Identify what web sites all the fixlets need access to?

Due to regulations this year we are being locked down on our internet access, no more open door to internet. Anyone have a report for identifying what url’s are needed with all the fixlets? Root domain “Microsoft.com” or strip out all the way to the file level and put in a report? Looks like I will be working off an access list for retrieving file downloads. Should be a short list for Root domain, but pages for all detail of download location if available.

Example: Adobe fixlet: 8101060
Root: adobe.com
Full url: http://ardownload.adobe.com/pub/adobe/reader/win/10.x/10.1.9/misc/AdbeRdrUpd1019.msp

Thanks
Frank

1 Like

looking like I will need full url. Crazy

Here’s a crude way of doing it: this session relevance lists out all the download links in all your subscribed bes sites, and appending the action ID, Fixlet ID, Fixlet Name, and site. It doesn’t try to combine identical download links though:

(((item 0 of it, item 1 of it) of (matches (regex "(http://\S+)") of scripts of it, content id of it) of actions whose (script type of it = "application/x-Fixlet-Windows-Shell") of it) , name of it, (id of it as string) , name of site of it) of fixlets of bes sites

Example Results from BES Support:

( http://software.bigfix.com/download/bes/util/BESClientDiagnostics-3.0.2.32.exe, Action3 ), TROUBLESHOOTING: Run BES Client Diagnostics, 353, BES Support
( http://software.bigfix.com/download/bes/util/SiteDataReader-9.0.649.0.exe, Action3 ), TROUBLESHOOTING: Run BES Client Diagnostics, 353, BES Support
( http://software.bigfix.com/download/bes/util/ParseRelaysDotDat.exe, Action3 ), TROUBLESHOOTING: Run BES Client Diagnostics, 353, BES Support
( http://download.microsoft.com/download/c/f/f/cff746cd-f17c-40d8-acf2-50d2200ad28b/owc11.exe, Action1 ), Missing Office Web Components - BES Console - OWC XP/2003, 363, BES Support
( http://download.microsoft.com/download/2/4/1/2412ae8c-2a6c-4f35-a57a-7fec46dc46dc/owc10.exe, Action2 ), Missing Office Web Components - BES Console - OWC XP/2003, 363, BES Support
( http://download.microsoft.com/download/2/4/1/2412ae8c-2a6c-4f35-a57a-7fec46dc46dc/owc10.exe, Action1 ), Missing Office Web Components - BES Console - OWC XP, 364, BES Support
( http://download.microsoft.com/download/8/4/A/84A35BF1-DAFE-4AE8-82AF-AD2AE20B6B14/directx_Jun2010_redist.exe, Action1 ), Missing DirectX - BES Console - DirectX 9.29, 367, BES Support
( http://software.bigfix.com/download/LoggingService/BESClientLoggingServiceSetup-7.1.0.15.exe, Action1 ), Reinstall BES Client Logging Service, 453, BES Support
( http://software.bigfix.com/download/LoggingService/lib/antipest.dll, Action1 ), Reinstall BES Client Logging Service, 453, BES Support

You can put them in an easier to read table with this, which will generate html:

table of concatenation " " of trs of (td of item 0 of item 0 of it & td of item 1 of item 0 of it & td of item 1 of it & td of item 2 of it & td of item 3 of it) of ((((item 0 of it, item 1 of it) of (matches (regex "(http://\S+)") of scripts of it, content id of it) of actions whose (script type of it = "application/x-Fixlet-Windows-Shell") of it) , name of it, (id of it as string) , name of site of it) of fixlets of bes sites)
4 Likes

This is my goto for determining what sites the Bigfix server would need to touch…

unique values of (item 0 of it & " - " & item 1 of it) of (item 0 of it , preceding texts of firsts "/" of following texts of firsts "/" of following texts of firsts "/" of item 1 of it as string) of (names of sites of it , (matches (case insensitive regex "((mailto\:|(news|(ht|f)tp(s?))\:\/\/){1}\S+)") of matches (case insensitive regex "^(download|prefetch|download now|download now as|add prefetch item).*$") of scripts of actions whose (exists script of it) of it) as string) of fixlets whose (fixlet flag of it or task flag of it or baseline flag of it) of all bes sites  

And then you could modify that to grab only the downloads…

unique values of ((matches (case insensitive regex "((mailto\:|(news|(ht|f)tp(s?))\:\/\/){1}\S+)") of matches (case insensitive regex "^(download|prefetch|download now|download now as|add prefetch item).*$") of scripts of actions whose (exists script of it) of it) as string) of fixlets whose (fixlet flag of it or task flag of it or baseline flag of it) of all bes sites  

Although as I was typing this up I see that @jeremylam beat me to it and put it in a pretty table! different options for you…

5 Likes

shucks, I am new at this and thought all I needed to do was copy the code into a custom report Source window in Web Reports, but it looks like I am selecting the wrong filter or something. no mater what I have tried the results either come back as an error or just retyped code.

In web reports… click on Custom report and then add this to the source:

<?relevance trs of tds of unique values of ((matches (case insensitive regex "((mailto\:|(news|(ht|f)tp(s?))\:\/\/){1}\S+)") of matches (case insensitive regex "^(download|prefetch|download now|download now as|add prefetch item).*$") of scripts of actions whose (exists script of it) of it) as string) of fixlets whose (fixlet flag of it or task flag of it or baseline flag of it) of all bes sites?>
1 Like

Score! Thanks a bunch jgo
All I had to do is add the sites in the filter conditions and all the data I need showed up! Now I will just look up the licensing url and any other url’s that the server will need access to for our networking team!
Thanks again! :smile:

1 Like

session relevance for the win!

1 Like

@fcruson we have a similar requirement from our CIS department, so I created a WebReport from the session relevance @jgo provided. I just run this report quarterly to check for any new URLs and update my associated security document.

1 Like

I know this is an old post but it’s still kind of the authoritative reference on this, so here’s a tip on a use case I have for this.

I use the session relevance @jgo posted, but instead of using of fixlets I filter for of relevant fixlets. This gives me a list of download urls that are specifically relevant to my environment. With the download list in hand, I generate a curl script to fetch the downloads and precache them on my airgapped DSA.

The official BESDownloadCacher is great, but doesn’t check which fixlets are relevant and has to download everything whether I need the patch or not.

Could this be narrowed down to only include the specific fixlets in a specific baseline?

Sure, try

of source fixlets of components of component groups of bes fixlets whose (baseline flag of it and name of it contains "My Baseline Name")

Edited for ‘components of component groups’. Also I’m typing on a phone so test it out first.

1 Like