I’ve noticed, or at least I think I’ve noticed, that after the initial release of the bulk of the patches, other patches sometimes start to trickle in days or more later… That’s fine and all, but it really screws up my baselines when a new update comes in but still has the same “Source Release Date”. It would be nice if say, an update that was made available to BigFix on the 10/9, it would actually have 10/9 on the source release date instead of 10/8 (using Oct for example). Or, if maybe the console had and additional column that could be added called “Last Modified Date” or like WSUS “Arrival Date” or something like that. I recreated my baselines three times to pick up some of the updates I noticed that were there the day after the BigFix/MS release date. I think one of them was a SHA update, and the other a SQL update. …and there could be others I don’t even know about yet…
Am I doing something wrong, or are other people seeing the same thing?
Is there a way I can compare what is in my current baseline, to what is available/needed to see if I’m missing something that was released at a later date without having to create a new one?
It would also be nice if it would prompt you when adding a duplicate fixlet to a baseline stating that the fixlet is already in the current baseline. I don’t know if that’s possible or not, but just a thought.
This is an issue that we’ve discussed with our BigFix Advocate also and it would be really nice if we could see the actual date the fixlets were added in the console instead of just the release date.
The session relevance below will return the name, release date and the modification time of the fixlets. I believe the modification time is the actual date it was added.
(name of it, source release date of it, modification time of it) of bes fixlets whose (name of site of it = "Enterprise Security" and source release date of it >= (first tuesday of month_and_year of current date + 1 *week))
Then to identify the fixlets from the “Enterprise Security” site from the current month that are not already in the baseline “-- October 2019” you could use something like this:
(name of it, source release date of it, modification time of it) of bes fixlets whose (name of site of it = "Enterprise Security" and source release date of it >= (first tuesday of month_and_year of current date + 1 *week) AND id of it is not contained by set of (ids of source fixlets of components of component groups of bes baseline whose (name of it contains "-- October 2019")))
I’ve noticed this as well and I agree that it would be nice for BigFix to display that since it has prompted questions from mgmt & security as to why some patches were not included in our baselines when the release date says it was prior to the baseline creation.
