Cve report

(imported topic written by anthonymap91)

I hope someone can help, please

I need to create a report that will list out the Fixlet ID, Fixlet name, category, source, Source Severity and CVE number.

This report is filtered by:

Include sites:

Patches for Windows (English)

Patches for AIX

Patches for ESX

Patches for HP-UX

Patches for Oracle

Patches for RHEL 3

Patches for RHEL 4

Patches for RHEL 5

Patches for RedHat Enterprise Linux

Patches for RedHat Linux

Patches for SUSE Linux Enterprise

Patches for Solaris

Patches for Solaris Maintenance

Updates for Windows Applications

Include Fixlet categories:

Recommended Security

Required by a Recommended/Security Patch

Security

Security Advisory

Security Fix

Security Hotfix

Security Setting

Security Update

Security fix

Service Pack

Example:

Fixlet name Fixlet ID Category Source Source Severity CVE

MSXX-11 - name 2000401 Security Hotfix Microsoft High CVE-2000-0089, CVE-2000-0090

MSXX-22 - name 2000401 Security Hotfix Microsoft High CVE-2000-0075

MSXX-33 - name 2000401 Security Hotfix Microsoft High CVE-2000-0076

Also I need to have all CVE numbers that are on one line to be on the next line:

Before:

Fixlet name Fixlet ID Category Source Source Severity CVE

MSXX-11 - name 2000401 Security Hotfix Microsoft High CVE-2000-0089,CVE-2000-0090

MSXX-22 - name 2000401 Security Hotfix Microsoft High CVE-2000-0075

MSXX-33 - name 2000401 Security Hotfix Microsoft High CVE-2000-0076

After:

Fixlet name Fixlet ID Category Source Source Severity CVE

MSXX-11 - name 2000401 Security Hotfix Microsoft High CVE-2000-0089

MSXX-11 - name 2000401 Security Hotfix Microsoft High CVE-2000-0090

MSXX-22 - name 2000401 Security Hotfix Microsoft High CVE-2000-0075

MSXX-33 - name 2000401 Security Hotfix Microsoft High CVE-2000-0076

Thanks for the help

(imported comment written by BenKus)

You can use a filtered “All Fixlets” report in the Web Reports to get this data (use the “Preferences” to choose the columns for the Fixlet report to include CVE and other things you might want).

The only issue is that the CVE will be on one line… to get it on multiple lines, you will need to use the Excel Connector (http://support.bigfix.com/labs/excelconnect.html) and then use this session relevance:

(name of it, id of it, (if exists category of it then category of it else “n/a”), (if exists source of it then source of it else “n/a”), (if exists source severity of it then source severity of it else “n/a”), (if exists cve id list of it then substrings separated by “;” of cve id list of it else “n/a”)) of fixlets of bes sites whose (name of it = “Enterprise Security” OR name of it contains “Patches” OR name of it = “Updates for Windows Applications”)

Ben

(imported comment written by anthonymap91)

This is great, thanks for the help.

How do I put this in columns in web reports?

Thanks

(imported comment written by BenKus)

Try this in a custom report:

table of concatenation of trs of (td of item 0 of it & td of item 1 of it & td of item 2 of it & td of item 3 of it & td of item 4 of it) of (name of it, id of it as string, (if exists category of it then category of it else “n/a”), (if exists source of it then source of it else “n/a”), (if exists source severity of it then source severity of it else “n/a”), (if exists cve id list of it then substrings separated by “;” of cve id list of it else “n/a”)) of fixlets of bes sites whose (name of it = “Enterprise Security” OR name of it contains “Patches” OR name of it = “Updates for Windows Applications”)

(imported comment written by anthonymap91)

Sorry to keep being a pain:

The report worked but I do not see any CSV numbers in the report.

I think the best way to do this would not be a web report(report takes forever and is not exportable), but something I can export to CSV on a scheduled bases.

Thanks

(imported comment written by SystemAdmin)

Try This

table of concatenation of trs of (td of item 0 of it & td of item 1 of it & td of item 2 of it & td of item 3 of it & td of item 4 of it & td of item 5 of it) of (name of it, id of it as string, (

if exists category of it then category of it 

else 
"n/a"), (

if exists source of it then source of it 

else 
"n/a"), (

if exists source severity of it then source severity of it 

else 
"n/a"), (

if exists cve id list of it then substrings separated by 
";" of cve id list of it 

else 
"n/a")) of fixlets of bes sites whose (name of it = 
"Enterprise Security" OR name of it contains 
"Patches" OR name of it = 
"Updates for Windows Applications")