Assistance needed with Session Relevance for a Report

I’ve been asked to gather enough data to generate a report indicating which Windows systems in our BigFix Environment are being “patched” with BigFix and which ones are NOT being patched with BigFix.

Basically they want 4 numbers …

  1. Total Number of Windows Devices reporting to BigFix.
  2. Number of Windows Devices that have received at least one patch in the last 90 days.
  3. Number of Windows Devices that have NOT received at least one patch in the last 90 days.
  4. Percentage of Windows Devices not being managed in BigFix.

#3 & #4 can be calculated from #1 & #2.

I can use number of bes computers to count the number of total Devices in our environment, but I’m having trouble limiting it to just Windows Devices.

I have no idea how to return the number of systems that have at least one Action result (or alternately, the number of systems with NO Actions then calculate the Number with at least one). To complicate matters, it wasn’t specified what constitutes “a patch”. I’m suspecting that I should plan to exclude content from “BES Support” and an Internal Site I use to hold custom management Tasks and Fixlets. Or alternately, only those actions where the Source Fixlet has a Source of “Microsoft” or “Oracle”

Any pointers or suggestions would be greatly appreciated

1 Like

I’m pretty sure #1 is already on BigFix.Me somewhere.

number of bes computers whose(exists operating system whose(it starts with "Win") of it)

Do you maintain your action history in the console for 90+ days? (actions are not deleted or purged until at least 90 days old?)

Do you use the audit trail cleaner? How much history do you maintain when you run it if so?

Related:

This is a bit fuzzy. There are actions taken within the last 90 days, or all actions that have a start time or end time within the last 90 days, or all actions that have had applied to a computer within the last 90 days.

There doesn’t seem to be an inspector that gives a time of execution of a bes action result for a computer. This seems like what you would be looking for, but it isn’t available.

It is very likely that to really answer this question completely, you would have to do SQL or DB2 queries using the DB API.

I think if I can answer “How many computers have responded to at least one Patch Action” in the last 90 days it will be enough.

If it makes it any easier, any system that hasn’t been seen online in the last 90 days, is “deleted”, and their data is purged at 180 days.

This is the even easier option:

This is not easy using session relevance.

It would be much easier to list all computers that have executed an action with a start or end date within the last 90 days. This doesn’t give you the exact answer you are looking for, but it would give a higher estimation of the actual number.

I don’t think an “Exact” answer is needed.
I get the impression that they are trying to track down those groups who are not patching their systems through BigFix and are still using one of the multitude of WSUS servers on Campus, or , heaven forbid, Automatic Updates.

1 Like

So it sounds like you care about the Patches for Windows and the Updates for Windows Applications sites specifically.

I believe so since they specified Windows devices only.

Hi Tim,

Here is a statement that maybe you can start with to determine if useful.
I write it with the set operator because if you want to follow up with a report to print all computers that are not managed by BigFix, then you can use the 2nd statement.

Hopefully the filtering logic is readable.

Don’t know, I guess give it a try.

( number of elements of item 0 of it,
  number of elements of item 1 of it,
  number of elements of item 0 of it - number of elements of item 1 of it,
  integer floor of (
    ((number of elements of item 0 of it - 
      number of elements of item 1 of it) as floating point / 
      number of elements of item 0 of it as floating point) * 100 as floating point)    
) of
(
  set of bes computers whose (operating system of it starts with "Win"),
  set of computers of results (
    bes actions whose (
      exists source fixlet of it and
      (display name of site of source fixlet of it="Patches for Windows" or 
       name of site of source fixlet of it="Updates for Windows Applications") and
      now - time issued of it < 90 * day),
    bes computers whose (operating system of it starts with "Win")
    )
)

A follow-up statement to then get all those computers not being managed.

(
    (name of it, operating system of it) of 
    elements of (item 0 of it - item 1 of it)
) of
(
  set of bes computers whose (operating system of it starts with "Win"),
  set of computers of results (
    bes actions whose (
      exists source fixlet of it and
      (display name of site of source fixlet of it="Patches for Windows" or 
       name of site of source fixlet of it="Updates for Windows Applications") and
      now - time issued of it < 90 * day),
    bes computers whose (operating system of it starts with "Win")
    )
)