Ability to skip some Fixlets/tasks from Compliance reports?

mesee2 2022-11-15 17:58:08 UTC #1

Is there an easy way to tag systems or other to get all of these great patch and compliance reports to not include the ‘scanner’ tasks, or the tasks which are prep for an update like the “Office available for network share” fixlets.

These appear on all reports and also in the stats, artificially raising the counts for vulnerabilities, and missed updates.

Their presence in the reports cause alot of explaining to the people above when they keep appearing.

menglish66 2022-11-15 18:40:28 UTC #2

Which reports specifically are we talking about?

Is this WebReports? Compliance? Insights?

mesee2 2022-11-15 19:09:05 UTC #3

CVE Search reports and the new CyberFocus
Compliance SCA Patch reports

Both Webreports and SCA

We tried to implement Insights but had issues last year, have not gone back yet to try the latest.

menglish66 2022-11-15 19:40:31 UTC #4

With SCA, Webreports and the new CyberFocus reports, you have the ability to add filters to remove content or site data. Also SCA allows you to choose which patch sites you pull in for reporting.

mesee2 2022-11-15 19:56:33 UTC #5

I agree i can keep filtering but in general these things are not Vulnerabilities.

they are either tools to detect a vulnerability or actions to setup to support patching, but NOT actually patching

The challenge is as i provide other business and audit teams access to the interactive reports to self generate, they will not know what they are seeing except in their report that there are like 6-8 Office network share updates not applied, and a scanner for something…

Maybe a feature request to add another meta data tag to identify task/fixlets with CVEs which fix something vs just tools to detect or setup something to scan.

In the Bigfix Console, i have most of these things Globally Hidden, as i have had some admins setting up every server to support office network share updates… as they didn’t pay attention to detail, and just followed running ‘critical’ or ‘important’ updates

menglish66 2022-11-15 19:59:21 UTC #6

Can you provide an example? but do not show private data? I still don’t think I understand. I do not see these operational type fixlets/tasks in my lab reports

menglish66 2022-11-15 20:10:22 UTC #7

Ok, I think I get it now. I think at this point you are stuck with filtering out unwanted items/sites etc.

mesee2 2022-11-15 20:50:29 UTC #8

Yea - its a bit funky

I have tried to find documentation for the Bigfix Office client settings and also did a little review of the relevance to run a policy to force set systems to not be relevant…

Would be nice if HCL provided a simple task to TAG the Office installs, to USE Network share, or USE Local, and also clearly identify systems which will Host the Office Network share - vs assuming all can host with EVERY patch update.

aka release the setup for the next update of Office to only be relevant to the hosts explicitly already taged to support hosting the share, or remove the CVE references from the SETUP tasks

Sophia 2022-11-16 23:52:21 UTC #9

I don’t know if it’s relevant or helpful, but to exclude certain things in web reports I put a single term like ‘Superseded’ as a comment on fixlets or other content and then create a filter for content such that any comments containing ‘Superseded’ are filtered. That’s basically a tag and you don’t have to make a thousand different filters for each name or number or whatever.

menglish66 2022-11-16 23:55:56 UTC #10

Comments are under used and can be extremely helpful with reporting