Hello, We are using Fixlet Compliance by Computer Group (v1.7) to pull baseline compliance reports. Reports suits our requirements and we are using it for few months.
We noticed that applicable Fixlet count differs for Same OS type, hardware, and in same BigFix site etc.
For one server running with Windows 2012 R2, applicable Fixlet is 140. For other Windows 2012R2 applicable Fixlets are 5. Any idea why its different. If couple of fixlets differs, its still OK as some patches may depend on the role and other installed component. Both serves installed from same corporate ISO image.
Hello @rahamathid, can you please attach the screen shots for both the report, as well as where you are seeing the the discrepancy. Is it in the Console, and how are you viewing the data.
Most important would be the filter criteria used.
For example, in the report, if you choose “All Microsoft Critical Fixlets”, the built-in filter excludes “corrupt patch” and “superseded” patches.
Hello Lee Wee, Sorry I cannot share the screenshot due to restriction, but below is the custom relavance which we are running and target to computergroup which contains all servers.
===========================
source fixlets whose (name of it as lowercase does not contain “service”) of components of component groups of bes baselines whose (name of it as lowercase contains “initial” OR name of it as lowercase contains “april2016” OR name of it as lowercase contains “may2016” OR name of it as lowercase contains “june2016” OR name of it as lowercase contains “july2016” OR name of it as lowercase contains “august2016” OR name of it as lowercase contains “september2016” OR name of it as lowercase contains “october2016” OR name of it as lowercase contains “november2016” OR name of it as lowercase contains “december2016”)
Hi @rahamathid, thanks for sharing what you can.
With the Relevance shown, I cannot tell what we are trying to reconcile.
Sorry that I don’t have enough information to see what is different.
We are having the same issues with this report 1.7. We are using BF 9.5.5 the image below shows the server DC1ATOHPAPPQA1 as being only 57% compliant, When I re-run the Baseline against this server is comes up as Not Relevant which it should as the servers windows updates shows they are all installed and 100% compliant. How do we fix this or find a new report to run against?
Hello @dbeaulieu, let’s start by finding out what the BigFix Server tells us about the computer against this baseline.
You can do this in one of 2 ways:
In the Console
Find the computer DC1ATOHPAPPQA1
Go to the “Baseline Computer Applicability” tab
Select a Relevant Baseline --> ICW Server Baseline - AUG JUL 2017
You can see under the Applicability column if there are any Fixlets still Applicable
The report above is showing that there are 3 still Applicable
You can also run the following Session Relevance to get the same results.
This statement is supposed to return any Fixlets that are still relevant/outstanding for the targeted computer.
names of source fixlets whose (name of applicable computers of it = "DC1ATOHPAPPQA1") of components of component groups of bes fixlets whose (name of it = "ICW Server Baseline - AUG JUL 2017")
Ok so this server now shows as compliant after telling the server to “Send Refresh” but Now I’ve found other servers that show the exact opposite from this. So there seems to be something wrong with the reporting.
The report shows 100% compliant but when I go to the July Aug Baseline in BF and look at the Applicable computers
the LT- servers have a bunch still being applicable? See both screen shots below. Also we patched our next tier of servers called Stage and the same thing happens, 100% compliant in the report but in BF there are 2 servers showing as neededing patches from this baseline? Maybe we can uninstall the report, clean up meta data for it and reinstall the report from scratch with the latest downloads? Just throwing out ideas?
@dbeaulieu, the key is to look at the individual component Fixlets of the baseline, rather than the baseline itself.
In the screen shot above, it shows that your baseline “ICW Server Baseline - AUG JUL 2017” has 27 component Fixlets.
These are the Fixlets that the report is measuring against each server endpoint.
Yes they are valid patches needing to be patched what next? This means the report is wrong or BF is wrong, how do we fix it? Do you know of any other reports we can move to that gives us the ability to report by computer group and why doesn’t BF have a built in report like this?
@dbeaulieu, private message me and I am happy to walk you through how to interpret the results, as there are some nuances to understand.
The report I believe has been running for at least 5 years and I don’t know of it to be inaccurate.
I did spend time with @dbeaulieu and reconcile what we are seeing.
We prove that the report is showing what is correct in the system.
However, we noticed that the Baseline folder in the Console shows certain numbers that are not expected.
We see that the Baseline has the concept of computers not having reported (evaluated) Fixlet results, and will assume Unknown to be relevant.
This is the problematic relevance:
unique values of (id of item 0 of it as string & “||” & name of item 0 of it & “||” & item 1 of it & “||” & item 2 of it & “||” & item 3 of it & “||” & item 4 of it & “||” & item 5 of it & “||” & item 6 of it & “||” & item 7 of it) of (applicable computers whose (exists name of it) of it, (“” & name of it & “”), (if (exists source severity of it) then ( if (source severity of it as lowercase contains “” or source severity of it as lowercase contains “”) then (“Unspecified”) else (source severity of it) ) else (“Unspecified”)), (if (exists source release date of it ) then ((year of it as string & “-” & month of it as two digits as string & “-” & day_of_month of it as two digits as string) of source release date of it as string) else “1000-01-01”), (if (exists category of it) then (if (category of it as lowercase contains “”) then (“Unspecified”) else (category of it as string) ) else (“Unknown”)), (if (exists download size of it) then ((download size of it) as string) else (“0”)),display name of site of it, applicable computer count of it as string) of elements of unions of ((sets of bes fixlets whose (display name of site of it starts with “Patches for Windows” and source severity of it as lowercase = “critical” and name of it as lowercase does not contain “corrupt patch” and name of it as lowercase does not contain “superseded”)))
@viniciobombacino, is the filter criteria for “Content” just “All Microsoft Critical Fixlets”?
You can private message me and I am happy to check this out.
Greetings Lee Wei,
Hope you are doing good.
We are facing an issue on the report “Fixlet Compliance by Computer Group (v1.7” as it is fetching data with 100% compliance history but also giving a " - " report in the list.
we have around 88000+ endpoint reporting to my console off which 83000 are Desktop\Laptops for which we are fetching the compliance report.
It will be pleased if you may help in clarifying my doubt or any editing we need to do for that report to show all with % compliance ratio.
Hope to hear from you soon.
