Skip to main content
Splunk Lantern

Patch management data


A patch is a change to an operating system or application designed to address known issues, improve and enhance functionality, and resolve discovered security vulnerabilities. Keeping operating systems and applications updated with the latest bug fixes and security patches is an essential task that can prevent unplanned downtime, random application crashes, and security breaches.

Although commercial apps and operating systems often have embedded patching software, some organizations use independent patch management software to consolidate patch management and ensure the consistent application of patches across their software fleet and to build patch jobs for custom, internal applications. Patch management solutions help organizations acquire, test, and deploy patches on applicable systems across the enterprise. These solutions provide visibility to systems eligible for patching, ensure that the enterprise is compliant with patching policy by making sure that patches are applied to all applicable systems within a defined timeframe, and identify systems that were unable to be patched (for example, patch failed or patch mechanism disabled). Patch management software keeps a patch inventory using a database of available updates and can match these against an organization’s installed software. Other features include patch scheduling, post-install testing and validation and documentation of required system configurations and patching procedures. In the Common Information Model, antivirus data is typically mapped to the Updates data model

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Use cases for Splunk security products

Explore the Splunk Security Content site to see what detections you can run in Splunk Enterprise Security with update data.