Windows 10

    - Windows 8.1 (imho includes Windows 8)

    - Windows 7

    - Windows Server


    This filter could be adjusted in the query which is used by sub report 5.


    I needed to remove the server names for the screenshot:




    This report may does not perfectly fit to your needs but you can easily change the e.g. criterias of queries. If the report is not assigned to any device group it will use all devices patch inventory. However you also could just assign one or multiple device groups to the report to have a more detailed view of specific devices. E.g. if you want to start of the server or clients of the HQ.


    Full Screenshot with all sub reports and some more data:




    Please feel free to download the attached XML file and import the report and the needed queries to your BCM infrastructure. Please consider to clean up your lost & found before importing the XML file. The import will create 4 queries and one report in your lost & found. The query names will start with "Report -" and the report name starts with "Dashboard -".


    How-To import objects: How to export and import objects in the console


    The report should be working with BCM 12.1 and 12.5. Tested and exported from BCM 12.5







    ADDED: Report - Product Family Windows Server Severity.xml - requested by Adam Lederhos