By default, policy notifications can be sent 24/7 by Patchman. The exact time a notification is sent is determined by the time the detection was originally made, and by the relative delay settings in your policy. This means that detections can very well be patched at night, or in the weekend, and notifications could be sent at those times as well.
This behavior can be undesirable in some situations. You may not have support staff on hand to deal with questions following a detection in the weekend, for example. For this reason, we have a feature that allows you to set your operational hours. This feature defines the time ranges in which actions can be executed by Patchman. You are able to configure a time range per day of the week, including options for "all day" and "not at all".
The operational hours are based on the time zone for the organization or suborganization that owns the policy. This timezone can be set in the Company Profile page.
To set up the operational hours for a policy, go to the Policies page, select the policy you want to edit and go to the "Operational hours" section. Here, you can enable this feature, and configure the custom schedule.
Please note that the operational hours come with trade-offs in efficacy and resource management. Vulnerabilities and malware detections will not be resolved outside of operational hours, which means that your servers and users will stay vulnerable until the next window of operational hours.
Secondly, shifting Patchman's operational hours to align with your business hours means that actions can be concentrated and executed during the hours that your server is busiest. Consider if this change in load distribution is acceptable for your situation, and disable or adjust the operational hours accordingly.