(imported topic written by SystemAdmin)
Hello,
Does the AntiPest module keep track of found pests - based only on “lifetime” and “last scan”? Would like to setup a weekly, report that emails the manager of our support team the pests found during that week. Since we scan one or more times during a day - “last scan” will not give us numbers based on a specific period of time. Is there anyway to do this? Thanks.
Mike
(imported comment written by jessewk)
Mike,
That is a feature that will be available in AntiPest 2.0, which will be released soon. We have a policy of not posting specific release dates or roadmap items on the forum, so sorry I can’t be more specific than that.
You could probably also pull the data out of the database, but the query to do so would be complicated.
-Jesse
(imported comment written by SystemAdmin)
I can’t wait to see 2.0. Reporting in current version is severely lacking and I’m getting a good amount of flack about how difficult it is to get useful data from it. Especially out of the web reporter. There is way too much effort that is needed to do something as simple as see what a specific PC might have had for infections and such. I hope the release is soon. Thanks.
(imported comment written by SystemAdmin)
We recently upgraded our AntiPest Deployment to 2.0 to take advantage of the expanded reporting ability. Unfortunately the default report in WP won’t work and reports “Singular expression refers to nonexistent object.” for each of the four time increments. I have opened a case with support but they have been unable to solve the problem. They suggested I post here since in the end what I really want is a CSV report. Below is a bit of code I pulled from the report and the results. My problem is everything is dumped on a single line when I export a report. I’ve created a couple of Custom Reports before but the syntax on this one is confusing me. I don’t even need a CSV just a text file with returns at the end of each line will suffice since I’ll be manipulating the data with Python into a CSV format I want tallying totals for each pest and category.
CUSTOM REPORT
<?relevance (values whose (((exists it as integer AND it as integer <= 1) of following text of last ", " of preceding text of last "," of it)) of it) of (results (applicable computers whose (exists result (it, bes property "Last Report Time") whose (exists value whose (exist it as time and it as time > now - 1 * day) of it)) of item 0 of it, item 1 of it)) whose (not error flag of it) of (it , property 1 of it) of fixlets 6 of bes sites whose (name of it = "BigFix AntiPest") ?>RESULTS
DameWare Mini Remote Control, Commercial RAT, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453060041, 1, 4PsKill, Misc Tool, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074727, 1, 2PsKill, Misc Tool, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074727, 1, 1PsKill, Misc Tool, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074727, 1, 1PsKill, Misc Tool, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074727, 1, 1PsKill, Misc Tool, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074727, 1, 1PsKill, Misc Tool, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074727, 1, 1PsKill, Misc Tool, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074727, 1, 1MediaPipe, Adware, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097812, 1, 1PsKill, Misc Tool, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074727, 1, 2
(imported comment written by BenKus)
Hey Hexadecimal,
I think the values are all on one line because it is a “plural result” and the default behavior is to concatenate them into a single line… You can explicitly set the concatenation delimiter with something like this:
<?relevance concatenation "%0d%0a" of (values whose (((exists it as integer AND it as integer <= 1) of following text of last ", " of preceding text of last "," of it)) of it) of (results (applicable computers whose (exists result (it, bes property "Last Report Time") whose (exists value whose (exist it as time and it as time > now - 1 * day) of it)) of item 0 of it, item 1 of it)) whose (not error flag of it) of (it , property 1 of it) of fixlets 6 of bes sites whose (name of it = "BigFix AntiPest") ?>Ben
(imported comment written by jessewk)
Also if you have 7.x, we published a new report a couple months ago that appears in the ‘Content Reports’ section of the reports list. You can set up a scheduled activity based on this report. If you set it to email you anytime the report changes, you’ll get notified upon new infections.
Jesse
(imported comment written by SystemAdmin)
Ben,
Thank you that worked. One more question. Based on what the Content Report should look like then the last column in my report should be “Time Found” but it is showing single digit integers e.g. ‘1’ or ‘4’, any ideas?
Jesse,
The Content Report you speak of is unfortunately the one that is not working for me. Although I don’t understand why it would be giving the “Singular expression refers to nonexistent object” message when I can query the same data using a similar relevance in a custom report. Unless the report code is wrong which I asked support to check when I sent it to them.
(imported comment written by SystemAdmin)
Ben,
I ran a 30 day report and it looks like the last column is the number of instances and the second to last column is which timeframe it will report in since I’m only seeing integer values of 1, 7, 14, and 30, these numbers match what I see in the Dashboard. I guess the code I’m not including does all the reformatting. Now I’ll see if I can get the computer name back into the report and I should be golden.
(imported comment written by SystemAdmin)
Looking to the original report I tried adding “name of computer of it,” but get a “The operator “concatenation” is not defined” message so I obviously have it in the wrong spot. If it makes it easier I don’t care what order the fields are in. Is it also possible to report on whether or not AntiPest removed the infection or is that just a given if it’s being reported on?
<?relevance concatenation "%0d%0a" of (name of computer of it, values whose (((exists it as integer AND it as integer <= 1) of following text of last ", " of preceding text of last "," of it)) of it) of (results (applicable computers whose (exists result (it, bes property "Last Report Time") whose (exists value whose (exist it as time and it as time > now - 1 * day) of it)) of item 0 of it, item 1 of it)) whose (not error flag of it) of (it , property 1 of it) of fixlets 6 of bes sites whose (name of it = "BigFix AntiPest") ?>(imported comment written by BenKus)
Does this help?
<?relevance concatenation "%0d%0a" of (name of computer of it & "," & concatenation ", " of values whose (((exists it as integer AND it as integer <= 1) of following text of last ", " of preceding text of last "," of it)) of it ) of (results (applicable computers whose (exists result (it, bes property "Last Report Time") whose (exists value whose (exist it as time and it as time > now - 1 * day) of it)) of item 0 of it, item 1 of it)) whose (not error flag of it) of (it , property 1 of it) of fixlets 6 of bes sites whose (name of it = "BigFix AntiPest") ?>Ben
(imported comment written by SystemAdmin)
Ben,
I get the same message I see with the built in report “Singular expression refers to nonexistent object.” I don’t know if it is relevant but we’re running WP 7.0.7.96 and Console 7.0.7.82 (I had to upgrade WP due to problems).
(imported comment written by BenKus)
That error means that we are trying to look something up that doesn’t exist…
I added some more error checking:
<?relevance concatenation "%0d%0a" of (name of computer of it & "," & concatenation ", " of values whose (((exists it as integer AND it as integer <= 1) of following text of last ", " of preceding text of last "," of it)) of it ) of (results (applicable computers whose (exists last report time of it AND exists name of it AND result (it, bes property "Last Report Time") whose (exists value whose (exist it as time and it as time > now - 1 * day) of it)) of item 0 of it, item 1 of it)) whose (not error flag of it) of (it , property 1 of it) of fixlets 6 of bes sites whose (name of it = "BigFix AntiPest") ?>Maybe that will work… I can’t test because I don’t have the same data available…
Ben
(imported comment written by SystemAdmin)
Bingo!
Thank you Ben. The code was throwing a boolean error but after I added an “exists” after your last “AND” it worked . When I added your additional error checking to the original AntiPest report it started to work as well. Below is the final code I ended up with. Thanks again. ~ Jason
<?relevance concatenation "%0d%0a" of (name of computer of it & "," & concatenation ", " of values whose (((exists it as integer AND it as integer <= 30) of following text of last ", " of preceding text of last "," of it)) of it ) of (results (applicable computers whose (exists last report time of it AND exists name of it AND EXISTS result (it, bes property "Last Report Time") whose (exists value whose (exist it as time and it as time > now - 1 * day) of it)) of item 0 of it, item 1 of it)) whose (not error flag of it) of (it , property 1 of it) of fixlets 6 of bes sites whose (name of it = "BigFix AntiPest") ?>(imported comment written by SystemAdmin)
OK, followup question.
I was able to breakout the report to show totals for each Pest and Category but now management would like to see which pests were actually cleaned and which were merely reported on. Is that possible and how? If there are pests that are reported on but not cleaned, after 30 days will they drop off the report even though they’re still on the system?
Edit: If it is possible I’m assuming it would simply be a property indicating whether or not the pest incident was quarantined. What would then be the property and how would it fit into the relevance above?
(imported comment written by SystemAdmin)
Is there a list of properties available for the AntiPest site?
(imported comment written by BenKus)
You want just the names of the properties? If so, I used this relevance to generate the list:
names of bes properties whose (name of site of source analysis of it = “BigFix AntiPest”)
Pests Found (Lifetime) - BigFix AntiPest
Number of Pests Found (Lifetime) - BigFix AntiPest
Number of Pests in Quarantine - BigFix AntiPest
On-Demand: Pests Found Last Scan - BigFix AntiPest
On-Demand: Number of Pests Found Last Scan - BigFix AntiPest
On-Demand: Number of Pests Quarantined Last Scan - BigFix AntiPest
On-Demand: Errors Last Scan
On-Demand: Number of Scans - BigFix AntiPest
On-Demand: Average Scan Duration - BigFix AntiPest
On-Demand: First Scan Time - BigFix AntiPest
On-Demand: Last Scan Start Time - BigFix AntiPest
On-Demand: Last Scan Finish Time - BigFix AntiPest
BigFix AntiPest Version - BigFix AntiPest
AntiPest Engine Version - BigFix AntiPest
Definition Version - BigFix AntiPest
Last Definition Update - BigFix AntiPest
Install Date - BigFix AntiPest
Scan Only - BigFix AntiPest
Remove Quarantined - BigFix AntiPest
Common Locations Scan - BigFix AntiPest
Cookie Scan - BigFix AntiPest
Memory Scan - BigFix AntiPest
Registry Scan - BigFix AntiPest
Category Exclusions - BigFix AntiPest
Pest Exclusions - BigFix AntiPest
Path Exclusions - BigFix AntiPest
Scan Paths - BigFix AntiPest
Ben
(imported comment written by SystemAdmin)
Thank you Ben, the end result I was looking for was a report that shows what was cleaned and not just what was found. I received an email back from support saying this is not currently possible but they hope to add the function in the future.