How to find assets that haven't been patched for a month ?

Hello -  We currently have JAMF and Microsoft SCCM Adapter configured in our Axonius instance. JAMF pulls data from MAC OS and SCCM is for Windows . I can see the SCCM Adapter pulling in "OS Installed Patches" field from windows devices as shown below . How can i create a query around it to show which devices have not been patched for last 1 month ?


Like wise, for JAMF Adapter,  how can i find which devices have not checked in  since past 30 days ?  Is it "Last contact field or is it "Last Seen" time field that has this data ?




1 comment
  • Official comment

    For SCCM, you might have to be a bit tricky. I don't have a system with SCCM in my test environment, so I am going to try and write out the filters. You'd want to make a query like:

    • SCCM - OS Installed Security Patches exists
    • NOT SCCM - OS Installed Security Patches last days 30
    • SCCM - OS Installed Security Patches next days -30 (negative 30)

    The tricky bit is the negative 30. The reason this works is that the date filter ends up looking like "date less than or equal to current date minus 30 days".

    For JAMF, ff you make the query "NOT Last Contact last days 30" it will show you any device that has the last contact value that is not within the last 30 days. That should show you any device without a contact date in 30 days.
    This assumes two things:

    • Last Contact is updated by JAMF in a meaningful way
    • That the "Last Seen" threshold config for the JAMF adapter is set to fetch devices older than 30 days since their last seen

Please sign in to leave a comment.

Didn't find what you were looking for?

New post