HIP match based on missing patch ID for macOS users

HIP match based on missing patch ID for macOS users

Created On 04/08/22 19:12 PM - Last Modified 06/03/22 16:41 PM

Is it possible to configure missing patch IDs for macOS under Objects>
> HIP Objects> Patch Management> Missing patches> Patches ?


  • MacOS
  • HIP objects, HIP profiles
  • Missing patches

The firewall does not parse the title or description of a missing patch in the hip report against the configuration in the HIP object. To configure a HIP object to match a specific 'missing patch', the following values need to be used in the HIP object which can be viewed in the hip report.
  •  Windows: The fields “kb-article-id" and "security-bulletin-id" of missing patches are available on the Windows platform with the product Windows Update Agent.
  • MacOS: On Mac OS with Software Update, there's an equivalent called "security_update_id" for missing patches, however, it seems that this information is either not available or Apple does not expose it to the public, and therefore "security_update_id" cannot be supported at this time due to vendor limitations. 

Reference the below snippet of a hip report which demonstrates that the missing patch does not contain any value which can be used to identify it in the HIP object.

   <title>macOS Big Sur 11.6.5-20G527</title>
   <description>Title: macOS Big Sur 11.6.5, Version: 11.6.5 </description>   
   <product>macOS Big Sur</product>
   <vendor>Apple Inc.</vendor>





Additional Information
Vote on a feature request to allow the firewall to parse 'title' or 'description' for missing patches against hip object.

  • Print
  • Copy Link