PLA report

PLA chart allows you to identify and prioritize all important patches (Fixlets) that are required to protect the device from possible vulnerability BigFix environment.

This analysis shows the current state of your environment against several sample Protection Level Agreements (PLA).

Each PLA definition contains following elements:
  • Content (i.e. the set of in-scope Patches for the given PLA)
  • Endpoints (i.e. the set of in-scope endpoints against which to measure the PLA)
  • Time (i.e. the target time frame within which the content should be addressed for the given Endpoints)

A typical PLA chart shows the timeline taken to patch the vulnerability in an environment.

The color on the bar represents the following:

  • Agreed PLA: The timeline defined to patch the vulnerabilities.

  • Within PLA: The green portion of the bar represents the number of vulnerabilities that are patched within the agreed PLA timeline.

  • Beyond PLA: The red portion of the bar represents the number of vulnerabilities that are yet to be patched. These vulnerabilities are way past the agreed PLA timeline and possess a greater risk to the devices.

Mouse over on the bar to see the patched vulnerabilities.

Select PLAs

Users have the ability to establish their own designated Patching Level Agreement (PLA) periods to effectively manage ongoing mitigation efforts tailored to their specific business requirements. By specifying an agreed time, users can easily monitor their progress towards achieving the pre-determined targets. The designated time frames can be modified by adjusting the provided sliders, with the minimum PLA target set at 1 day and the maximum at 180 days.

Filter Devices

To define the group of computers for PLA calculation, navigate to Select PLAs and click Filter Devices.

Add Patch Group

To create a custom Patch Group, navigate to Select PLAs and click on Add Patch Group. Provide a Patch Group Name, specify severity, category, release date and source of the patch. Save your changes.

Note: Administrator privileges in Web Reports are required to create custom PLAs.

CyberFOCUS Category

The following table shows the mapping between the CyberFOCUS external content categories and Fixlet categories:

CyberFOCUS category Fixlet category
BUG FIX

Bug Fix

Bug Fix Advisory

Bug

ENHANCEMENT

Definition Update

Definition Updates

Feature Pack

Hotfix

Update

Updates

Product Enhancement Advisory

ENHANCEMENT

Recommended

Optional

Upgrade

SERVICE PACK

Rollup

Service Pack

Update Rollup

SECURITY

Critical Update

Critical Updates

Security

Security Advisory

Security Hotfix

Security Setting

Security Update

Security Updates

SECURITY

Mandatory

Severity Mapping

The following table shows the mapping between the CyberFOCUS Severity categories and Fixlet Severity Field categories:

Table 1.
CyberFOCUS Severity Fixlet Severity Field
CRITICAL Critical, Mandatory, High
IMPORTANT Important, Recommended
MODERATE Moderate, Medium
LOW Low, Optional, Negligible
UNSPECIFIED Unspecified, NA, and empty values

Export data

To export PLA data click Export and select Export PLA (.pdf)

Patch Details Pane

The Patch details pane provides additional information about the patch. For example, Java patches, critical server patches. This pane is dynamically updated based on the where you mouse over the PLA chart.

This pane shows if the PLA objective of a patch is met or not and overall information of the patch such as PLA definition, content scope, time scope and machine scope.

PLA Table

The PLA chart is represented in a tabular format and contains the following columns:

Category: Device category.

PLA-Title: Name of the patch.

Target: Number of days provide to address the vulnerability.

Actual: Number of days after the agreed PLA.

Variance: The difference between target and actual.

Content items: Number of Fixlets available in the patch, click on the number to see the list of Fixlets.

Machine scope: Number of devices applicable to patch type.

See also