Need Help with a Windows patch Remediation Report

Reporting
1

Looking for a remediation report for Windows patches and I need the following information as a csv or json file

Computer name
ID of computer
Departmnent which is a custom property
fixlet name
souce release date
source severity
CVE’s
first became relevant
last became relevant
last became nonrelevant
Days to patch which I believe is (last became nonrelevant - first became relevant)

Not sure if my days to patch formula is correct. Tried cobbling this together but I am failing. Any help would be really appreciated.

2

Here’s some sample session relevance based on the fields above:

(id of computer of it, name of computer of it, value of result from (bes property "Department") of computer of it | "n/a", name of fixlet of it, source release date of fixlet of it, source severity of fixlet of it, first became relevant of it as string | "n/a", last became relevant of it as string | "n/a", last became nonrelevant of it as string | "n/a", (last became nonrelevant of it - first became relevant of it) as string | "n/a") of results of bes fixlets whose (fixlet flag of it AND display name of site of it = "Patches for Windows" and source release date of it > (current date - 30 * day))

I’ve added an additional filter to Fixlets with a source release date within the last 30 days to limit the results to a more reasonable number (and reduce evaluation time since this could be a very big and long-running report).

For reference, much of these inspectors stem from result of <bes fixlet>: https://developer.bigfix.com/relevance/reference/bes-fixlet-result.html

4 Likes
3

Thank you very much, this is great. I do have a couple of questions:

  1. the fields “first became relevant” and “last became relevant” are returning the same date and time. Looking at the developer link I thought "last became relevant: would return a different time. What session relevance term returns the value the last time the bigfix client evaluated the fixlet to see if it was relevant? Maybe I used the wrong session relevance term. In the guide I see for “Last became relevant” to mean Returns the time when the Fixlet result last became relevant.Note: This is a Web Reports-only inspector. So I was thinking " last became relevant would be the time the client last validated the fixlet still was relevant as part of it’s client loop process.

  2. I just want to confirm my understanding of (last became nonrelevant of it - first became relevant of it) as string | “n/a”) If the output is n/a then the update is still relevant and unpatched.