Can anyone please tell me if we can find out who has created so and so automatic computer groups? Because I don’t see the information available in IEM Console.
Does this mean we need to fetch the information from the database?
Can someone assist me here please? Thanks in Advance.
Just one more query I have with respect to the relevance,
I am trying to get the similar details for multiple computer groups using the below relevance,
(id of it, name of it, name of issuer of it | “”, time issued of it) of bes actions whose (state of it = “Open” AND ((targeting relevance of it contains “member of group 12345”) or (targeting relevance of it contains “member of group 67890”)))
The relevance works fine, do not see any issues there. But I would like to get the actual computer group ID in the result as well against each actions row. Would that be possible?
Additionally can similar relevance be written for Analysis as well? as in to know which computer groups are used in which analysis?
Since we’re filtering on targeting relevance of <bes action>, and that’s the object for which we’re returning properties/data, we can certainly add it as a field, yes. Here’s an example based on your most recent relevance above:
(id of it, name of it, name of issuer of it | "", time issued of it, preceding text of first " " of following text of first "member of group " of targeting relevance of it) of bes actions whose (state of it = "Open" AND ((targeting relevance of it contains "member of group 12345") or (targeting relevance of it contains "member of group 67890")))
For the analysis question, I’m guessing you’re refering to a scenario where the applicability relevance of an analysis might be referencing a Computer Group? Something like this?
Yes the relevance worked absolutely perfect. But I have a query about the relevance statement that you included additionally here,
I understand the additional relevance which is used will be to eliminate space & characters from the response -> (exists true whose (if true then (12345 of site “actionsite”) else false)
But where do we get all these references? I used to search in the forum or bigfix.me or developer works to get some clue about it, but sometimes it is difficult to understand and come-up with such things. Once I get the statement, I can understand the logic behind it. Do we have any specific links, materials where we need to refer to the basic/advanced relevance with more examples? Certainly there are many, but do you have anything specific which can help me to grow better in BigFix?
And yes when it comes to other part (analysis), yes you are right, that’s my query.
When approaching a question like this, I often use https://developer.bigfix.com, and it’s inspector search, or introspection using property. For example, you asked how we might do something similar for analyses. We can start by searching for session relevance inspectors for analyses on developer.bigfix.com, or via something like Presentation Debugger:
Looking at this, notice that in the case of an analysis, the object type that is returned is actually a bes fixlet. We can then look up what sort of properties are available to us for a bes fixlet object. From this page, we can find a number of properties that we can use in this case:
analysis flag of <bes fixlet>
relevance of <bes fixlet>
With this, we can start building our session relevance in steps:
(id of it, name of it, relevance of it) of bes fixlets whose (analysis flag of it)
This will return all analyses and their relevance clauses. We can then use the results to refine our query, and include a better filter similar to before:
(id of it, name of it, preceding text of first " " of following text of first "member of group " of relevance of it) of bes fixlets whose (analysis flag of it AND relevance of it contains "member of group 12345")
Thanks a lot for sending me all the references, which is going to help me a lot in understanding bigfix relevance better.
The relevance for the analysis worked absolutely fine, but looks like this does work only for automatic computer groups and not for manual computer groups? Is that so? Because i have tested it and I can see the same which works only for automatic computer groups.
Can you please confirm what is the reason behind that? Thanks again.
I have got one more query with respect to similar relevance statements.
I am looking for an advise to find out similar relevance to find if whether one automatic or manual computer groups are part of another computer groups in its relevance condition.
I did checked for bes computer groups properties, but looks like I don’t see anything related to find out the same or I am not sure if I am incorrect or whether that should be prepared in a different way opposed to what we have done for actions/analysis above.
I believe have found the relevance for my query above,
(id of it, name of it, preceding text of first " " of following text of first "member of group " of relevance of it) of bes fixlets whose (group flag of it AND relevance of it contains "member of group GROUPID ")
Seems to be fine, but can you check if that is the right statement? Thanks.