Rest API and Webreport not the same result :(

Hello All,

I try to create a query with the Rest API ( with python).

My request work, but i have not the same result as my custom webreport

And i don’t find my mistake

So the webreport is like this :

webreport915×486 22.4 KB

And the title of the colum are :

Category | CVE | ID Source | Source Gravity | Name | Computer | Relation

And my api request :

https://myserver/api/query?relevance=(category of it, cve id list of it, source id of it | “no value”, source severity of it, name of it, names of applicable computers of it) of fixlets whose (applicable computer count of it > 0 and fixlet flag of it and source severity of it as lowercase does not contain “unspec” and source severity of it as lowercase does not contain “n%2Fa” and cve id list of it as lowercase does not contain “unspecif” and cve id list of it does not contain “n%2Fa”) of bes sites whose (name of it is “Patches for Windows” or name of it is “Patches for Windows (French)”)

But i don’t have the same result

For exemple i have some CVE start with “ADV” (with no source id) in webreport, but i haven’t this in the result of rest api

did someone has an idea ?

Thanks in advance

I see a couple of things worth checking. In general, when building your Session Relevance query, a good practice is to start simple and test the query at each step.

Do you get expected results for

names of bes sites whose (name of it is "Patches for Windows" or name of it is "Patches for Windows (French)")

It could be as simple as “Patches for Windows” is not really the site name, but the site display name. The actual site name for that one is “Enterprise Security”

(name of it, display name of it) of bes sites

BES Support, BES Support
Enterprise Security, Patches for Windows

The other thing is that a filter like

cve id list of it as lowercase does not contain "unspecif"

will fail (not return the result) if the ‘cve id list’ value does not exist at all. Similar to the ‘source id’ not containing a value, it may not be good to assume that these properties all have a value…so a safer filter (to use in place of ‘source severity’, and ‘cve id list’ may be

not exists cve id list whose (it as lowercase contains "unspecif" or it as lowercase contains "n%2Fa") of it

I can relate this this. What I have found very useful is the Bigfix Excel connector (I don’t have a link for it I’m afraid). You can replicate many of the filters you can use in Web Reports using the Excel connector and that then gives you the ability to see the session relevance that forms the results which you can then copy for your REST API query.

image602×819 27.3 KB

image1096×649 42.6 KB

Good call on the Excel connector!

The Excel connector and several other utilities are hosted on the BigFix Wiki at https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/Utilities

@Cyp31 – the issue is exactly what @JasonWalker describes in his post here: Rest API and Webreport not the same result :(

Web Reports site filter does not display site names but rather site “Display Names”.

Hello all,

Thanks for the reply, yes in fact it wast about the site name. Like JasonWalker say

So it just move to (name of it is “Entreprise Security” or name of it is “Paches for Windows (French)”)

And all work fine with this query

(category of it, cve id list of it, source id of it | “no value”, source severity of it, name of it, names of applicable computers of it) of fixlets whose (applicable computer count of it > 0 and fixlet flag of it and source severity of it as lowercase does not contain “unspec” and source severity of it as lowercase does not contain “n%2Fa” and cve id list of it as lowercase does not contain “unspecif” and cve id list of it as lowercase does not contain “n%2Fa”) of bes sites whose (name of it is “Enterprise Security” or name of it starts with “Patches for Windows”)