I am looking for a Relevance query which I can target on set of computers to list of what was installed in last 2 to 3 months.
Main purpose of above requirement is to find out if server was ever patched in last 2 to 3 months by BF and if not did any one installed patches manually or does it have latest patches.
I cam across below query but it list out everything what ever is installed on server :-
((if (exists property “HotFixID” of it) then (string value of property “HotFixID” of it) else ("")), (if (exists property “InstalledOn” of it) then ((if (exists hexadecimal integer (it)) then (((month of it as integer as string&"/"& day_of_month of it as integer as string&"/"&year of it as string) of ((january 1 of 1601)+((hexadecimal integer (it)/(864000000000))day))) of it) else (it)) of string value of property “InstalledOn” of it) else ("")), (if (exists property “Description” of it) then (string value of property “Description” of it) else (""))) of select objects " from Win32_QuickFixEngineering" of WMI.
Given your requirements, I’d suggest alternate approaches since this method does not distinguish between updates applied via BigFix vs. external means. You really have 3 different questions/reports described above:
Servers that have patches applied within the last X months via BigFix (we could also identify servers that have not had patches applied within the last X months via BigFix).
Servers that have had patches applied within the last X months outside of BigFix
Patch compliance
Reports for these can be generated by data the endpoints have already reported, and would be available via Session Relevance for instance. They could query action history as well as Fixlet applicability history.
That said, if the question is how to modify the above relevance to add a filter to the ‘InstalledOn’ field, you might try something like the following (which filters to those installed within the last 60 days - the filter is at the end of the relevance query):
((item 0 of it, ((it as date) of ( ((it as integer as string) of preceding text of last "/" of following text of first "/" of it ) &" "& (preceding text of first "/" of it as integer as month as three letters)&" "& (following text of last "/" of it as integer as string)) of item 1 of it), item 2 of it) of (((if (exists property "HotFixID" of it) then (string value of property "HotFixID" of it) else ("")), (if (exists property "InstalledOn" of it) then ((if (exists hexadecimal integer (it)) then (((month of it as integer as string&"/"& day_of_month of it as integer as string&"/"&year of it as string) of ((january 1 of 1601)+((hexadecimal integer (it)/(864000000000))*day))) of it) else (it)) of string value of property "InstalledOn" of it) else ("")), (if (exists property "Description" of it) then (string value of property "Description" of it) else (""))) of select objects "* from Win32_QuickFixEngineering" of WMI)) whose (item 1 of it > (current date - 60 * day))
@Aram Thanks alot for the quick response, that was exactly what I was looking for. I just wanted to know if machine received patches by any mean either BF or Manual or Automatic win update.
I’m looking for a relevance where I can get the installed patches with certain category and patch name by supplying computer name.
Currently patch management team is manually installing the patches and after patch installation, in the web reports they are generating the report for each computer (patches(fixlets) installed on the computers).
I want to automate this using rest api. This is my requirement
(
(
if (exists Name of Computer of it )
then (Name of Computer of it as string)
else (“none”)
) and
(
if (exists Category of Fixlet of it)
then(Category of Fixlet of it as string)
else (“none”)
) and
(
if (exists Name of Fixlet of it )
then (Name of Fixlet of it as string)
else (“none”)
)
)
of results whose
(
(
(Name of Computer of it as string as lowercase contains “computer name”) AND (Category of Fixlet of it as string as lowercase contains “security update”) AND
(Name of Fixlet of it as string as lowercase contains “windows server 2019”)
)
)
of bes fixlets whose ((name of site of it = “Enterprise Security”))
#######################################################################
for the above expression I’m getting “boolean expression is required” as the error
The issue is in the top of your query. (<string> and <string> and <string>) the and is for boolean only. to concatenate strings, use &
Try:
((if (exists Name of Computer of it) then (Name of Computer of it as string) else ("none")) & (if (exists Category of Fixlet of it) then(Category of Fixlet of it as string) else ("none")) & (if (exists Name of Fixlet of it) then (Name of Fixlet of it as string) else ("none"))) of results whose (((Name of Computer of it as string as lowercase contains "brolly") AND (Category of Fixlet of it as string as lowercase contains "security update") AND (Name of Fixlet of it as string as lowercase contains "windows server 2019"))) of bes fixlets whose ((name of site of it = "Enterprise Security"))
Because none of your computers is named "brolly" ?
((if (exists Name of Computer of it) then (Name of Computer of it as string) else ("none")) %26 (if (exists Category of Fixlet of it) then(Category of Fixlet of it as string) else ("none")) %26 (if (exists Name of Fixlet of it) then (Name of Fixlet of it as string) else ("none"))) of results whose (((Category of Fixlet of it as string as lowercase contains "security update") AND (Name of Fixlet of it as string as lowercase contains "windows server 2019"))) of bes fixlets whose ((name of site of it = "Enterprise Security"))
Let’s use a slightly different formulation for Results.
((if (exists Name of Computer of it) then (Name of Computer of it as string) else ("none")) %26 (if (exists Category of Fixlet of it) then(Category of Fixlet of it as string) else ("none")) %26 (if (exists Name of Fixlet of it) then (Name of Fixlet of it as string) else ("none"))) of results (bes computers whose (name of it as lowercase = "brolly"), bes fixlets whose ((category of it as lowercase contains "security update") AND (name of it as string as lowercase contains "windows server 2019")))
) .