Daily Patch reports
These reports provide patching details.
Patch details
This report provides patch details and maintenance window coverage of various instances.
This report provides:
Insights on Patch groups and its types.
Insights on Maintenance Windows, duration, cutoff, future dates of maintenance window executions (schedule) and Instances impacted in each window.
Insights on all the operating systems under the account and number of instances that operating system is installed.
Field Name | Dataset Field Name | Definition |
---|---|---|
Report Datetime | dataset_datetime | The date and time the report was generated. |
Account Id | aws_account_id | AWS Account ID to which the instance ID belongs |
Account Name | account_name | AWS account name |
Instance Id | instance_id | ID of EC2 instance |
Instance Name | instance_name | Name of EC2 instance |
Production Account | prod_account | Identifier of AMS prod, non-prod accounts, depending on whether account name include value 'PROD', 'NONPROD'. |
Account Status | account_status | AMS account status |
account_sla | AMS account service tier | |
Instance Platform Type | instance_platform_type | Operating System (OS) type |
Instance Platform Name | instance_platform_name | Operating System (OS) name |
Stack Type | instance_stack_type | AMS stack (AMS infrastructure within customer account) or Customer stack (AMS managed infrastructure that supports customer applications) |
Instance Patch Group Type | instance_patch_group_type | DEFAULT: default patch group w/ default maintenance window, determined by AMSDefaultPatchGroup:True tag on the instance CUSTOMER: customer created patch group NOT_ASSIGNED: no patch group assigned |
Instance Patch Group | instance_patch_group | Patch group name used to group instances together and apply the same maintenance window |
Instance State | instance_state | State within the EC2 instance lifecycle |
Maintenance Window Id | window_id | Maintenance window ID |
Maintenance Window State | window_state | Maintenance window state |
Maintenance Window Type | window_type | Maintenance window type |
Maintenance Window Next Execution Datetime |
window_next _execution_time |
Next time the maintenance window is expected to execute |
Last Execution Maintenance Window | last_execution_window | The latest time the maintenance window was executed |
window_next_exec_yyyy | Year part of window_next_execution_time | |
window_next_exec_mm | Month part of window_next_execution_time | |
window_next_exec_D | Day part of window_next_execution_time | |
window_next _exec_HHMI |
Hour:Minute part of window_next_execution_time | |
Maintenance Window Duration (hrs) | window_duration | The duration of the maintenance window in hours |
Maintenance Window Coverage | mw_covered_flag | If an instance has at least one enabled maintenance window with a future execution date, then it’s considered covered, otherwise not covered |
Patch Baseline Id | patch_baseline_id | Patch baseline currently attached to instance |
Patch Status | patch_status | Overall patch compliance status. If there is at least one missing patch, instance is considered noncompliant, otherwise compliant. |
Compliant - Critical | compliant_critical | Count of compliant patches with "critical" severity |
Compliant - High | compliant_high | Count of compliant patches with "high" severity |
Compliant - Medium | compliant_medium | Count of compliant patches with "medium" severity |
Compliant - Low | compliant_low | Count of compliant patches with "low" severity |
Compliant - Informational | compliant_informational | Count of compliant patches with "informational" severity |
Compliant - Unspecified | compliant_unspecified | Count of compliant patches with "unspecified" severity |
Compliant - Total | compliant_total | Count of compliant patches (all severities) |
Noncompliant - Critical | noncompliant_critical | Count of noncompliant patches with "critical" severity |
Noncompliant - High | noncompliant_high | Count of noncompliant patches with "high" severity |
Noncompliant - Medium | noncompliant_medium | Count of noncompliant patches with "medium" severity |
Noncompliant - Low | noncompliant_low | Count of noncompliant patches with "low" severity |
Noncompliant - Informational |
noncompliant _informational |
Count of noncompliant patches with "informational" severity |
Noncompliant - Unspecified |
noncompliant _unspecified |
Count of noncompliant patches with "unspecified" severity |
Noncompliant - Total | noncompliant_total | Count of noncompliant patches (all severities) |
Instances that missed patches
This report provides details on instances that missed patches during the last maintenance window execution.
This report provides:
Insights on missing patches at the patch id level.
Insights on all the instances which have at-least one patch missing along with attributes such as patch severity, unpatched days, range, and release date of the patch.
Field Name | Dataset Field Name | Definition |
---|---|---|
Report Datetime | dataset_datetime | The date and time the report was generated. |
Account Id | aws_account_id | AWS Account ID to which the instance ID belongs |
Account Name | account_name | AWS account name |
Customer Name Parent | customer_name_parent | |
Customer Name | customer_name | |
Production Account | prod_account | Identifier of AMS prod, non-prod accounts, depending on whether account name include value 'PROD', 'NONPROD'. |
Account Status | account_status | AMS account status |
Account Type | account_type | |
account_sla | AMS account service tier | |
Instance Id | instance_id | ID of EC2 instance |
Instance Name | instance_name | Name of EC2 instance |
Instance Platform Type | instance_platform_type | Operating System (OS) type |
Instance State | instance_state | State within the EC2 instance lifecycle |
Patch Id | patch_id | ID of released patch |
Patch Severity | patch_sev | Severity of patch per publisher |
Patch Classification | patch_class | Classification of patch per publisher |
Patch Release Datetime (UTC) | release_dt_utc | Release date of patch per publisher |
Patch Install State | install_state | Install state of patch on instance per SSM |
Days Unpatched | days_unpatched | Number of days instance unpatched since last SSM scanning |
Days Unpatched Range | days_unpatched_bucket | Bucketing of days unpatched |