This is a complex topic… I’d like to ask whether you’ve enabled the CyberFocus Site and checked in to the Web Reports we have bundled there? BigFix CyberFOCUS Analytics 1.0 is now available!
The “Explore Content” view won’t allow splitting the CVE field; it’s not a “plural result” field that we can expand with the “+” symbol, the CVE ID List field is just a simple String value that already has semicolons embedded in it. You could do some post-processing on an exported CSV result in Excel or a scripting language, but there are some considerations to keep in mind…
If a single patch resolves 20 CVEs on a single computer, do you want that split into twenty separate rows? That could generate a huge report, very quickly.
Out-of-the-box, we would only report on the latest version of a patch; CVEs resolved by an earlier patch are not included on the latest. Keep in mind our reporting is based on patch applicability, not outstanding CVE listings. To enable continued reporting on (some) older CVEs, you’d have to enable Superseded Content Evaluation, which can slow reporting on the clients, and is often not useful if the older patches can no longer be downloaded anyway.
Another approach we’re taking now to support specific checklists (like the CISA KEV Content Pack) involve publishing a separate set of audit-only Fixlets to continue reporting on older CVEs - but only within a set of CVEs of interest like the CISA KEV list.
CVE-based reporting has its use-cases, but I’m not sure it’s the best approach to general reporting. I think the search-based reports in the CyberFocus Site are a good approach to find specific CVEs or specific lists of CVEs such as the CISA KEV list.