All Collections
Patch Management
Automating patch review with Pulseway
Automating patch review with Pulseway
Tara Bennet avatar
Written by Tara Bennet
Updated over a week ago

NAVIGATION : Modules > Patch Management

SECURITY : Required permissions go here

Pulseway's Patch Review feature makes it easy to configure automation that intelligently approves or rejects the delivery of OS updates to your managed endpoints. By doing so, you increase the efficiency of your review process by eliminating manual work while maintaining security.

This article provides an overview and use cases for the feature. It also describes how to navigate and customize each tier of the review process.


During operating system patching, Pulseway scans potentially-eligible endpoints in real time and assesses the patches against configured rules that you define. Pulseway has three levels of rules that comprise Patch Review:

  1. Global rules: Tenant-level rules assessed for all patches

  2. Patch policy rules: Policy-level rules assessed for all patches within a patch policy

  3. Individual patch rules: Patch-level rules assessed for a single patch within a patch policy

Each type of rule must be configured in its own section of Pulseway.

Configuring rules

Global Rules

Global rules are configurable at Modules > Patch Management > Global Rules.

Pulseway consults these rules first when analyzing a newly-discovered patch. They supersede all other rules and apply in a top-down order. You can set various criteria, such as patch name, description, category, or severity metrics, to approve or reject the patch.

Common use cases for global rules include excluding drivers or patches with known deployment issues. If a patch doesn't meet any global rules criteria, Pulseway will next evaluate it by patch policy rules.

Patch policy Rules

To view and manage patch policy rules, navigate to Modules > Patch Management > Policies. Then, click Windows settings and select OS Rules.

Patch policy rules are useful when creating patching strategies for individual organizations or devices with specific needs. For example, you can automatically approve patches if they have CVSS scores that adhere to an organization's security policies. Or, you can defer patch installation for devices that host vital infrastructure.

The workflows for configuring patch policy rules are similar to those for global rules. They have the same set of criteria to choose from.

NOTE Approve and Install policies and Global rules may override the Hide action for a given patch.

Did this answer your question?