Symantec Management Platform (SMP) Community

 View Only
Expand all | Collapse all

Patch Management API

  • 1.  Patch Management API

    Posted Aug 07, 2019 04:57 AM

    Patch Management Workflow Web Service Application Programming Interface (API)

    DOC11543

    https://support.symantec.com/us/en/article.doc11543.html

     

     



  • 2.  RE: Patch Management API

    Posted Aug 10, 2019 05:27 AM

    Hi,

    I am automating the creation of policy for CentOS and RHEL using the method https://support.symantec.com/us/en/article.doc11543.html#CreateUpdatePolicy . I am able to create the policy and also see it in the Altiris console.However, the policy doesn't reflect on the endpoint machines. If I disabled the policy and  then enable it, the policy shows  up on the endpoint.

    Any ideas on  whats going on, and how to fix it.

     



  • 3.  RE: Patch Management API

    Posted Aug 10, 2019 09:29 AM

    Normally you need to wait for a Delta update, what frequency is that on?

    If you do an “update config” on the endpoint does it show up?

    When you check the policy does the target show the machine in it?

    —-

    SMP - ASDK - Web Service - Update Resource Target

    https://www.symantec.com/connect/articles/smp-asdk-web-service-update-resource-target



  • 4.  RE: Patch Management API

    Posted Aug 10, 2019 10:02 AM
    Hi Alex, Thanks for the help. Can you please help me with steps to check the Delta update frequency. Also how do I update config on the endpoint.


  • 5.  RE: Patch Management API

    Posted Aug 10, 2019 01:44 PM

    See this previous forum post with useful pictures

    https://www.symantec.com/connect/forums/giving-desktop-support-team-access-run-delta-update-schedule

    —-

    Update Config

    open the agent and click the button

    or you can send a task

    you can also script using the ASDK

    https://www.symantec.com/connect/forums/update-configuration-server



  • 6.  RE: Patch Management API

    Posted Aug 11, 2019 12:26 AM

    Hi Alex,

    As per  the config on my server the delta update is set to 5 min frequency ( see attached).  Since my endpoints are linux, there is no UI on the SMA. I have tried refresh policies from the bash prompt to refresh the policies, but still the policy is not getting listed.

    Since just disabling and enabling the policy makes it available, I believe the  target is not a problem.

    I saw there is a  way to diable a policy using the API, is there a way to enable it  too ?

    Thanks in advance..



  • 7.  RE: Patch Management API

    Broadcom Employee
    Posted Aug 12, 2019 02:49 PM

    Hi Sandeep, you may try the following workaround - use SetProperty method with GUID of policy you need to enable in guidItem and Enabled=true in nameValueList.



  • 8.  RE: Patch Management API

    Posted Aug 13, 2019 02:03 AM

    Hi Dmitri_Gornev,

    I tried to enable  the policy using the SetProperty. The policy does get enabled, but it doesn't help in distributing the policy. The policy distrtibution is completely random and any guidance on how to debug the situation will be of great help.

     

    Do we  need to wait  for some period  for the distrtibution  to work ?

     



  • 9.  RE: Patch Management API

    Posted May 27, 2020 02:56 PM
    Edited by deemacgee May 27, 2020 02:57 PM
    Hi all, sorry to resurrect an old thread, but I have a question about the PM API and here seems the best place to ask it.

    Every few months I find myself with some spare time in which to streamline our clunky patch management processes; usually a bit of experimentation and digging through forum posts (sometimes even documentation) will lead me to an answer, but this one has evaded me so far: which API call will return a list of disabled updates contained in a patch policy? In the attached screenshot, for example, it's clear that individual patches have been deactivated in an otherwise live policy with enabled patches.

    I can connect the dots between patches, bulletins, policies, and enabled/disabled status of policies, but short of clumsily querying the database directly, I can't seem to find an API call which returns a list of disabled updates inside enabled patch policies. Does such a call exist?


    ------------------------------
    --None--
    ------------------------------



  • 10.  RE: Patch Management API

    Broadcom Employee
    Posted May 29, 2020 09:55 AM
    Hi deemacgee,

    to the best of my knowledge there is no existing out-of-box method for this.


  • 11.  RE: Patch Management API

    Posted May 30, 2020 07:35 AM
    Edited by deemacgee May 30, 2020 07:47 AM
    Well, that would explain why I can't find it!

    Maybe Broadcom can regard it a feature request? Natively, programatically tracking patch policy changes over time would be handy.
    Until then, it's back to scouring the database...

    Thanks Dmitri, appreciate your response.


    ------------------------------
    --None--
    ------------------------------



  • 12.  RE: Patch Management API

    Broadcom Employee
    Posted May 30, 2020 01:34 PM
    I know this isn't exactly what you are looking for but here is some SQL that should work for what you are looking for.



    SELECT   
    irPOL.ParentItemGuid       [Policy Guid],  
    itPOL.Name                 [Policy Name],  
    itAdv.Name [Advertisement Name],  
    case  when iaadv.Enabled = 1 then 'Enabled' else 'Disabled'   end as 'Advertisement Status',  
    case  when sup.SupersededBy is not null  then 'Superseded' else 'NOT Superseded'   end as 'Supersedence State'
    FROM Item itAdv
    JOIN ItemReference irPOL ON irPOL.ChildItemGuid = itAdv.Guid  AND irPOL.Hint = 'swuadvert'
    JOIN Item         itPOL ON itPOL.Guid = irPOL.ParentItemGuid 
    JOIN ItemActive iaadv on iaadv.Guid = itAdv.Guid
    JOIN ItemActive iapol on iapol.Guid = itPOL.Guid AND iapol.Enabled = 1
    JOIN ItemReference irSWU ON irSWU.ParentItemGuid = itAdv.Guid  AND irSWU.Hint = 'swu'
    JOIN vRM_Software_Update_Item itSWU ON itSWU.Guid = irSWU.ChildItemGuid
    LEFT JOIN vSoftwareUpdateInventoryRuleAssociations sup on sup.SWUGuid = itSWU.Guid
    WHERE itAdv.Guid in (select Guid from ItemClass where ClassGuid = '59705429-CFCC-4f7c-9BF6-D4FCE8C9622C')
    order by 2, 3


  • 13.  RE: Patch Management API

    Posted Jun 02, 2020 08:21 AM
    I much prefer this to my clunky code. Thanks!

    ------------------------------
    --None--
    ------------------------------



  • 14.  RE: Patch Management API

    Broadcom Employee
    Posted May 29, 2020 09:57 AM
    New URL for this KB article on Broadcom TechDocs: https://knowledge.broadcom.com/external/article?legacyId=TECH257233