I’ve been using the below relevance from a posted BigFix analysis which works well. However i’m trying to translate the relevance to a report in the BigFix Security and Compliance module. I assume the relevance for the report requires a true or false statement in order to calculate the compliance status. My question is how do I modify the below relevance to just state drive “Fully Encrypted” true or false? Or is there another way to achieve similar results.
tuple string items (integer values of selects ("* from win32_EncryptableVolume") whose(name of it = “ConversionStatus”) of WMIs “root\CIMv2\Security\MicrosoftVolumeEncryption”) of “Fully Decrypted, Fully Encrypted, Encryption In Progress, Decryption In Progress, Encryption Paused, Decryption Paused”
You have to write you relevance in the form “exists”. It should be like in the following example (NOT WORKING Just an example !):
(exists wmi “root\CIMv2\Security\MicrosoftVolumeEncryption” whose (exists select objects “Name of object” whose (integer value of property “name of property” of it = XXX ) of it))
I cant help with the actual relevance since I don’t have a machien test it.
Thanks for responding FDA. I tried the following relevance in the fixlet debugger and it returned false but it should be true.
(exists wmi “root\CIMv2\Security\MicrosoftVolumeEncryption” whose (exists select objects “win32_EncryptableVolume” whose (integer value of property “ConversionStatus” of it = 1 ) of it))
When I run this relevance in the fixlet debugger I return the desired results but it’s not populating endpoints in the fixlet.
exists string values whose(it = “1”) of selects (“ConversionStatus from win32_EncryptableVolume”) of WMIs “root\CIMv2\Security\MicrosoftVolumeEncryption”
I am not sure which object you need to control with that relevance. It should work on clients objects such as analyses, properties, and fixlets. Try to test the working relevance with a property (Tools -> Manage Properties -> Add New).
I found my issue. I ended using the relevance below and I also had to change the “Desired Value” to “1” in the custom SCM Content. So basically my desired value is “1” for compliant and “0” for non-compliant. So this relevance shows me all non-compliant endpoints.
exists string values whose(it = “0”) of selects (“ConversionStatus from win32_EncryptableVolume”) of WMIs “root\CIMv2\Security\MicrosoftVolumeEncryption”