search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
2.69k stars 382 forks source link

Maintenance windows every week #19031

Open lukeheath opened 2 months ago

lukeheath commented 2 months ago

Goal

User story
As an IT admin,
I want to see maintenance windows weekly
so that I can resolve all high and critical vulnerabilities within 15 days.

Context

Many Fleet instances must resolve all high and critical vulnerabilities within 15 days. The current patch schedule of once per month does not meet these requirements unless a patch is issued within 15 days of the last Tuesday of the month. That means in order to be compliant, these Fleet instances cannot use the calendar feature and must rely on notifying and forcing the end user.

Changes

Product

Engineering

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

Manual testing steps

  1. Enable calendar integration and a failing policy that creates calendar event(s).
  2. Check to make sure the event was created on the next Tuesday.

Testing notes

Confirmation

  1. [x] Engineer (@getvictor): Added comment to user story confirming successful completion of QA.
  2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.
noahtalerman commented 2 months ago

@lukeheath thanks for tracking this.

Once per week, every two weeks, every three, or last Tuesday (four weeks).

If these were the options, which do you think Fleet would choose when dogfooding?

lukeheath commented 2 months ago

@noahtalerman I would choose one week. Reasons:

  1. We remediate all vulnerabilities within 15 days of detection.
  2. If we choose two weeks, and all vulnerabilities are not resolved on all devices during the maintenance window, we may not have time to manually resolve them before 15 days pass if the vulnerabilities were discovered on the first day of the maintenance cycle.

The only way we can confidently remediate within 15 days is to schedule maintenance windows weekly.

@spokanemac We welcome your input! Do you agree with my thoughts above?

spokanemac commented 2 months ago

@lukeheath Yes, agreed on selecting one week as the interval.

@noahtalerman I would add that with weekly maintenance windows, we have the opportunity for two windows on a user calendar to remediate over 15 days, with a few days to intervene manually.

This also helps account for potential OOO situations where the host may be offline for a week.