HIP match based on missing patch ID for macOS users

HIP match based on missing patch ID for macOS users

627
Created On 04/08/22 19:12 PM - Last Modified 06/03/22 16:41 PM


Question
Is it possible to configure missing patch IDs for macOS under Objects>
GlobalProtect
> HIP Objects> Patch Management> Missing patches> Patches ?

 


Environment
  • MacOS
  • HIP objects, HIP profiles
  • Missing patches


Answer
The firewall does not parse the title or description of a missing patch in the hip report against the configuration in the HIP object. To configure a HIP object to match a specific 'missing patch', the following values need to be used in the HIP object which can be viewed in the hip report.
  •  Windows: The fields “kb-article-id" and "security-bulletin-id" of missing patches are available on the Windows platform with the product Windows Update Agent.
  • MacOS: On Mac OS with Software Update, there's an equivalent called "security_update_id" for missing patches, however, it seems that this information is either not available or Apple does not expose it to the public, and therefore "security_update_id" cannot be supported at this time due to vendor limitations. 

Reference the below snippet of a hip report which demonstrates that the missing patch does not contain any value which can be used to identify it in the HIP object.

<missing-patches>
  <entry>
   <title>macOS Big Sur 11.6.5-20G527</title>
   <description>Title: macOS Big Sur 11.6.5, Version: 11.6.5 </description>   
   <product>macOS Big Sur</product>
   <vendor>Apple Inc.</vendor>
   <info-url></info-url>
   <kb-article-id></kb-article-id>
   <security-bulletin-id></security-bulletin-id>
   <severity>1</severity>
   <category>update</category>
   <is-installed>no</is-installed>
  </entry>
</missing-patches>


image.png


Reference:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/globalprotect/objects-globalprotect-hip-objects/hip-objects-patch-management-tab

 

 



Additional Information
Vote on a feature request to allow the firewall to parse 'title' or 'description' for missing patches against hip object.

Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004O0sCAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments