I am quite new to BigFix REST API query,
could someone provide a reference to determine which relevant fixlets are contained in a Custom Site Baseline. I May need to mention custom site name and Baseline name
You can query for information available in the BigFix database using Session Relevance. Here’s a sample session relevance statement that will return the names of a baseline’s components that have applicable computers:
(name of it) of components whose (applicable computer count of it > 0) of component groups of bes baselines whose (display name of site of it = "MyCustomSite" AND name of it = "MS Baselines")
You can test and develop such statements in a variety of ways including via the Session Relevance Tester, and the Presentation Debugger. Additionally, the Excel Connector can often help create such statements through a wizard.
To execute the query above using the REST API, you would use the /api/query resource.
@Aram Thanks for the response .
I was trying to get the applicable fixlets for a system from a base line which is available in the console under a Custom Site
This is what I have tried which not works,
(id of it ) of unique values of relevant fixlets whose (name of site of it = “CustomsiteName”) of bes baselines whose (baseline flag of it AND name of it = “BaelineName”) of bes computers whose (name of it = %2522SystemName%2522)
I see. If you’re trying to limit this for a specific system, try something like the following:
(name of it) of components whose (exists elements whose (name of it as lowercase = "SystemName" as lowercase) of applicable computer set of it) of component groups of bes baselines whose (display name of site of it = "MyCustomSite" AND name of it = "MS Baselines")
It’s essentially the same as what I had above, but includes an additional whose filter to limit the return to specific applicable computers for the given baseline components.
@Aram Thanks it works!
My next task is to apply the same list of components to the machine via REST can we use /api/action for this any reference please . thanks again.
If you’re looking to deploy the given components to the machine via REST API, there are at least two high level approaches:
- Deploy the baseline itself against the target machine (naturally, only the relevant components would execute)
- Deploy just the relevant components against the target machine
You can leverage the POST method against /api/actions in either case. See https://developer.bigfix.com/rest-api/api/action.html for more information, as well as a couple examples (click the ‘POST’ method for details/samples).
If you’re looking to deploy just the relevant components (#2 above), then you’ll likely want to leverage the <SourcedFixletAction> approach, which means you’ll need to define the Fixlet IDs and Sites of the source fixlets you wish to deploy. To get that data, we can tweak the session relevance above to something like this:
(id of source fixlet of it, name of site of source fixlet of it) of components whose (exists elements whose (name of it as lowercase = "SystemName" as lowercase) of applicable computer set of it) of component groups of bes baselines whose (display name of site of it = "MyCustomSite" AND name of it = "MS Baselines")
You can then take the results to create something like the following XML to POST against /api/actions:
<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
<SourcedFixletAction>
<SourceFixlet>
<Sitename>Enterprise Security</Sitename>
<FixletID>123</FixletID>
<Action>Action1</Action>
</SourceFixlet>
<SourcedFixletAction>
<SourceFixlet>
<Sitename>Enterprise Security</Sitename>
<FixletID>456</FixletID>
<Action>Action1</Action>
</SourceFixlet>
<Target>
<ComputerName>SystemName</ComputerName>
</Target>
</SourcedFixletAction>
</BES>@Aram Thanks again.
I would choose #1 Deploy the baseline itself against the target machine
As I have Custom Baseline created in a custom site which is periodically updated in every month. Would like to apply the baseline to the newly built machine (target system)
That’s case I was thinking can we directly create an action which specify the baseline name and execute on the fly or still we need to pull out each components and actions into XML (myaction.xml) and that needs to be passed out like below.
https://{server}:{port}/api/actions , data=myaction.xml
In that case, yes, you can leverage a very similar XML to above and simplify specify the baseline and target:
<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
<SourcedFixletAction>
<SourceFixlet>
<Sitename>MyCustomSite</Sitename>
<FixletID>123</FixletID>
<Action>Action1</Action>
</SourceFixlet>
<Target>
<ComputerName>SystemName</ComputerName>
</Target>
</SourcedFixletAction>
</BES>@Aram Thanks,
I have written an XML like below, could you suggest any modification required please ?
<?xml version="1.0" encoding="UTF-8" ?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" SkipUI="true" >
<SourcedFixletAction>
<Baseline>
<Name>MyCustomBaseline</Name>
<ID>1234</ID>
</Baseline>
<SourceFixlet>
<Sitename>MyCustomSite</Sitename>
<FixletID>" & strBaselineID & "</FixletID>
</SourceFixlet>
<Target>
<ComputerName>MySystemName</ComputerName>
</Target>
<Settings>
<PostActionBehavior Behavior="Restart">
<AllowCancel>false</AllowCancel>
<PostActionDeadlineBehavior>RunAutomatically</PostActionDeadlineBehavior>
<PostActionDeadlineInterval>PT1M</PostActionDeadlineInterval>
<Title>Restart Now</Title>
<Text></Text>
</PostActionBehavior>
</Settings>
</SourcedFixletAction>
</BES>There looks to be quite a bit incorrect in that XML. I’d suggest you manually action the baseline, then select your baseline action and choose ‘Export’ to export the correct XML format to use as a reference.
Thanks Every one I was able to form a right XML and execute the action as expected.
Between, The actions are now being executed by the “restapi” user
-
Is there a way we can mention the action to execute from a a specific site/operator instead if restap user so that to have the full control over the action.
-
How I can delete the action(REST Query) from the site as soon it complete once.
What do you mean by full control over the action? You can configure the environment such that a given operator can see (and stop) actions taken by the ‘restapi’ user if you wish.
As to deleting the action once ‘complete’, you’d have to monitor the status of the action (which can be done via the REST API as well), then delete it using the DELETE method against /api/action/{action ID}
@Aaram thanks.
-
I meant to stop the action. it was not working even the use has provided the permission to stop other
operators Actions. not sure what is wrong. -
As mentioned earlier I am trying to Deploy the baseline itself against the target machine . this is going to be a one time operation where I mentioned Action start and End date as “false” so the action never expire.
looking for an option to automatically stop/delete the action as soon it complete.