Creating a Patching Strategy

A Patching Strategy template contains specific fields that you can configure to make a unique Patching Strategy for your environment. Tenable Patch Management recommends opening an existing strategy that contains most of the configuration items you want, and then saving it with a new name and description. The configuration options are the same whether you create a new strategy or modify an existing strategy.

Open and Save a Patching Strategy Template

  1. Follow the instructions in Create a New Folder for Objects.

  2. Hover over or click Strategy in the left navigation menu of the Patch Management Dashboard, and then select Patching Strategies.

  3. Select UUID-178ca401-e136-bac3-df76-07c06251ece8.pngPatching Strategies, and then select Show All to see all available Patching Strategies.

    UUID-93789088-0e8f-5bb3-911a-8d27347d3cfd.png

    For descriptions of each template type, see Patching Strategy Templates.

  4. Select the Name of a strategy to open it.

  5. Select More in the upper left corner of the template, and then select Save As:

    1. Enter a unique name that reflects what the strategy does conceptually. For example, ITS Immediate Daily Product Patching.

    2. Select Save as on the bottom left corner of the dialog. This opens your strategy template with all the default entries for the built-in strategy, including a detailed description.

    3. Enter a detailed Description of your new template or keep the existing detail, and then click Save on the upper-left corner of the dialog.

Tip: Remember to click Save on the upper left corner to save your progress as you make changes. After completing the Patching Strategy configuration, you must save and enable the completed strategy to make it available for use.

Managing Software Product Selections

In Tenable Patch Management, configuration options provide several opportunities to select or exclude software products for a patching strategy. Options include include making product sections when creating a strategy, exempting products from business units, and more.

For more information about the products available with Tenable Patch Management, see Software Products.

Include All Software Products

  1. Scroll to the Products workspace in an open Patching Strategy template. The image below shows the default settings.

    UUID-7a8dda35-6065-d239-2a71-d7a1a5c07f21.png

  2. Select the Include All Products toggle to enable it.

    The following image shows the default settings and options when you select Include All Products.

    UUID-c94dc15d-eac3-1c1a-3d9c-c8460e87684e.png

  3. Select Save on the upper left corner of the strategy:

    1. Check the Error View and resolve any errors.

    2. Select Save again if you make any changes.

  4. Choose one of the following options to continue managing products:

    • To exclude specific products for this strategy, see Exclude Products from a Patching Strategy

    • To include specific platforms, see Include or Exclude Platforms in a Patching Strategy

Include Specific Software Products

  1. Scroll to the Products workspace in an open Patching Strategy template. The image below shows the default settings.

    UUID-7a8dda35-6065-d239-2a71-d7a1a5c07f21.png

  2. Select + Browse to open the Select Software Product table:

    1. Enter a product name on the search line, and then click Search. This example uses Google Chrome.

    2. Select the product from the list, and then click OK.

      UUID-92e003b2-4771-2255-d721-96b04a571fec.png

  3. Select Save on the upper right corner of the Patching Strategy:

    1. Check the Error View and resolve any errors.

    2. Select Save again if you make any changes.

Exclude Products from a Patching Strategy

After enabling Include All Products from the Products workspace in an open Patching Strategy, you have the option to exclude individual products for the same Patching Strategy.

UUID-c94dc15d-eac3-1c1a-3d9c-c8460e87684e.png

Note: When you add Business Units to a Strategy, the Patching Exceptions set for the Business Unit take precedence over the Product settings in the Patching Strategy.

  1. Select + Browse to open the Select Software Product table:

    1. Enter a product name on the search line, and then click Search. This example uses Google Chrome.

    2. Select the product from the list, and then click OK.

      UUID-92e003b2-4771-2255-d721-96b04a571fec.png

  2. Select Save on the upper left of the strategy to keep your changes:

    1. Check the Error View and resolve any errors.

    2. Select Save again if you make any changes.

Include or Exclude Platforms in a Patching Strategy

When you enable Include All Products from the Products workspace in an open Patching Strategy, you also include all platforms by default.

  1. Select + Browse to open the Select Software Product table:

    UUID-c94dc15d-eac3-1c1a-3d9c-c8460e87684e.png

  2. Select the Include All Platforms toggle to disable it and view the available Platforms.

    UUID-a1b86caa-038c-ab08-ea3f-20c2096b7493.png

  3. Decide which platforms to include:

    • To include all Platforms, either Select All or select the Include All Platforms toggle to enable it.

    • To include specific Platforms, select those you want to include.

  4. Select Save on the upper left corner to keep your changes:

    1. Check the Error View and resolve any errors.

    2. Select Save again if you make any changes.

Manage Trigger Metadata Properties

Tenable Patch Management provides several Trigger Metadata Properties..

If a trigger metadata property changes in a given patch, and the patch meets each of the requirements below, the Patching process re-presents the patch to the Patching Strategy.

The changed patch must:

  • Belong to a product in the strategy

  • Be applicable on at least one device.

  • Have been presented previously.

View All Trigger Metadata Properties

  1. Scroll down to Trigger Metadata Properties in an open Patching Strategy template.

  2. Select + Select to open the Select Trigger Properties dialog.

Select from all Trigger Properties

The first table you see shows all available trigger properties.

  1. In the Select Trigger Properties table of the Trigger Metadata Properties dialog, select one or more properties to use as triggers:

    • To find a specific trigger, enter a trigger name on the Search line, and then select Search.

    • To sort the list of Trigger Properties, click Property to reverse the alphabetical support order.

    • To page through the available trigger properties, use the navigation tools on the bottom-right of the dialog.

    UUID-9aca983b-34cd-c4c5-69a0-b7f8bd1be4c7.png

  2. Select OK on the bottom-left corner of the dialog to save your selections and return to the Patching Strategy template.

Select Only Windows Defender Antivirus Trigger Properties

  1. Select the Windows Defender Antivirus Patching Properties toggle under Integration Filters in the Select Trigger Properties dialog.

  2. Select a Windows Defender property from the table.

    UUID-9bd27888-691f-2e6c-4da9-3d4d4ad274c3.png

  3. Select OK at the bottom left of the dialog to save your selections and return to the Patching Strategy template.

    UUID-4d538404-6b6a-9759-bce5-f203a8d72d53.png
Select Only Tenable Trigger Properties

In the Select Trigger Properties table of the Trigger Metadata Properties dialog, enable a view of Tenable properties only.

  1. Select the Tenable Properties toggle to enable or disable (default) Tenable trigger properties.

  2. Select one or more Tenable properties from Properties column of the table.

    UUID-648bbac7-bbbf-b92c-16ee-2dc359f05af4.png

  3. Select OK on the bottom-left corner of the dialog to save your selections and return to the Patching Strategy template.

Remove Trigger Metadata Properties

  1. Scroll down to Trigger Metadata Properties in an open Patching Strategy template. If the Patching Strategy includes Trigger Metadata Properties, the table under +Select lists those properties.

  2. Select the ellipsis (…) under Actions for the trigger you want to remove, and then select Remove.

    UUID-a34a2cb3-e74b-7a52-0bad-48c1c95660d7.png

  3. Select Save on the upper-left corner of the Patching Strategy to save your changes.

Deployment Settings

Deployment settings in a Patching Strategy include choosing a Deployment Wave, Creating a Deployment Bot Runtime configuration, and choosing whether to present each patch to the first matching Deployment bot only (defaults to disabled). When customizing an existing Patching Strategy (recommended), settings may include tables with configuration selections other than the default.

Begin by adding a Deployment Wave.Add a Deployment Wave

Add a Deployment Wave

  1. Select Browse next to Deployment Wave in the Deployment Settings workspace of an open Patching Strategy template.

    UUID-0c8de285-fa3d-d7d1-443d-99d570d59c06.png

    This opens the All Deployment Wave dialog.

    UUID-2d4bddd7-6b04-508d-6c1d-463559ea0bb1.png

  2. Select a Deployment Wave from the list.

    • Tenable Patch Management provides a Single Wave-All Clients Deployment Wave, which includes a Business Unit called All Clients Business Unit.

    • If you are following the tasks in Introduction to Patching Strategies, choose Single Wave-All Clients.

  3. Select OK on the bottom left of the dialog to return to the Patching Strategy.

    Note: When updating an existing Patching Strategy with a new Deployment Wave, the system prompts you with a recommendation to specify Business Unit Addition Settings.

  4. Select OK to close the recommendation. The system returns you to the Patching Strategy at the Business Unit Addition Settings workspace:

    • If you are following the tasks in Introduction to Patching Strategies, skip to Add Software Products. There is no need to modify the Deployment Bot Runtime settings for purposes of this exercise.

    • If you are creating or modifying a Patching Strategy for ongoing use, continue with the next step.

  5. Choose whether to specify Business Unit Addition Settings (recommended), if prompted by the system.

    • To continue with Deployment Settings, see Deployment Bot Runtime Settings. You may configure Business Unit Addition Settings later in the template.

    • To complete Business Unit Addition Settings now, see Business Unit Addition Settings.

Deployment Bot Runtime Settings

In Patching Strategy templates, the Create Deployment Bot Runtime dialog provides a single location to add processes to your Patching Strategy. Use these settings for more advanced operations. For example, when you have multiple Business Units that require the same Patch Deployment Bot but use a different Patching Process and schedule, you can create multiple Deployment Bot Runtime combinations to patch according to different requirements.

After adding a Deployment Wave to the Patching Strategy Deployment Settings, you can configure Deployment Bot Runtime scenarios. Follow these procedures for each Deployment Bot Runtime you need to create. If you need to create a Deployment Bot, see Creating Deployment Bots.Creating Deployment Bots

See also:

Bots – Patch Deployment and Notification Bots

Patching Processes

Deployment Channels and Deployment Channel Processes

Business Units and Rollout Processes

Create Deployment Bot Runtime Scenarios

Before creating a Deployment Bot Runtime, select a Deployment Wave to enable the Create Deployment Bot Runtime selection.

  1. Select + Create Deployment Bot Runtime from the Deployment Settings workspace of an open Patching Strategy template.

    UUID-38a6db9e-700e-8bac-3624-f59fea6cb72d.png

    This opens the Create Deployment Bot Runtime dialog:

    UUID-995003e0-e437-23a5-bb89-4c2e5a832488.png

  2. Begin by adding a Patch Deployment Bot.

Add a Patch Deployment Bot (Required)

  1. Select Browse next to Patch Deployment Bot to open the Select Patch Deployment Bot dialog.

  2. Choose a method for viewing Patch Deployment Bots:

    UUID-3844674d-f524-fcbd-9b6c-4c79ce1f6811.png

    • Select UUID-178ca401-e136-bac3-df76-07c06251ece8.pngPatch Deployment Bots, and then select Show All to see the available choices.

    • Select a Filtered by: setting beneath UUID-178ca401-e136-bac3-df76-07c06251ece8.pngPatch Deployment Bots to see only the items associated with that filter.

  3. Select the template you want to use. For example, in Filtered by: Known Exploit, select Mandatory Install (Known Exploit Exists).

  4. Select OK on the bottom left of the dialog to return to the Create Deployment Bot Runtime template.

Add a Patching Process (Required)

  1. Select Browse next to Add Patching Process in the Create Deployment Runtime dialog.

  2. Select UUID-178ca401-e136-bac3-df76-07c06251ece8.pngPatching Processes, and then select Show All to see the available processes.

  3. Select the process you want to use. For example, select Immediate Phased Deployment – Initial Patch Manager Approval).

  4. Select OK on the bottom left of the dialog.

    UUID-eb7c8e2e-27f5-3a3a-4e03-c34133b1af9d.png
Add a Deployment Channel (Optional)

  1. Select Browse next to Add Deployment Channel.

  2. Select UUID-178ca401-e136-bac3-df76-07c06251ece8.pngDeployment Channels, and then select Show All to see the available channels.

  3. Select the channel you want to use. For example, select Daily (13hrs) to run the Deployment Channel at 1:00 pm every day.

  4. Select OK on the bottom left of the dialog.

Add Business Units (Optional)

Note: The Business Units you add here must be the same Business Units included in the Patching Strategy Deployment Wave. If you select other Business Units here or select All Business Units, the Patching Strategy will take no action on those that do not match the Deployment Wave settings.

  1. Decide whether to include all Business Units in this Deployment Bot Runtime, or to add specific Business Units:

    • To include all Business Units, click the Include All Business Units toggle to enable running this configuration on all Business Units (defaults to disabled), and then skip to step 3.

    UUID-49a2c7d6-f516-738e-e783-50e299ba46a5.png

    • To choose specific Business Units for this Runtime, click + Browse, and then continue with the next step.

  2. Select one or more Business Units to add to this Runtime. For example, to use this Runtime on all Windows 11 systems using a Wi-Fi connection, select Operating System – Windows 11 and Office Type – WiFi.

    UUID-adffe6f3-2f97-b26e-7f1c-8c8ad6ee21c9.png

  3. Select OK on the bottom left of the dialog to view the completed Runtime Bot.

  4. Select Create Deployment Bot Runtime on the bottom-left corner of the dialog to return to the Patching Strategy.

  5. Return to Create Deployment Bot Runtime Scenarios to add more Deployment Bot/Patching Process pairs to this Patching Strategy.

Set the Patching Process Runtime

After creating a Deployment Bot Runtime, set the runtime schedule for each Patching Process.

  1. Select the ellipsis (…) under Actions in the Patching Process Settings table of an open Patching Strategy template, and then select Edit Process Setting.

    UUID-b7b66aa0-5772-2220-828c-01288f300fe8.png

  2. Add one or more schedules for the process:

    1. Select + Browse next to Execution Schedules.

    2. Select UUID-178ca401-e136-bac3-df76-07c06251ece8.pngSchedules, and then select Show All.

      UUID-c8d1cfe4-890d-fe34-6510-00b1c3135d75.png

    3. Select one or more schedules to use for the Process Setting runtime, and then select OK on the bottom left corner of the dialog.

      All Deployment Bot Runtime pairs that use the same Patching Process in this Patching Strategy run on the schedules you choose.

    4. Enter the number of Hours, Minutes, and Seconds that the patching process may run before timing out. Zero indicates no time limit.

  3. Select OK, to return to the Patching Strategy workspace.

Present Patches to the First Matching Deployment Bot

This toggle switch enables or disables whether the Patching Strategy stops presenting patches to Deployment Bots as soon as it discovers the first matching Deployment Bot. If you choose to enable this behavior, be sure to order the Bots in your Deployment Bot Runtime from most important to least.

  1. Scroll down to the bottom of the Deployment Settings workspace of an open Patching Strategy.

    UUID-32430a75-326a-436a-4f35-a096fff50925.png

  2. Select the Present each Patch only... toggle to enable or disable (default) whether the Patching Strategy stops presenting patches to later Bots after discovery of a matching Bot.

Add Approval Chains to a Patching Strategy

  1. Select Approval Chains to open the Approval Chains workspace.

  2. Select Browse next to the type of Approval chain you want to add (Product Owner, Patch Management, Security, and so on).

    UUID-ed15a05e-a7d6-76a1-3817-49ea00c29ba7.png

  3. Select an Approval Chain from the Approval Chains table.

    UUID-a15840b0-ee76-e59b-24b9-796ba1ded477.png

  4. Select OK to return to the object template.

  5. Repeat Steps 2 through 4 for each of the groups listed in the Approval Chains workspace:

    • Skip any groups that do not apply to your situation.

    • When each group from which you need an approval contains an approval chain, continue with the next step.

  6. Select Save at the upper left to save your progress:

    1. Check the Error View and resolve any errors.

    2. Select Save again if you make any changes.

Managing Notification Settings

Patching Strategy, Deployment Channel, and Business Unit objects include a Notifications dialog where you can configure notification details. The configuration choices differ slightly for each object.

Note: This configuration requires selecting a specific type of Notification Cycle template. Contact Tenable Patch Management Customer Support for assistance with this configuration and for information about choosing the correct template.

Add a Notification Chain

Notification Chain settings exist in the object templates for Patching Strategies, Deployment Channels, and Business Units.

  1. Expand the Notifications box in an open object template to show the available configuration options.

  2. Select Browse next to Notification Chain. This opens the Notifications Chain dialog.

    UUID-fbbcf29c-ebfe-9b53-2bba-8b3baf08df4e.png

  3. Select UUID-178ca401-e136-bac3-df76-07c06251ece8.pngNotification Chains, and then select Show All to see the available templates.

  4. Select a Notification Chain from the table. To edit or create Notification Chains, see .

  5. Continue editing the Notification settings or click OK on the bottom left corner to return to the template.

Add Patch Notification Bots

Both Patching Strategies and Deployment Channel templates have an option to Add Patch Notification Bots.

  1. Select + Browse next to Patch Notification Bots in the Notifications workspace of the object template.

    This opens the Select Patch Notification Bots dialog.

    UUID-f9916967-93c7-a278-91a2-da37b421879c.png

  2. Select UUID-178ca401-e136-bac3-df76-07c06251ece8.pngPatch Notification Bots, and then select Show All to list all available Patch Notification Bots or click any Filtered by: folder to see the Bots associated with that filter.

  3. Choose one or more Notification Bots to set requirements for this template. To create more Notification Bots, see Creating Notification Bots.

  4. Select OK on the bottom left of the dialog to return to the starting template.

Create Notification Settings
Set Notification Urgency

These values must match the corresponding values defined in the Notification Bots. Otherwise, the Notification Cycle does not send a notification.

  1. Select + Create Notification Setting in the Notifications box of the object template.

    UUID-75ac68eb-ddbe-365d-f45f-63a88ae683bb.png

  2. Expand the list of options next to Notification Urgency, and then select the urgency setting that matches the Notification Bot.

    UUID-e9f7e7ce-abbf-a6fd-6b27-fe3e785e7a62.png

  3. Continue editing the Notification settings or click Create Notification Settings to return to the template.

Add Execution Schedules

Execution Schedules control when and how often a Notification Cycle sends notifications. Choose schedules based on when and how often receiving parties require notification.

  1. Select + Create Notification Setting from the Notifications workspace of a object template.

  2. Select +Browse next to Execution Schedules to display the available schedules.

  3. Select one or more schedules from the All Schedules table, and then select OK on the lower-left corner of the dialog.

    UUID-8a403775-fb25-8d0d-b482-25094bb581bf.png

  4. Continue editing the notification settings or click Create Notification Settings to return to the template.

Enable Notifications for Patching Strategy and Business Unit Chains

When enabled, sends notifications to the Roles shown in the Notification Chain associated with the Patching Strategy or Deployment Channel template. Defaults to disabled.

  1. In the + Create Notification Setting dialog in the Patching Strategy or Deployment Channel template, decide whether to enable notifications:

    • Select the Notify Patching Strategy Chains toggle to enable or disable (default) whether the notification cycle sends notifications to the chains included in the strategy.

    • Select the Notify Business Unit Chains toggle to enable or disable (default) whether the notification cycle sends notifications to Business Unit chains included in the strategy.

  2. Continue editing the Notifications settings or click Create Notification Settings to return to the template.

Choose a Notification Cycle Workflow

This setting names the Notification Cycle that processes the Notifications for the Patching Strategy or Deployment Channel. Notification Cycle workflows are customized for specific uses. Tenable Patch Management does not provide sample Notification Cycle templates. These templates exist only if you create them for your environment.

Note: Contact Tenable Patch ManagementCustomer Support for assistance with Notification Cycle templates

  1. Select + Create Notification Setting from the Notifications box in the object template.

    UUID-3eaa81e7-64c6-8115-7b9a-67e5faa8b890.png

    This opens the Create Notification Setting dialog.

    UUID-7dd1a596-a75a-bafe-cb69-c0e66e13ea56.png

  2. Select Browse on the Add Workflow line. This opens the list of available workflows.

  3. Select your custom workflow from the list, and then click Add Workflow on the lower-left corner of the dialog.

  4. Continue editing the Notification settings or click Create Notification Settings to return to the template.

Set the Time Limit

Specifies the maximum length of time that the Notification Cycle Workflow runs before timing out. If set to all zeros (default) the workflow may run indefinitely. Choose this setting with care. If the notification times out before sending all notifications, the next cycle triggers the notifications again.

  1. Select + Create Notification Setting the Notification box of the object template.

  2. Next to Time Limit, set the Hours, Minutes, or Seconds that the Notification Cycle will run, or leave the setting default at 0 for each item to allow the workflow to run indefinitely.

  3. Continue editing the Notification settings or click Create Notification Settings to return to the template.

Customer Extension Data

Customer Extension Data is an advanced feature of Tenable Patch Management . The Customer Extension Data fields allow advanced users to specify different key/value pairs for use in customized Patching Strategies, Deployment Chains, or Business Units when necessary to achieve different results.

UUID-d4c2d0ee-1ac8-2a14-7ef5-b1c31fa60e8e.png

Customer Extension Data fields relate directly to fields in a customized template. If you do not have customized templates with key/value pairs you can modify, you do not need to configure or use this feature.

If you want to create customized templates that use key/value pairs for some settings, contact Tenable Patch ManagementCustomer Support .

Content Prestaging Settings

The Content Prestaging feature deploys content to devices ahead of the scheduled deployment, either pushing content to a location or allowing a client to pull content. Prestaging content makes the content available on the device locally when the deployment time arrives. This reduces the deployment time and minimizes the chances of missing service windows or having devices going offline before a content download finishes.

You can create Content Prestaging Settings within the Patching Strategy, Business Unit, or Deployment Channel templates.

Defining Content Prestaging Settings

The templates for Patching Strategies, Deployment Channels, and Business Units include the choice to set Content Prestaging settings. Settings default to Not Enabled.

Content Prestaging settings include two options:

  • Server Content Push (Recommended) – The Tenable Patch Management pushes the content to the best-suited sources in all locations that require the content. Tenable Patch Management recommends this type of prestaging when the Deployment Strategy targets only a subset of devices. High-availability machines receive the content and function as local sources during discovery and deployment.

  • Client Content Pull – This option enables any client that requires the content to download and cache it before deployment. Suitable when a Deployment Strategy targets all clients that need the updated content.

Push Content

  • Not Enabled -- Disables any prestaging as part of the Patching Process workflow or Patching Strategy.

  • Handled by System – The Tenable Patch Management system handles the prestaging automatically and pushes content to three automatically chosen devices within the office that require the content.

    This push occurs at once when the metadata updates include the latest content that meets patching requirements.

  • Handled by Workflow – When enabled as part of a Patching Process, Deployment Channel, or Business Unit template, pushes the content upon deployment of the Patching Process.

Pull Content

  • Not Enabled -- Disables any prestaging as part of the Patching Process workflow or Patching Strategy.

  • Handled by System – The Tenable Patch Management system handles the prestaging automatically. The Client pulls content from the Server and instructs all Clients that require the content to download and cache it ahead of any deployment.

  • Handled by Workflow – When enabled as part of a Patching Process, Deployment Channel, or Business Unit template, the Client pulls the content upon deployment.

Set Content Prestaging Settings

Use this procedure to add or change Content Prestaging Settings in Patching Strategy, Business Unit, or Deployment Channel templates.

  1. Expand the Notifications box in an open object template, and then scroll down to the Content Prestaging Settings.

    UUID-069e1684-da80-6286-5db5-673aed43c20b.png

  2. Expand the Content Prestaging Settings box to view the available settings.

    UUID-123eaa70-e945-5a4a-4f1d-7afc3eb81d1e.png
Enable Client Content Pull

Client Content Pull defaults to Not Enabled. To enable pull settings, complete the following steps in the Content Prestaging Settings of a Patching Strategy, Business Unit, or Deployment Channel template:

UUID-e8698a1f-f03a-247d-47b6-0cb654bafe58.png

  1. Select the arrow to the right of Client Content Pull to expand the menu of available options.

    UUID-aecc9125-7c1d-9d39-cc14-647187860dd7.png

  2. Select the option you need for the object template you are using. For definitions of push options, see Defining Content Prestaging Settings.

  3. Select Save on the upper left to save your changes:

    1. Check the Error View and resolve any errors.

    2. Select Save again if you make any changes.

Enable Server Content Push

Server Content Push defaults to Not Enabled. To enable push settings, complete the following steps in the Content Prestaging Settings of a Patching Strategy, Business Unit, or Deployment Channel template, complete the following steps:

UUID-e8698a1f-f03a-247d-47b6-0cb654bafe58.png

  1. Select the arrow to the right of Server Content Push to expand the menu of available options.

    UUID-9e694cb3-80cc-32a4-43dc-60d6818e8f83.png

  2. Select the option you need for the object template you are using. For definitions of push options, see Defining Content Prestaging Settings.

  3. Select Save on the upper left to save your changes:

    1. Check the Error View and resolve any errors.

    2. Select Save again if you make any changes.

Business Unit Addition Settings

Business Unit Addition Settings do not have a separate menu item. Configure these settings from the Business Unit Addition Settings dialog in a Patching Strategies template.

Business Unit Addition Settings in Patching Strategies

When you have added a new Business Unit to an enabled Patching Strategy that has already completed the current patching cycle, you must use the Business Unit Addition Settings to add the parent Business Unit that contains the details, such as Patches and Patch Approval Settings, any Business Unit added to the Strategy will inherit.

The Business Unit you specify here includes the patch approvals the Patching Strategy will use for any Business Units you add to the Strategy after the Strategy has run.

The Patching Process you select here is the same process you identified in the Deployment Bot Runtime configuration of the Patching Strategy.

UUID-7c37ad66-ba92-e6b3-15c3-a40062834225.png
Configure Business Unit Addition Settings

  1. Select Strategy > Patching Strategies from the left navigation menu of the Patch Dashboard.

  2. Scroll down to Business Unit Addition Settings and then click the right arrow to expand the box.

    UUID-7c37ad66-ba92-e6b3-15c3-a40062834225.png
Select a Business Unit

Specify the parent Business Unit for this strategy so that when new Business Units become part of the strategy after it has already run, the new Business Units inherit settings from the same parent.

  1. Select Browse next to Template Business Unit in the Business Unit Addition Settings dialog of an open Patching Strategy template.

  2. Select the Business Unit that has the parent settings for any future Business Units added to the Strategy.

  3. Click OK to return to the template.

  4. Select Save on the upper left to save your changes:

    1. Check the Error View and resolve any errors.

    2. Select Save again if you make any changes.

    Note: If you came to this procedure while you were configuring Deployment Settings in a Patching Strategy, return to Deployment Settings to continue the Strategy configuration.

Select a Patching Process

Identify the Patching Process that controls the approval and deployment logic for the existing Business Units in this strategy. This is the same Patching Process identified in the Deployment Bot Runtime, which is the only Patching Process you can choose here. This ensures that any Business Units added after initial creation of this strategy use the same Patching Process as the existing Business Units.

  1. Verify that the Deployment Bot Runtime details are accurate. The Patching Process settings needed for Business Unit Addition settings are the same as those used in the Deployment Bot Runtime.

  2. Select Browse next to Patching Process in the Business Unit Additions dialog of an open Patching Strategy. If Browse is disabled, check the Deployment Bot Runtime Settings.

  3. Select the available Patching Process, and then click OK.

  4. Select Save on the upper left corner to save your changes:

    1. Check the Error View and resolve any errors.

    2. Select Save again if you make any changes.

Enable the Patching Strategy

After completing the Patching Strategy configuration, including Add Software Products, you must enable the Patching Strategy. When enabled, the strategy runs according to the configured schedules.

  1. In General Settings at the top of the Patching Strategy template, click the Strategy Enabled toggle to enable the strategy and make it available for use.

    UUID-c9c9c5b1-094c-95f2-0b78-9d415fcc0f92.png

  2. Select Save on the upper-left corner of the workflow to save the strategy:

    1. Check the Error View and resolve any errors.

    2. Select Save again if you make any changes.

  3. Move the saved template to your folder .