Report Available: Vulnerability Hotspot Report

(imported topic written by SystemAdmin)

Vulnerability Hotspot Report

http://support.bigfix.com/download/bes/customreports/VulnerabilityHotspotReport.jpeg

Description:

This report creates a table of computers that have more relevant fixlets than a user defined amount. The fixlets counted in this report are only fixlets found in Enterprise security, or a Patch management site, such as “Patches for windows” or “Patches for AIX”

Archiveable/Mailable:

No

Required BES Sites:

Enterprise Security, or any patch management site

Updated 4/30/07 to remove a vestigial alert statement

(imported comment written by paulc91)

I like the idea of the report, unfortunately like most of BES its MS-centric. All AIX issues are listed with a severity level of “Unclassified”. This results in no hits for this report. This was a point that I was going to highlight in the ‘overview’ web report where my report is just a page of blue that shows no detail of the type of issues currently on the hosts and in reality is useless.

Is there any way that these reports can be changed for us non-MS based customers?

(imported comment written by paulc91)

Given a report to work with I have created the attached AIX version of this report…

There are a few issues that I dont have time to fix today, but I wonder if you could help with the following:

  1. I would like to report on the BES column ‘catagory’ and not ‘source severity’ - what is the correct search name for that column?

  2. What is the correct name to search on for the catagory ‘High Impact/Highly Pervasive’ ? my report returns all '0’s and I know that is not correct.

Where can I get the code for the overview report so I can make the same kind of changes as I have made in this report so I can have a more detailed overview for AIX?

Thanks in advance.

(imported comment written by paulc91)

I have spent some time on this and produced the attached report with the answers to my first 2 questions.

I am still after the code for the 'Overview" report to allow me to make changes so the AIX severities are reported correctly. Is that something that can be made available?

(imported comment written by BenKus)

Hey Paulc,

Excellent! Good work modifying the reports… hopefully it wasn’t too hard…

For your question about the overview page, there unfortunately is not any modifyable code for the Overview page because it is a report built-in to the web reports.

You could probably recreate the information on the overview page, but we would need to build it from other reports or build it from scratch.

Ben

(imported comment written by JesseR91)

I am having a problem getting this working. I imported it as a custom report from Web Reports and when I press ‘Search’ it locks up my browser for a few minutes then comes back and says ‘No Results Found’. I am using 6.0.21.5. What am I doing wrong?

(imported comment written by Gallus2391)

I’ve just found this and I’m in love (no really I’m in love)…

but Does any one have any idea how I can filer by manual Group ?

(imported comment written by SystemAdmin)

Hey galus23,

If you go to create new filter at the top left corner of the web reports page, on the create filter page, expand the “Computer” tab and select the “Computer Group” option. There will be a list of both manual and automatic groups.

This report is still being worked on. There is a new version for 7.0 that will be propagated as a “Content Report”, which uses flex. The report posted here will work for both 6.0 and 7.0 deployments. This report can get very slow on larger deployments (in the 40,000 and above computer range) and still has some modifications to be made before it ready.

(imported comment written by SystemAdmin)

Hello,

When I try and run this report it hangs IE. Is anything besides owc11

(imported comment written by SystemAdmin)

Hey pschwartz,

This report is very slow, and may not finish in a reasonable span of time on bigger deployments. This report should be considered a “beta” version. At some point, a new version of this report will be sent in 7.0’s content reports, which hopefully will run faster.

-Zak

(imported comment written by dtamasanis@kronos.com91)

This is exactly the report I am searching for. Unfortunately, it is returning no computers found for every search. I know I have systems requiring 35 or more updates and should get results. I have run the report with 0 as an input and also received no computers returned as an answer.

The query takes a long time and appears to be running.

I have administrative privilege in web reports and manage all computers. I really want this to work - any more suggestions? I don’t care about speed of reporting.

(imported comment written by SystemAdmin)

After working with dtamasanis, i have come up with a new rendition of this report. The insides have been completely riped out and reworked, and now it uses flex to display the results, though its functionality is the same.

This new report uses much faster relevance expressions, however it has to do a lot more work with what is retrieved. This means that if a lot of results are returned, then your browser may start complaining that the “script is taking too long to execute”. You can usually click through these messages to get it to finish.

Hopefully this will solve many of the problems some of you have been having. This report is still very much a work in progress and may not work ideally in all situations.

+update: this report can be filtered. Warning stating it can has been removed. +

(imported comment written by Gallus2391)

The new report works great. Many Thanks

(imported comment written by khanand91)

Hi Zak

The report looks good, but I wonder - is to possible to filter the report on a retrived propery i.e for example we have a propery that contains the machines support group, the ideal scenario would be to have a input box on the report. But if it has to be hardcoded into the report then thats ok too.

Any help would be much appreciated.

Andy

(imported comment written by khanand91)

Zak

Is there a way of saving the report to .csv etc ?

thanks

(imported comment written by SystemAdmin)

Hey khanand,

I do believe the new version of this report is filterable using the built in web reports filtering abilities. Using this, you can filter down to the retrieved property or computer group you want.

There is no option to save this report as csv. I did recently update the flex table component to allow select all (ctrl +a) and copy (ctrl+c). Copy will save the data as a html table, which can easily be transfered into excel and other applications. Hopefully from here you can use Excel or some other application to convert to csv.

-Zak

(imported comment written by khanand91)

thanks zak.

I thought I was running the latest version of the report i.e. the one in the post above … will try the copy & paste again ( but sure that I tried this ) will also have another go at using the filters - it didn’t look like they were working for me and as it stated at the top of the report that they wouldn’t - I assumed that to be the case …

(imported comment written by SystemAdmin)

Sorry, that “no filtering” message is left over from the old version of the report. I just tested this and it filtered correctly.

I just recently updated the chart component to allow selecting and pasting. This component is pulled from our server so you don’t have to update anything at your end, though your browser probably cached the old chart component, so you may want to clear your browser cache if it hasn’t been updated.

(imported comment written by khanand91)

ok - thanks zak, copying and pasting is working well and the filtering also appears to be working. I do seem to be getting one strange problem.

it seems that I get one or two patches showing up with the wrong source severity / site in the report, when I drill down to look at relevant fixlets I cannot see any outstanding that match either the source severity or the site thats queried in the report.

am I missing a trick here ?

Andy

(imported comment written by SystemAdmin)

The report grabs any fixlet form enterprise security OR from any site that has "Patches for " in the name (Patches for Windows, Patches for AIX, etc). It could be that once you drill down you are only looking at enterprise security fixlets.

A quick check would be to set a filter for enterprise security fixlets and see if that changes the numbers to be what you expect.

Note that there is a bug in web reports that makes it so you have to save the filter before it works properly for this report.

-Zak