This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to get VM manager Patch Compliance Status with CLI or API

Posted on 03-02-2024 07:14 AM
szagrunniy
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi, we are trying to find a solution to get notification about Critical patch is available for our VMs.

And it seems there is no way to get compliance status details programmatically.

Is there gcloud or API to get the details from document above?

https://cloud.google.com/compute/docs/os-patch-management#patch_compliance_status

1 2 369
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
Willbin
Staff
Reply posted on --/--/---- --:-- AM

Hello @szagrunniy,

Welcome to Google Cloud Community!

You might want to try Patch Rollout Events and Reporting APIs.

  • Enable Patch Rollout events in Patch Management. It will notify you when a patch deployment starts, finishes, or encounters errors. You can filter for events related to critical patches.

  • Use the Google Cloud Monitoring API or Cloud Monitoring logs to subscribe to these events and receive notifications.

  • While not directly providing compliance details, the Patch Reporting API allows you to query patch application status for your VMs. You can filter by critical patches and identify unpatched VMs.

  • Leverage the Patch Reporting API and set up scheduled queries to identify VMs missing critical patches. This information can be used to trigger notifications through custom scripts or third-party tools.

See these resources:
Monitoring API
Monitoring Logs

Don't hesitate to post back any questions here, we are delighted to try and help.

Thanks!

Posted on --/--/---- --:-- AM
yashsaini
Bronze 1
Bronze 1
In response to Willbin
Reply posted on --/--/---- --:-- AM

Hello, I have the same question Is there gcloud or API to get compliance status details for all VMs programmatically? Currently I have developed a script using gcloud commands which gives us patching status for the latest VM patch jobs that ran but I want to have information of patch compliance status  of VM instances for example "Critical Updates Available" or "Other Updates Available".
 
1. Enable Patch Rollout events in Patch Management. It will notify you when a patch deployment starts, finishes, or encounters errors. 
- Can you please provide some documentation URL for this I can't find how to enable patch rollout events? Is this solution possible through programming or only on console?

2. While not directly providing compliance details, the Patch Reporting API allows you to query patch application status for your VMs. You can filter by critical patches and identify unpatched VMs.
- Please provide documentation URL for the Patch Reporting API how to use this API and how it can give patch compliance status for VMs.

Thanks!

Top Labels in this Space
Top Solution Authors
View all