MASTERING PATCH MANAGEMENT FOR INCIDENT RESPONSE

Cybersecurity Awareness Month Special | This Wednesday | 12 PM EDT / 3 PM CEST

Action1 5 Blog 5 Leveraging Custom Attributes for Superior Patch Management

Leveraging Custom Attributes for Superior Patch Management

July 19, 2024

By Gene Moody

With all patch management solutions, data leads to precision, precision equals efficiency, and efficiency means more time to work on other priorities. With the latest release, Action1 now gives you the ability to choose what data you need to fully optimize your patching and automation needs as granular as your environment demands. With the addition of custom attributes, you can choose items that are relevant to your implementation to use as you deem most relevant. Custom attributes are available for use in grouping logic, as well as for holding general information relevant to the endpoint. Custom attributes can be renamed via the Action1 console to provide more direct relevance to the type of data you plan to store in them.

How to Utilize Custom Attributes

So, let’s dive into some examples of how Action1 can leverage custom attributes to do very useful things…

Example 1: Monitoring Windows Defender

As a simple example, let’s say you would like to be able to view, at a glance, the current definition version of Windows Defender. A simple one-line PowerShell command can tell us this:

PS C:\> (Get-MpComputerStatus).AntivirusSignatureVersion

 

You can use that and Action1’s scripting capabilities to populate a custom attribute. To start, let’s rename an attribute to something meaningful. In the Action1 console, go to any endpoint, and scroll to the bottom right of the general tab in the details pane. Choose “Modify custom attributes.”

In this example, we will rename “Custom Attribute 1” to “Windows Defender Definition Version” just for this purpose. So, just change the name and then click “Save.”

NOTE: This will change the name of the “Custom Attribute 1” value for all endpoints in the organization at once.

Once the attribute is appropriately named, any custom scripting or scripting automation can then set the value using a special method built into Action1 named “Action1-Set-CustomAttribute.” It can do this as a singular primary function or in conjunction with other actions; that is to say, the script is not limited to do this exclusively.

Action1-Set-CustomAttribute 'Windows Defender Definition Version' $((Get-MpComputerStatus).AntivirusSignatureVersion)

 

For more details on this and the above reconfiguring and population of attributes, see the full help article in our documentation.

The script to produce the data you want to set in the attribute, can be as simple or complex as your use case dictates, the only requirement is that in the end it has a string value to send to the Action1-Set-CustomAttribute ‘’ ‘’ method.

That is all there is to it, but let’s do something even more productive!

Creating Dynamic Groups for Automation

Example 2: Automating Drive Space Management

Say you have an automated drive space reclamation automation that you would like to run when a drive gets below a threshold of 5GB free. And that you have renamed a custom attribute to “DriveSpaceStatus”.

Action1-Set-CustomAttribute 'DriveSpaceStatus'  $(If(((Get-PSDrive -Name (Get-WmiObject Win32_OperatingSystem).SystemDrive.SubString(0,1)).Free / 1GB) -lt 5){"Low"}else{"Normal"})

 

That is the complete script! Just create an automation to keep that updated, perhaps daily. You can now create a dynamic group that targets only the proper operating systems to represent a client OS in your environment, and then filter out systems that register free disk space as “Normal.”

Voilà! Now you can link your drive cleaning operation to the newly dynamically created group, and when a system that is W10 or W11 with less than 5GB of free space is detected, the automation will run automatically.

The Endless Possibilities of Custom Attributes

The possibilities here are only limited by the imagination. Anything you can script to an atomic value, or a value that can use wildcard pattern searching, can then be grouped. You can download the following example scripts from our GitHub Action1 Endpoint Scripts. You can check registry keys as well, such as the following example to get the status of if Windows Update’s automatic updating is enabled:

Or… more complex sets of operations to produce robust output from more than one source, such as tell if the system is Physical or Virtual and what form factor it may have.

The possibilities really are endless and can be anything from attributes of files or applications, local database values, system information, driver version for a specific device—really, anything you can get into a PowerShell variable can now be the root of a group, part of a logical operation to create a group, or just an easy-to-reference value for the sake of productivity.

So, there you have it, the endless possibilities that custom attributes bring to your toolbox will allow you to create use cases that are as versatile as they are powerful. Make sure to check out the whole section in the documentation on custom attributes, as well as my next blog on how to do even more with attributes via PSAction1, in my next blog post: Streamline Patch Management with Advanced Custom Attributes. Go check it out to see how you can use PSAction1 to expand the power of Action1.

Don’t wait, create an account to experience how Action1 reinvents patch management with an infinitely scalable, highly secure, cloud-native platform configurable in 5 minutes—and it just works, with no VPN needed.

Setup in minutes to reduce your cyber risks and costs:

No credit card. 100 endpoints free. No feature limits.

Featuring unified OS and third-party patching with peer-to-peer patch distribution and integrated real-time vulnerability assessment, it enables autonomous patch compliance that preempts ransomware and security risks, all while eliminating costly routine labor. Trusted by thousands of enterprises managing millions of endpoints globally, Action1 is certified for SOC 2 and ISO 27001.

See What You Can Do with Action1

 

Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.

 

spiceworks logo
getapp logo review
software advice review
trustradius
g2 review
spiceworks logo

Related Posts