Patching servers individually is time-consuming and error-prone at scale. Task Hub automates batch vulnerability fixing across your server fleet: select a policy template, choose your target servers and vulnerabilities, schedule the run, and let Task Hub handle the rest.
Prerequisites
Before you begin, make sure that:
Your Security Center subscription is Enterprise or Ultimate. If not, upgrade your subscription
Each target server's protection edition is Enterprise or Ultimate. For details, see Attach a protection edition to a server
Pay-as-you-go billing is enabled for Vulnerability Fixing. If not, go to Purchase to enable it
Supported vulnerability types
Task Hub supports batch auto-fixing for these vulnerability types only:
Linux software vulnerabilities
Windows system vulnerabilities
Web-CMS vulnerabilities
Vulnerabilities outside these categories must be fixed manually.
Create a task
Step 1: Open the Playbook page
Log on to the Security Center console.
In the left navigation pane, choose System Settings > Playbook.
Step 2: Select a policy
If you do not have a policy yet, go to the Policy Template tab, find a template that fits your needs, and click Clone in the Actions column. The cloned template appears on the My Policies tab.
On the My Policies tab, find the policy you want to use and click Create Task in the Actions column.
Step 3: Configure the task
On the Create Task page, fill in the following:
Task Name
Enter a descriptive name for the task.
Asset list
Select the servers to patch:
To patch an entire group, select a group in the Asset Group module. All servers in the group are selected automatically. Refine your selection in the Asset module on the right.
To patch specific servers, search by asset name, IP address, or tag in the Asset module. Fuzzy search is supported.
Select vulnerabilities to fix
Click the Linux Software Vulnerability, Windows System Vulnerability, or Web-CMS Vulnerability tab and select the vulnerabilities to fix. The list shows only vulnerabilities detected on the assets you selected. You can select up to 200 vulnerabilities per task.
Snapshot storage time
Before the task runs, Security Center creates a snapshot of each target server. The default storage period is one day. You can change the storage duration.
Notification
Select how to be notified when the task finishes. Supported channels: DingTalk chatbot and email.
Execution time
Choose Immediately to run the task right away, or set a custom start time to schedule it for off-peak hours.
Step 4: Submit the task
Click Create Task. A success message confirms that the task was created, and you are redirected to the Task Management page.
View task details
Log on to the Security Center console.
In the left navigation pane, choose System Settings > Playbook.
On the Task Management tab, find the task and click Details in the Actions column.