question

GeorgeChristianis-0199 avatar image
0 Votes"
GeorgeChristianis-0199 asked AlexZhu-MSFT edited

Monitor if server deployed their security patches

We would like to know which servers have not gotten patched in the last 60 days,

Can we do this with:

1) The SCCM MP?
2) Monitoring a specific Event ID
3) Monitoring a log file such as https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/log-files#BKMK_SU_NAPLog or https://info.adaptivedge.com/blog/understanding-sccm-sup-process
4) Having access to the Software Updates - Compliance report in SCCM

Thanks

msc-operations-managermem-cm-updates
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexZhu-MSFT avatar image
0 Votes"
AlexZhu-MSFT answered AlexZhu-MSFT edited

Hi,

We can use powershell script based monitor, to achieve our goal.

  $api = New-Object -comObject "MOM.ScriptAPI" 
  $PropertyBag = $api.CreatePropertyBag()
        
  $LastPatchDate = Get-HotFix | Sort-Object InstalledOn | Select-Object -Last 1 | Select -Expandproperty InstalledOn
  $rv = ((Get-Date) - $LastPatchDate).TotalDays
        
  $PropertyBag.AddValue("Days",$rv)
  $PropertyBag

Here's some screenshots from my lab test.

script
137335-scom-script-based-monitor-07.png

criteria (we may set it to 60 in our situation)
137356-scom-script-based-monitor-08.png

alert generated due to servers not patched more than 400 days
137382-scom-script-based-monitor-12-alert.png

and I've confirmed that value "255.xxx" and "328.xxx" did not generate the alert since the criteria is set to 400 or higher (in our situation, we can set the criteria to 60).
137391-scom-script-based-monitor-13-verification.png



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JaiVerma-7010 avatar image
1 Vote"
JaiVerma-7010 answered

I know Compliance report in SCCM should provide you this information.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GeorgeChristianis-0199 avatar image
0 Votes"
GeorgeChristianis-0199 answered

Hi JaiVerma-7010 thanks for your reply.

But can I generate an alert from the Compliance report? Event better send it to SCOM?

Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered AllenLiu-MSFT commented

Hi, @GeorgeChristianis-0199
Thank you for posting in Microsoft Q&A forum.

Here is an article that you can enable SCCM email notification on reports:
https://systemcenterdudes.com/configure-sccm-email-notifications-on-alerts-and-reports/
(Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.)


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

There is no update for a couple of days. May we know the current status of the problem? Is there any other assistance we can provide?

0 Votes 0 ·
GeorgeChristianis-0199 avatar image
0 Votes"
GeorgeChristianis-0199 answered

Thank you AllenLiu-MSFT for your response.

Ideally I would like to find a way to get these alerts into our SCOM console.
Since we would like to have all alerts in one central place.
People don't always look at their emails.

Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.