Hello,
Can anyone please tell me if we can find out who has created so and so automatic computer groups? Because I don’t see the information available in IEM Console.
Does this mean we need to fetch the information from the database?
Can someone assist me here please? Thanks in Advance.
Session Relevance:
(
name of it , name of issuer of it | "<deleted>"
)
of bes computer groups
whose
(
id of it = <your group id>
)
You will get <deleted> if the operator that created the group no longer exists
Hello,
Thanks a lot for your response.
Yes I am able to get the information if the operator does exists in the console, so that looks fine.
But do you know if we can get what are all the open actions that are targeted based on the specific group ID?
Thnx again for all your great help.
Here’s some sample session relevance where you can find open actions targeted to a specific group ID:
(id of it, name of it) of bes actions whose (state of it = "Open" AND targeting relevance of it contains "member of group 12345")
Hello Aram,
Thanks a lot for your support. I am able to get the required information.
Hello Aram,
Just one more query I have with respect to the relevance,
I am trying to get the similar details for multiple computer groups using the below relevance,
(id of it, name of it, name of issuer of it | “”, time issued of it) of bes actions whose (state of it = “Open” AND ((targeting relevance of it contains “member of group 12345”) or (targeting relevance of it contains “member of group 67890”)))
The relevance works fine, do not see any issues there. But I would like to get the actual computer group ID in the result as well against each actions row. Would that be possible?
Additionally can similar relevance be written for Analysis as well? as in to know which computer groups are used in which analysis?
Can you please assist? Thanks.
Since we’re filtering on targeting relevance of <bes action>, and that’s the object for which we’re returning properties/data, we can certainly add it as a field, yes. Here’s an example based on your most recent relevance above:
(id of it, name of it, name of issuer of it | "", time issued of it, preceding text of first " " of following text of first "member of group " of targeting relevance of it) of bes actions whose (state of it = "Open" AND ((targeting relevance of it contains "member of group 12345") or (targeting relevance of it contains "member of group 67890")))
For the analysis question, I’m guessing you’re refering to a scenario where the applicability relevance of an analysis might be referencing a Computer Group? Something like this?
Hello Aram,
Yes the relevance worked absolutely perfect. But I have a query about the relevance statement that you included additionally here,
I understand the additional relevance which is used will be to eliminate space & characters from the response -> (exists true whose (if true then (12345 of site “actionsite”) else false)
But where do we get all these references? I used to search in the forum or bigfix.me or developer works to get some clue about it, but sometimes it is difficult to understand and come-up with such things. Once I get the statement, I can understand the logic behind it. Do we have any specific links, materials where we need to refer to the basic/advanced relevance with more examples? Certainly there are many, but do you have anything specific which can help me to grow better in BigFix?
And yes when it comes to other part (analysis), yes you are right, that’s my query.
Thanks again for all your help.
There are a number of resources. If you haven’t already seen the Relevance Guide and Tutorial on developer.bigfix.com, that might be a good place to start.
When approaching a question like this, I often use https://developer.bigfix.com, and it’s inspector search, or introspection using property. For example, you asked how we might do something similar for analyses. We can start by searching for session relevance inspectors for analyses on developer.bigfix.com, or via something like Presentation Debugger:
Looking at this, notice that in the case of an analysis, the object type that is returned is actually a bes fixlet. We can then look up what sort of properties are available to us for a bes fixlet object. From this page, we can find a number of properties that we can use in this case:
analysis flag of <bes fixlet>relevance of <bes fixlet>With this, we can start building our session relevance in steps:
(id of it, name of it, relevance of it) of bes fixlets whose (analysis flag of it)
This will return all analyses and their relevance clauses. We can then use the results to refine our query, and include a better filter similar to before:
(id of it, name of it, preceding text of first " " of following text of first "member of group " of relevance of it) of bes fixlets whose (analysis flag of it AND relevance of it contains "member of group 12345")
Hello Aram,
Thanks a lot for sending me all the references, which is going to help me a lot in understanding bigfix relevance better.
The relevance for the analysis worked absolutely fine, but looks like this does work only for automatic computer groups and not for manual computer groups? Is that so? Because i have tested it and I can see the same which works only for automatic computer groups.
Can you please confirm what is the reason behind that? Thanks again.
I believe manual groups are referenced by their name rather than their ID when it comes to targeting/applicability relevance.
Here’s an example targeting relevance for an action from my environment targeted against a manual group:
exists true whose (if true then (exists setting "__Group_0_Demo Group" whose (value of it is "True") of client) else false)
Hello Aram,
Yes, thats correct. I did noticed when I checked the relevance statement of both automatic computer groups/ manual group involved.
Now I will try to modify the relevance to suit based on the manual computer group.
Thanks a lot for all your help here. Much appreciated.
Hello Aram,
Hope you are doing fine.
I have got one more query with respect to similar relevance statements.
I am looking for an advise to find out similar relevance to find if whether one automatic or manual computer groups are part of another computer groups in its relevance condition.
I did checked for bes computer groups properties, but looks like I don’t see anything related to find out the same or I am not sure if I am incorrect or whether that should be prepared in a different way opposed to what we have done for actions/analysis above.
Please let me know your suggestions, Thanks.
Hello Aram,
I believe have found the relevance for my query above,
(id of it, name of it, preceding text of first " " of following text of first "member of group " of relevance of it) of bes fixlets whose (group flag of it AND relevance of it contains "member of group GROUPID ")
Seems to be fine, but can you check if that is the right statement? Thanks.