I’ve found PatchMon to be excellent at prioritizing Linux patching for groups of servers. Depending on how critical vs exposed they are.