PLA report
PLA chart allows you to identify and prioritize all important patches (Fixlets) that are required to protect the device from possible vulnerability BigFix environment.
This analysis shows the current state of your environment against several sample Protection Level Agreements (PLA).
- Content (i.e. the set of in-scope Patches for the given PLA)
- Endpoints (i.e. the set of in-scope endpoints against which to measure the PLA)
- Time (i.e. the target time frame within which the content should be addressed for the given Endpoints)
A typical PLA chart shows the timeline taken to patch the vulnerability in an environment.
The color on the bar represents the following:
-
Agreed PLA: The timeline defined to patch the vulnerabilities.
-
Within PLA: The green portion of the bar represents the number of vulnerabilities that are patched within the agreed PLA timeline.
-
Beyond PLA: The red portion of the bar represents the number of vulnerabilities that are yet to be patched. These vulnerabilities are way past the agreed PLA timeline and possess a greater risk to the devices.
Mouse over on the bar to see the patched vulnerabilities.
Select PLAs
Users have the ability to establish their own designated Patching Level Agreement (PLA) periods to effectively manage ongoing mitigation efforts tailored to their specific business requirements. By specifying an agreed time, users can easily monitor their progress towards achieving the pre-determined targets. The designated time frames can be modified by adjusting the provided sliders, with the minimum PLA target set at 1 day and the maximum at 180 days.
Filter Devices
To define the group of computers for PLA calculation, navigate to Select PLAs and click Filter Devices.
Add Patch Group
To create a custom Patch Group, navigate to Select PLAs and click on Add Patch Group. Provide a Patch Group Name, specify severity, category, release date and source of the patch. Save your changes.
The following table shows the mapping between the CyberFOCUS external content categories and Fixlet categories:
CyberFOCUS category | Fixlet category |
---|---|
BUG FIX |
Bug Fix Bug Fix Advisory Bug |
ENHANCEMENT |
Definition Update Definition Updates Feature Pack Hotfix Update Updates Product Enhancement Advisory ENHANCEMENT Recommended Optional Upgrade |
SERVICE PACK |
Rollup Service Pack Update Rollup |
SECURITY |
Critical Update Critical Updates Security Security Advisory Security Hotfix Security Setting Security Update Security Updates SECURITY Mandatory |
Severity Mapping
The following table shows the mapping between the CyberFOCUS Severity categories and Fixlet Severity Field categories:
CyberFOCUS Severity | Fixlet Severity Field |
---|---|
CRITICAL | Critical, Mandatory, High |
IMPORTANT | Important, Recommended |
MODERATE | Moderate, Medium |
LOW | Low, Optional, Negligible |
UNSPECIFIED | Unspecified, NA, and empty values |
Export data
To export PLA data click Export and select Export PLA (.pdf)
The Patch details pane provides additional information about the patch. For example, Java patches, critical server patches. This pane is dynamically updated based on the where you mouse over the PLA chart.
This pane shows if the PLA objective of a patch is met or not and overall information of the patch such as PLA definition, content scope, time scope and machine scope.
PLA Table
The PLA chart is represented in a tabular format and contains the following columns:
Category: Device category.
PLA-Title: Name of the patch.
Target: Number of days provide to address the vulnerability.
Actual: Number of days after the agreed PLA.
Variance: The difference between target and actual.
Content items: Number of Fixlets available in the patch, click on the number to see the list of Fixlets.
Machine scope: Number of devices applicable to patch type.