Display no. of relevance patches per computer on the main console

(imported topic written by amarnath91)

Hi,

Is there any configuration to display no. of relevance patches per computer on the main console when click on computers tab ?

If it gives count, it’s easy and quick to identify which machine has more relevant Fixlets.

Ex: When you click on Fixlet Messages tab, it gives no. of applicable computers count. attached the same screen shot

Regards

Amarnath

(imported comment written by SystemAdmin)

Hi Amarnath,

Yes, you can do this using relevance and just create a few new properties. You might want to narrow which Fixlet sites you count relevant Fixlets for so you only get Fixlets related to patching or something like that. Also, if you are going to test these expressions you can’t do it through QnA since the tool doesn’t know about the sites/fixlets that the client has, you have to use real properties on real clients to test.

Examples:

Name: Number of Patches Needed Relevance: number of relevant fixlets of site 
"http://sync.bigfix.com/cgi-bin/bfgather/bessecurity"   Name: Total Number of Relevant Fixlets Relevance: number of relevant fixlets of sites

(imported comment written by SystemAdmin)

Also, this topic is more for questions about the forum. We might want to move the discussion to “BES Customizations”

(imported comment written by amarnath91)

Hi

Thank you for your support

I have done the same as per your instruction but count is mismatching with direct client relevance fixlets

i have attached the snap shot

(imported comment written by BenKus)

Hi amarnath,

I believe this number will include all Fixlets, Tasks, and Analyses. You might want to filter the Fixlets to something like:

number of relevant fixlets whose (value of header “x-fixlet-source-severity” of it as lowercase = “critical”) of site “http://sync.bigfix.com/cgi-bin/bfgather/bessecurity

Ben

(imported comment written by mellis200091)

Ben Kus

Hi amarnath,

I believe this number will include all Fixlets, Tasks, and Analyses. You might want to filter the Fixlets to something like:
number of relevant fixlets whose (value of header “x-fixlet-source-severity” of it as lowercase = “critical”) of site “http://sync.bigfix.com/cgi-bin/bfgather/bessecurity

Ben

Hey Ben,

How can I also include getting the number of relevant fixlets to show up for our Macintosh computers?

Thanks, Mike

(imported comment written by BenKus)

Hey Mike,

It would depend on which site you were using, but you can try this to include both sites:

sum of number of relevant fixlets whose (value of header “x-fixlet-source-severity” of it as lowercase = “critical”) of sites (“http://sync.bigfix.com/cgi-bin/bfgather/bessecurity";"http://sync.bigfix.com/cgi-bin/bfgather/macpatches”)

Ben

(imported comment written by mellis200091)

Ben, that worked exactly like you thought it would. I made minor changes to it because I wanted to also include all the fixlets, not just critical ones, and I also wanted to get the Windows Updates (not just patches) in there as well, so my property looks like this:

sum of number of relevant fixlets whose (value of header 
"x-fixlet-source-severity" of it as lowercase >= 
"<Unspecified>") of sites (
"http://sync.bigfix.com/cgi-bin/bfgather/bessecurity";
"http://sync.bigfix.com/cgi-bin/bfgather/macpatches";
"http://sync.bigfix.com/cgi-bin/bfgather/updateswindowsapps")

Thanks!

Mike

(imported comment written by jessewk)

Hi Mike,

Be aware that this is an expensive property for the client to evaluate, so you should set it to only evaluate periodically instead of every report. Even if you set it to 5 minutes, this will be much better than every report.

Also, if you want all fixlets you don’t need the whose clause (this will be more accurate than your current query):

sum of number of relevant fixlets of sites (“http://sync.bigfix.com/cgi-bin/bfgather/bessecurity";“http://sync.bigfix.com/cgi-bin/bfgather/macpatches”;"http://sync.bigfix.com/cgi-bin/bfgather/updateswindowsapps”)

1 Like

(imported comment written by mellis200091)

Thanks for that update, Jesse! I’ll change the property accordingly!

(imported comment written by cemmel91)

I would like to know how many critical MS patches are outstanding for each machine and the total size of those patches. Is it possible to get the total size of all relevant fixlets with x-fixlet-source-severity of “critical” within the “http://sync.bigfix.com/cgi-bin/bfgather/bessecurity” site?