Report Available: Schedulable Compliance by Computer or Content

Nagaraj 2016-02-25 07:20:49 UTC #21

Hi Lee,

Thanks for your updates, this report is very useful for us,

Thanks,
Nagaraj,

ptholt79 2016-02-25 20:41:42 UTC #22

Hi Lee,

Do you think it is possible for the outstanding fixlets to be displayed in this report? They don’t need to be hyperlinks as these reports would just be sent to our customers who do not have access to the our Web Reports. Thoughts?

Also is there an easier way to report on a baseline from this report other than inputting the baseline ID? Our baseline IDs change every month.

Thanks in advance.

leewei 2016-03-01 00:22:23 UTC #23

@ptholt79, sorry for the slow response.

How are you imagining the outstanding Fixlets to be displayed? Under each computer and perhaps with a toggle to show/hide?
I am not keen for the following reasons:

Making the report interactive will nullify its current purpose of being email-able.
Putting in the outstanding Fixlets in any form will also make the payload bigger for emailing around.
If we put in the Fixlet info, we are back to the reports we already have here: Interactive Compliance by Computer report.

For your second question.
Baselines are also Fixlets, so you can filter them under “Content” and use the names. You mentioned that the IDs are changing, are the names changing as well?

ptholt79 2016-03-01 14:45:17 UTC #24

I see what you are getting at with the outstanding fixlets.

No, the names of our baselines do not change. What is the best way to filter on a baseline for this report? I seem to have discrepancies between the Interactive Compliance by Computer report and the Schedulable Fixlet Compliance by Computer report for the Applicable, Installed, and Outstanding fixlets.

leewei 2016-03-01 15:19:17 UTC #25

@ptholt79 the way the report is written, if we were to filter on name of the baseline, it will be treated as one component. So the compliance is on the entire baseline, not individual components.
It is possible to change this in the report code itself.

Regarding differences between the reports, it is likely due to the filters being used. Since the “Fixlet Compliance by Computer Group” report has predefined filters, you kind of need to know exactly how I have defined them.

Please private message me and I will be happy to help you through these issues.

Lee Wei

leewei 2016-03-03 17:41:21 UTC #26

BUG FOUND: Found a bug while working with someone yesterday.

The symptom is that the PDF file generated does not look right. It is missing some pages, and information is missing.

This might happen on slower systems, or if the output file is very large. The PDF generator needs to wait for the JavaScript to finish processing. The default was to wait for 3 seconds which might not be sufficient.

I have created a new version of the lwmailer.exe v1.2.3 with a param, -script_delay.
Right now this defaults to 5 seconds, or change that to any number delay.

This example parameter will wait for 10 seconds.
Again, only necessary if you generate very large output and the info does not look right.

-script_delay=10000

ravik 2017-03-29 06:13:43 UTC #27

Hi,
Our observations when using the Patch Compliance Reports by Content or by Computers -

Some systems are in a PENDING RESTART state due to recently deployed patches
But the patch compliance report shows them in compliant state for those patches
Ideally these patches should not be counted towards compliance as they have not yet been applied onto the system.

Can this be fixed ? The report should only show “installed patches that have been applied after completing the restart”

Thanks
Ravi

leewei 2017-03-31 03:48:45 UTC #28

@ravik, the report gets its data from the Fixlets, and how the computers report their relevance.
If a computer shows that it is no longer relevant to a Fixlet, it will be considered fixed.

Divya.P 2018-07-17 08:28:59 UTC #29

Hi all,

I am trying to schedule a compliance report in html format, it get scheduled properly but when I open the report few things are missing

Divya.P 2018-07-17 09:16:07 UTC #30

@leewei Please extend your support

Thanks in advance

Regards,
Divya

dmccalla 2018-07-17 13:10:52 UTC #31

You really should not be posting a picture containing the hostnames, OS, and IP addresses of your machines.

leewei 2018-07-17 15:39:41 UTC #32

Hi @Divya.P, sorry to hear of the problem.

Does the report look right if you run it manually?
The HTML being delivered is a standalone file that does not need to refer to other external websites. Can you please turn on the browser debugging console (please search the net to find out how to do this if necessary) to see what errors might have been generated.

Lee Wei

Divya.P 2018-07-18 05:40:45 UTC #33

Hi,

Report doesn’t look like this when run manually.

There are no error in debug

Please help

jwgibson949 2018-11-29 17:11:59 UTC #34

Has anyone modify the report template to use a specific baseline of patches instead of using the Patches for Windows site and if so how to change the filter to look at all the patches other than just the critical?

LouC 2018-12-17 01:45:18 UTC #35

Wondering if anyone has got this report working (compliance by computer group) in large environments (10,000+ endpoints). I have a report server with 16GB RAM and 4vcpu’s but the report returns NaN%. It works fine if i use smaller groups of assets.

steve 2018-12-18 06:19:28 UTC #36

NaN means Not a Number, so there was likely some error in the source relevance results that returned an error string instead of a number, thus a compliance percentage couldn’t be calculated. There are a lot of checks in the report js that validate that everything is a number, so it’s possible that it’s just hitting a limit of how much data can be processed by js within this report.

To look at the source data in a basic table, create a custom report with this code. Make sure to apply the right filters so it doesn’t try to return data for all fixlets in your environment. The last 3 columns of each row should all be 0 or 1. If anything looks off, then it could prevent the compliance calculation.

<style>
table, th, td {
  border: 1px solid black;
  border-collapse: collapse;
}
</style>
<h2>Source relevance data</h2>
<table>
<tr><th>ComputerID&FixletID</th><th>ComputerID</th><th>Computer Name</th><th>OS</th><th>IP Address</th><th>Last Reported</th><th>Applicable</th><th>Fixed</th><th>Vulnerable</th></tr>
<?relevance trs of htmls (unique values of (it as string) of (td of (id of computer of it as string & id of fixlet of it as string) & td of (id of computer of it as string) & td of (if exists name of computer of it then name of computer of it else "<none>") & td of (if exists operating system of computer of it then operating system of computer of it else "<none>") & td of (if exists ip addresses of computer of it then concatenations (html "<br>") of (ip addresses of computer of it as string) else html "") & td of (if exists last report time of computer of it then (((year of it as string & "/" & month of it as two digits & "/" & day_of_month of it as two digits) of date (local time zone) of it & " " & (two digit hour of it as string & ":" & two digit minute of it as string & ":" & two digit second of it as string) of time (local time zone) of it) of last report time of computer of it) else ("<none>")) & td of (if (exists first became relevant of it) then ("1") else ("0")) & td of (if (exists Last Became NonRelevant of it and not relevant flag of it) then "1" else "0") & td of (if (exists Last Became Relevant of it and Relevant Flag of it) then "1" else "0")) of results of bes fixlets) ?>
</table>

hsan30 2019-03-08 17:26:16 UTC #37

Hi,

I imported the report, but when I try to modify any of the criteria in any of the parameters and apply the filters I get this:

Error in the Session Relevance:

Any idea what the problem can be?

Here is a screenshot of what I am entering for the filters:

Schedulable

I also have a question, is it possible to enter “All” or perhaps (* = wildcard) to get a return of all?

I am asking specifically for the Content > Source Severity > is > (I would like all of the Source Severities applicable, not just Critical).

Any advice would be appreciated!

Thank you,

hsan30

leewei 2019-03-08 18:47:42 UTC #38

@hsan30, If we do not have a filter for Content > Source Severity, it would be equivalent to All. So just remove that line.
You should delete the first filter referencing Computer > Computer Group > with the red item. It is there as a reminder to create one specific to your deployment.

vhenry 2019-04-19 18:07:28 UTC #39

This report is great!!

What is the relevance query for being able to view the Computer Group column in the report? I edited the source but I keep getting an error.

Thank you,
Jennifer

sureshhan 2019-04-24 11:11:41 UTC #40

You can able to generate report Computer Group