The Get-Compliance cmdlet should help you with that.
You could run the following before and after the patching cycle.
Get-Baseline -TargetType Host
-BaselineType Patch
-PipelineVariable base
|ForEach-Object -Process {
Get-VMHost -PipelineVariable esx |
Get-Compliance -baseline $base -Detailed |
ForEach-Object -Process {
$_.NotCompliantPatches |
ForEach-Object -Process {
New-Object PSObject -Property @{
Baseline = $base.Name
VMHost = $esx.Name
Patch = $_.Name
ID = $_.IdByVendor
ReleaseDate = $_.ReleaseDate
Category = $_.Category
Severity = $_.Severity
}
}
}
}