Posture Check (NAC)

Looking to get ideas on a proof of concept I’ve been tasked with.
Using local client evaulation, I’m looking to return the names of relevant fixlets that that are in breach of our internal sla’s which are based on Source Severity rating and Source Release Date.
For example, if a fixlet has a source release date of 8/23/16 with severity rating critical, and the sla for a critcal patch is 15 days, how would I code that ?
I would need to do the same for critical/important/moderate/low. Each severtity rating would have a sla associated to it, for example critical = 15 days, important = 45 days etc (from release date)…
Im not sure what I will do witht the result yet, once i have a file with the correct results i can build an action to parse a file or write to reg.

The following is returning no data however i see one relevant fixlet in the console.

q: values of headers “Subject” whose (name of it = “X-Fixlet-Source-Release-Date” and current date - value of it as date >= “45 days” as time interval) of relevant fixlets whose ((exists header “X-Fixlet-Source-Release-Date” of it) and (value of header “X-Fixlet-Source-Severity” of it as lowercase contains “important” as lowercase)) of sites (“http://sync.bigfix.com/cgi-bin/bfgather/bessecurity”)
T: 0.000 ms

@nicksberger, this is the statement that should work.
“now” is a datetime, and “current date” is the date object we need.

(values of headers "Subject" of relevant fixlets whose (current date - (value of header "x-fixlet-source-release-date" of it as date) > 15*day AND value of header "x-fixlet-source-severity" of it as lowercase = "critical") of sites ("http://sync.bigfix.com/cgi-bin/bfgather/bessecurity"))

2 Likes

you are a GENIUS, thanks !