Hi everyone!
I would like to ask if it’s possible to use relevance code through the REST-API to look for Linux BESClients (rhel-based and/or debian-based) with specific packages installed.
I need that to create a fixlet that needs to check if an installed package exists on the VM or not.
The package needs to be removed because of a vulnerability issue, so I wanted to create a fixlet with some relevance code to check for this propriety and verify the end of it using the success criteria.
While looking into the BigFix WebReports I noticed a property that matched my needs, “Packages Installed - Linux (Application Information (Linux))”.
I’ve then created a report to check all the VMs that matched my conditions and it worked.
My issue is that I did not find a way to check for the packages installed through the REST-API, I’ve deeply inspected the inspector search with no luck.
Does anyone have any insights on the matter?
I’m open to any kind of feedback, everyone is welcome!
What you’re trying to do is supported by client relevance, as in the definition of the “Packages Installed - Linux (Application Information (Linux))” property you found. There are a couple of options to get that info through the REST API.
If you’re looking for property results for a particular computer, you can use the GET /api/computer/{computer ID} endpoint of the REST API. Property names and values are in the XML returned for the computer. https://developer.bigfix.com/rest-api/api/computer.html
Alternatively, you could collect that property result with session relevance using the GET /api/query?relevance=(your relevance here) endpoint of the REST API. This is the most flexible and usually the most efficient method, as long as a property exists for the data you want to query, and as a side benefit you can get the results in JSON by appending &output=json to the URL. The cost is writing the session relevance to get the properties you want, but there are lots of great people on the forum to help with that if you haven’t done it before. https://developer.bigfix.com/rest-api/api/query.html
The most interesting option is to use client query through the REST API, which involves making a query and then asynchronously checking for its results. It’s more work but you get to make your own freeform client relevance queries with it. That would let you make arbitrary package queries like you’d find in the applicability relevance of the Patches for RHEL or Patches for Ubuntu sites, for example exists package "openssl" whose (rpm version record of it < rpm package version record "1:1.0.1e-34.el7_0.3" and architecture of it = "x86_64") of rpm (plenty of examples in those sites). You pay for that flexibility by having to follow a multi-step process: post the query with POST /api/clientquery to get a query ID, then use GET /api/clientquery/{query ID} to check the results a few times until you get all the responses (or as many as you think you’ll get). https://developer.bigfix.com/rest-api/api/bigfix_query.html
