How to create a proper relevance to select patches based on a specific criteria

Nobi · May 18, 2021, 1:37pm

Hi All,

I am trying to automate the creation of baseline using API calls. For that, I need to select critical and important patches that are not superseded/expired and they doesn’t contain the keywords sql, hyper-v, office, sharepoint. I have formed a relevance to achieve the same.

I am adding the below relevance in relevance tag of baseline xml to automate the baseline creation process. For some reason, this doesn’t work. Could anyone explain me what I am doing wrong?

Relevance:
names of unique values of relevant fixlets whose(name of site of it = “Updates for Windows Applications” AND (source severity of it = “Moderate” OR source severity of it = “Important” OR source severity of it = “Critical”) AND exists names whose(exists (it as string as version) AND it as lowercase does not contain " (superseded)" of it AND it as lowercase does not contain “sql” AND it as lowercase does not contain “office” AND it as lowercase does not contain “hyper-v” AND it as lowercase does not contain “share point” AND it as lowercase does not contain “expired”) of it) of members whose(operating system of it as lowercase starts with “win”) of bes computer groups whose(name of it contains “Automatic Updates”)

Thank you in advance.

JasonWalker · May 18, 2021, 2:07pm

That is a Session Relevance query, that operates by querying the BigFix Database and Web Reports. It is valid for a report or REST API call, but cannot evaluate on the client (the clients cannot access the databases).

You would use a query like this to determine which components you should add to the baseline, and use another REST call to post the XML of the baseline you are creating…but don’t include this in the Baseline Relevance itself, the clients cannot process this query.

Basically any of the ‘bes’ inspectors - ‘bes fixlet’, 'bes computer’s, etc - indicate Session Relevance.

Nobi · May 19, 2021, 4:56am

Hi Jason,

@JasonWalker - Where should I add the relevance if not in the baseline? I am trying to do it with API. Is there any way to select patches based on the same criteria through API?

Nobi · May 19, 2021, 5:13am

Also I was checking the relevance in online evaluator : bigfix developer evaluator

It says, The operator “bes computer groups” is not defined.

@JasonWalker Could you help me on this please? I have checked on different forums, the same syntax was mentioned.

JasonWalker · May 19, 2021, 11:56am

I’d suggest checking https://developer.bigfix.com/rest-api/ first.

I’ll also say, that the REST API is an interface for programming and integrating with other tools. For your use case, I think you may find it easier to just use Patch Policy from the WebUI.