How Patch Analysis Works

The patch report identifies the patches available for current vulnerabilities on selected hosts based on a patch template selected by the user at run time. These are the vulnerabilities detected by the most recent scan of each selected host. We'll explain how patch analysis works.

 

Patch analysis steps

 

1) Collect information for detected vulnerabilities

We first collect information about vulnerability QIDs detected on the target hosts, and apply QID filtering based on these settings in the patch report template:

- Selective Vulnerability Reporting

- Timeframe Selection

 

2) Identify which vulnerabilities have patches

We use the KnowledgeBase to determine which detected vulnerabilities have patches available. Only QIDs with known patches are considered, and the rest are discarded.

 

3) Determine recommended patches for each vulnerability

We use the KnowledgeBase to determine the relationship between the patchable QIDs (vulnerabilities with available patches). The relationship is very simple: either the QID is associated with the latest patch available for that issue, or a newer patch associated with a separate QID is available for that issue.

 

4) Apply patch QID filtering, if any

We'll apply patch QID filtering based on the "Selective Patch Reporting" setting in the Filter section of the patch report template. Only the newest patch that is not filtered out is listed as a patch in the report.

 

5) Assign a severity to each patch

We'll assign a severity to each patch in the report. The severity may be based on the recommended patch to fix the vulnerability (the default) or the highest severity across all detected vulnerabilities that may be fixed by the patch. Users determine which patch severity to display in the Display section of the patch report template.