Is there an easy way to tag systems or other to get all of these great patch and compliance reports to not include the ‘scanner’ tasks, or the tasks which are prep for an update like the “Office available for network share” fixlets.
These appear on all reports and also in the stats, artificially raising the counts for vulnerabilities, and missed updates.
Their presence in the reports cause alot of explaining to the people above when they keep appearing.
With SCA, Webreports and the new CyberFocus reports, you have the ability to add filters to remove content or site data. Also SCA allows you to choose which patch sites you pull in for reporting.
I agree i can keep filtering but in general these things are not Vulnerabilities.
they are either tools to detect a vulnerability or actions to setup to support patching, but NOT actually patching
The challenge is as i provide other business and audit teams access to the interactive reports to self generate, they will not know what they are seeing except in their report that there are like 6-8 Office network share updates not applied, and a scanner for something…
Maybe a feature request to add another meta data tag to identify task/fixlets with CVEs which fix something vs just tools to detect or setup something to scan.
In the Bigfix Console, i have most of these things Globally Hidden, as i have had some admins setting up every server to support office network share updates… as they didn’t pay attention to detail, and just followed running ‘critical’ or ‘important’ updates
Can you provide an example? but do not show private data? I still don’t think I understand. I do not see these operational type fixlets/tasks in my lab reports
I have tried to find documentation for the Bigfix Office client settings and also did a little review of the relevance to run a policy to force set systems to not be relevant…
Would be nice if HCL provided a simple task to TAG the Office installs, to USE Network share, or USE Local, and also clearly identify systems which will Host the Office Network share - vs assuming all can host with EVERY patch update.
aka release the setup for the next update of Office to only be relevant to the hosts explicitly already taged to support hosting the share, or remove the CVE references from the SETUP tasks
I don’t know if it’s relevant or helpful, but to exclude certain things in web reports I put a single term like ‘Superseded’ as a comment on fixlets or other content and then create a filter for content such that any comments containing ‘Superseded’ are filtered. That’s basically a tag and you don’t have to make a thousand different filters for each name or number or whatever.