Bigfix relevance to extract custom report

Content Authoring
1

Hi All,

I am trying to extract a custom report via relevance that contains that is filtered by Site - Baseline- Computer Group.

Expected Output-

  1. All Fixlets available in the Baseline

  2. Number of computers on which the patch is applicable

  3. Number of computers on which the patch is remediated/installed

    Name of Fixlet Source Severity Sourse Release date Applicable computer count Remediated Computer count
    XYZ Important 12-07-2014 100 50

We are using this relevance

(name of computer of it , (name of fixlet of it) , (if (exists category of fixlet of it) then category of fixlet of it else "Unspecified" ) , (if (exists Source Severity of fixlet of it) then Source Severity of fixlet of it as string else "Unspecified") , (Source Release Date of fixlet of it as string) , (Applicable Computer Count of fixlet of it as string) , (Display Name of Site of fixlet of it as string) ) of results whose (remediated flag of it = true or relevant flag of it = true) of bes fixlets whose ((display name of site of it = "Patches for Windows") AND (Applicable Computer Count of it > 0) AND (Category of it as string as lowercase = "security update" or Category of it as string as lowercase = "security update") AND (current date - source release date of it > 30 * day))

2

If I’m understanding what you want correctly, something like this should get you what you need:

(name of it, source severity of it | "Unspecified", source release date of it as string | "NA", applicable computer count of it, number of results whose (remediated flag of it = true) of it) of source fixlets of components of component groups of bes baselines whose (name of it = "MYCOOLBASELINE")

We’re giving it the name of a baseline, asking it to look at the source fixlets of the components of the baseline, then using the various bes fixlet properties to access the rest of the information you want. The last property, where you get the number of remediated results, will only be as accurate as your action history. If you’re consistent about clearing out old actions, you won’t have access to the remediated numbers from them.

1 Like
3

Hi Adam,

Thanks for the Query is there a possible way by which we can filter based on the computer group not for all computers ?

4

How can we embed this query for specific computer group ?

5

To filter it down to a particular computer group, you can use sets. In order to get what’s going on here, you should make sure you have an understanding of sets and tuples. In the two cases that we’re returning numbers of computers, we will use the intersection of two sets to filter the number down. We can already easily get the applicable computer set of the fixlets in the baseline by changing applicable computer count of it to applicable computer set of it. We can also get the set of computers from the fixlet results by changing number of results whose (remediated flag of it = true) of it) to set of computers of results whose (remediated flag of it = true) of it).

That gives us:

(name of it, source severity of it | "Unspecified", source release date of it as string | "NA", applicable computer set of it, set of computers of results whose (remediated flag of it = true) of it) of source fixlets of components of component groups of bes baselines whose (name of it = "MYCOOLBASELINE")

Now we need to introduce the set of members of a particular group. You can get that by doing:
member set of bes computer group whose (name of it = "MYCOOLGROUP").

If we introduce it as item 5 of the tuple we created above, we get:

(name of it, source severity of it | "Unspecified", source release date of it as string | "NA", applicable computer set of it, set of computers of results whose (remediated flag of it = true) of it, member set of bes computer group whose (name of it = "MYCOOLGROUP")) of source fixlets of components of component groups of bes baselines whose (name of it = "MYCOOLBASELINE")

All that’s left now is to actually do the comparison. You can compare two sets to each other by doing intersection of (set1; set 2). We’re going to do that twice in our query, and then finish it off by counting the elements of the intersection of the set:

(item 0 of it, item 1 of it, item 2 of it, number of elements of intersection of (item 3 of it; item 5 of it), number of elements of intersection of (item 4 of it; item 5 of it)) of (name of it, source severity of it | "Unspecified", source release date of it as string | "NA", applicable computer set of it, set of computers of results whose (remediated flag of it = true) of it, member set of bes computer group whose (name of it = "MYCOOLGROUP")) of source fixlets of components of component groups of bes baselines whose (name of it = "MYCOOLBASELINE")

Let me know if I can explain any of this. The session relevance documentation at https://developer.bigfix.com/relevance/guide/session/ is invaluable.

4 Likes
6

Hi Adam,

Many Many thanks for the query it satisfies what i was looking for :grinning:

Regards,
DB