Report Available: Schedulable Compliance by Computer or Content

leewei 2015-06-25 19:06:00 UTC #1

One of the most common feedback I get regarding these 2 reports is that they cannot be scheduled for delivery via Schedule Activity.
Fixlet Compliance by Computer Group
Fixlet Compliance by Content

I have just created versions that can be scheduled, please check them out here:
Schedulable Compliance by Computer or Content reports

A few key notes:

They can be scheduled using the Web Reports Scheduled Activity
They are accompanied by a Custom Executable that is used for emailing, and converting to HTML/PDF/CSV
The reports are standalone in that they are no external libraries needed

Lee Wei

Need Help with a Custom Patch Report "Viewing Device Compliance"

Is it possible to schedule the "Fixlet Compliance by Computer Group (v1.7)"

How to check number of machines not getting patches

Send email with baseline/fixlet results when completed

Web report for windows patch status

After Patch Report Graph

Session relevance query for Computer Groups

TimRice 2015-06-25 20:01:48 UTC #2

@leewei, Welcome back!

JayasimhaReddy 2015-08-07 14:46:17 UTC #3

Hi Leewei, Can you help me with a report that shows all installed patches and required patches for a single machine.

For example if i want to see what patches are installed on server and what are missing/required to install.

Thanks,
Jay

leewei 2015-08-07 23:08:30 UTC #4

Hi @JayasimhaReddy, I would start with the “Explore Data --> Computers” tab within Web Reports and find the computer you are interested in.
Then use the Filters (Site --> Patches for XXX) to narrow down to the site you are looking for presumably Patches for Windows (English).
There are 2 sections, one for Relevant Fixlets and the other Remediated Fixlets.
Does that show you what is needed?

Also I would appreciate starting a different thread on this request so that this thread is left to discuss the original report topic, thank you!

Wouter 2015-09-02 09:10:15 UTC #5

Hi Leewei,

Thank you for the reports!
These are very usefull.

Can I also use these reports to report on the compliance of an action or baseline?

Regards,

Wouter

leewei 2015-09-02 10:47:18 UTC #6

Hello Wouter,

In the the BigFix object hierarchy, Fixlets, Tasks Baselines are all “Fixlets”.
Since the report is written to generate Fixlet compliance, yes it will work for Baselines as well.

When you target a Fixlet against some computers, you get an Action.
This report does not work on Actions.

Wouter 2015-09-09 11:02:02 UTC #7

Hi Leewei,

Thanks again for these reports, my management was very happy to automatically receive a security patch compliance report of our different types of devices and environments

I’ve come across an issue with scheduling these reports.
I successfully used to commandline below (replaced some information with ***) but sometimes the attachment is a zip file and not a pdf.

lwmailer.exe -smtp_server=*** -smtp_port=25 -smtp_enablessl=no -mail_to="***" -mail_from=*** -subject="" -message_body=“Compliance Report Attached” -attachment="" -output_format=pdf

A report like this which does work on actions would be much appreciated.

Kind regards,

Wouter

leewei 2015-09-10 00:46:49 UTC #8

Wouter,

The default behavior of the utility is to zip the attachment if larger than 2MB.
You can add an option to explicitly don’t zip.
-zip=no

I have to think about something similar for Actions. I am not seeing that yet…

Lee Wei

Patching compliance report is not correct

TimRice 2015-09-10 01:29:56 UTC #9

I’m seeing what looks like ‘unexpected results’ using the Schedulable Compliance by Computer report.

When I look in the Console at the Relevant Fixlets for the first computer shown in the graphic, I only see 25 TOTAL Critical/Important patches across ALL the subscribed sites. If I look at the Patches for Windows (English) site, there are only a total of 18 fixlets that show Critical/Important as the Source Severity, AND that includes 3 released BEFORE the date I listed (01/01/2015). Where did it get a count of

Did I configure something wrong, or is there something else going on with the report?

It’s the latest version of the Report, i just downloaded and installed it today. I’m viewing the results from Web Reports rather than as a Scheduled emailed document.

leewei 2015-09-10 04:18:29 UTC #10

Oops, the post is missing the key number when you said "Where did it get a count of …"
What is the number you are referring to? The 15 Outstanding Fixlets for the first computer?

Maybe you can help me track down the discrepancy.

This is the Relevance used to provide the raw data, and report is showing a summary from this table. Can you please paste as a Custom Report and see if you can spot where you see might be problematic?

<?relevance (html "<table border=1 cellpadding=3 cellspacing=0 style=%22border: 1pt solid #000000; border-Collapse: collapse%22><th>Computer Name</th><th>Computer ID</th><th>Fixlet ID</th><th>Fixlet Name</th><th>Operating System</th><th>IP Address</th><th>Last Report Time</th><th>Applicable</th><th>Installed</th><th>Outstanding</th>" & it & html "</table>") of concatenations of trs of htmls (unique values of (it as string) of (td of (if exists name of computer of it then name of computer of it else "<none>") & td of (id of computer of it as string) & td of (id of fixlet of it as string) & td of (name of fixlet of it as string) & td of (if exists operating system of computer of it then operating system of computer of it else "<none>") & td of (if exists ip addresses of computer of it then concatenations (html "<br>") of (ip addresses of computer of it as string) else html "") & td of (if exists last report time of computer of it then (((year of it as string & "/" & month of it as two digits & "/" & day_of_month of it as two digits) of date (local time zone) of it & " " & (two digit hour of it as string & ":" & two digit minute of it as string & ":" & two digit second of it as string) of time (local time zone) of it) of last report time of computer of it) else ("<none>")) & td of (if (exists first became relevant of it) then ("1") else ("0")) & td of (if (exists Last Became NonRelevant of it and not relevant flag of it) then "1" else "0") & td of (if (exists Last Became Relevant of it and Relevant Flag of it) then "1" else "0")) of results of bes fixlets ) ?>

vicky 2015-09-18 08:23:25 UTC #11

@leewei very useful report.

Is there a possibility to add count of different severity level in front of each computer ? and when that count is clicked, patches for that severity level is shown below in a grid ?

Please i need a help on that.

Thank you.

Vicky

leewei 2015-09-18 19:20:42 UTC #12

@vicky, here are my thoughts.

Different severity levels. The report is meant to be generic, as to be useful for any content types, such as different operating systems. By severity levels, I assume you are interested in Windows patch severity such as Critical, Important, Moderate, Low, and Unspecified? If we include other vendors, there are more than 20 severity levels (e.g. mandatory, update, level-1, etc). Is it possible to then just run a different report using the FIlters?
Click to show patch details. This report is intended for automated delivery. So an interactive model does not work well.

mfuglem 2015-09-21 11:13:40 UTC #13

I am having problems with this report. The number of computers does not coincide with my filter and the list in the report. The report says 66 computers. The list in the report contains 72 computers. In the group there is 74 computers. Have you experienced anything like this?

Regards Melvin Fuglem

leewei 2015-09-21 22:19:59 UTC #14

@mfuglem, maybe a picture or some clarification might help me. There are 3 numbers that you have described.
I can only think of 2 numbers right now -

The number of computer shown from this report
The actual number of computers in your computer group

It is possible for these numbers to differ because the report is only counting the number of computers that have reported on these Fixlets. So I would expect the computer count in this report to be always equal or less than the actual computers your have narrow down via the Web Reports filter.

My example here is that I have a Computer Group = “Huff Building” with 18 computers. When I run the report, I see only 14 because the report is for Windows Patches and there are 4 non-Windows computers in my group.

Sorry if I misunderstood your question.

mfuglem 2015-09-22 10:28:34 UTC #15

@leewei

Thanks for the quick response. Showing the 3rd number here. I am a new user som can’t post images.

picture-“http://i.imgur.com/dOub3OG.png”

If i understand you correctly, if a server does not have an applicable fixlet in the filter it wont show up in the report. Will this conflict if a server is already 100% complient according to the filter?

Regards Melvin

EDIT: Recounted. Counted wrong. The number of computers on the list in the rapport coincides with the number the rapport displays. Sorry for the inconvenience.

leewei 2015-09-23 03:39:35 UTC #16

@mfuglem, thanks for letting me know!
I just saw your edit to say that the numbers are correct.

For the life of me I couldn’t figure out why it would be different!

The code simply takes the number of total table rows and minus 1 (for the header).

computerCount = destTable.rows.length - 1;

OK, glad this is resolved.

ptholt79 2016-01-14 16:42:24 UTC #17

This report is great (as well as the others you have done!). Is there any way possible that the report could also show the list of outstanding fixlets for each machine (such as the Fixlet Compliance by Computer Group report did)?

We use the Fixlet Compliance by Computer Group report for all our customers and I know if we started providing them this new report they would be asking about the outstanding fixlets.

Thanks in advance.

-Phil

leewei 2016-01-16 18:44:08 UTC #18

Hi Phil @ptholt79,

The thinking regarding this report is to make it simple and non-interactive, and thereby suitable for scheduled delivery. If we add the ability to click on a computer and showing the outstanding Fixlets below, would that not look exactly the same as the “Fixlet Compliance by Computer Group report”?

One way to do this is to make the computer names hot links to the assets within Web Reports. So you can drill into that computer and get more info, including any outstanding Fixlets. However, if you send the report off in an email, the links will break as the users might not have access back to Web Reports.

Thoughts?

Lee Wei

ptholt79 2016-02-01 20:13:42 UTC #19

Thanks for your response Lee.

Basically my company is an MSP and we use the Fixlet Compliance by Computer Group report for each of our customers under patch management. We run the report in Web Reports and then export it to Excel for each customer. Every customer has a different baseline.

Our hope of the Schedulable Compliance by Computer report was to be able to have the compliance reports automatically e-mailed to the engineers in charge of each customer. But the more I think about it, since each customer has different baselines, there still has to be human interaction involved here (at least the way we have things set up). - For instance someone has to set the filters for each customer and save the reports.

Please let me know if there might be a way this report would be able to accommodate us. Thanks in advance.

leewei 2016-02-01 22:08:24 UTC #20

@ptholt79, it sounds like the automation we need is to figure out the Filters for each of your customers.
We don’t have an API for that, but I think you should know about the feature in WebReports to export a report.
Once you export is along with the Filters, it is possible to modify the Filters programmatically and re-import as a new one.

See this post: