Is there an easy way to tag systems or other to get all of these great patch and compliance reports to not include the ‘scanner’ tasks, or the tasks which are prep for an update like the “Office available for network share” fixlets.
These appear on all reports and also in the stats, artificially raising the counts for vulnerabilities, and missed updates.
Their presence in the reports cause alot of explaining to the people above when they keep appearing.
Which reports specifically are we talking about?
Is this WebReports? Compliance? Insights?
CVE Search reports and the new CyberFocus
Compliance SCA Patch reports
Both Webreports and SCA
We tried to implement Insights but had issues last year, have not gone back yet to try the latest.
With SCA, Webreports and the new CyberFocus reports, you have the ability to add filters to remove content or site data. Also SCA allows you to choose which patch sites you pull in for reporting.
I agree i can keep filtering but in general these things are not Vulnerabilities.
The challenge is as i provide other business and audit teams access to the interactive reports to self generate, they will not know what they are seeing except in their report that there are like 6-8 Office network share updates not applied, and a scanner for something…
Maybe a feature request to add another meta data tag to identify task/fixlets with CVEs which fix something vs just tools to detect or setup something to scan.
Can you provide an example? but do not show private data? I still don’t think I understand. I do not see these operational type fixlets/tasks in my lab reports
Ok, I think I get it now. I think at this point you are stuck with filtering out unwanted items/sites etc.
Yea - its a bit funky
I have tried to find documentation for the Bigfix Office client settings and also did a little review of the relevance to run a policy to force set systems to not be relevant…
Would be nice if HCL provided a simple task to TAG the Office installs, to USE Network share, or USE Local, and also clearly identify systems which will Host the Office Network share - vs assuming all can host with EVERY patch update.
aka release the setup for the next update of Office to only be relevant to the hosts explicitly already taged to support hosting the share, or remove the CVE references from the SETUP tasks
I don’t know if it’s relevant or helpful, but to exclude certain things in web reports I put a single term like ‘Superseded’ as a comment on fixlets or other content and then create a filter for content such that any comments containing ‘Superseded’ are filtered. That’s basically a tag and you don’t have to make a thousand different filters for each name or number or whatever.
Comments are under used and can be extremely helpful with reporting