Session Relevance | Result formatting for "bes fixlet results"

nitesh_maurya · August 30, 2024, 11:37am

Hi All,
I am working on a session relevance for getting fixlet results of particular external sites. The relevance that I have drafted is as below:
(((tuple string item 2 of it, (tuple string item 1 of it as string as date - tuple string item 0 of it as date) as string <= “30 days”)) of (it as string) of (source release dates of fixlets of it, last became nonrelevants of it as local date, names of computers of it) of (results of (bes fixlets whose ((name of site of it as lowercase = “enterprise security”) or (name of site of it as lowercase = “updates for windows applications”)))) whose (remediated flag of it))

The result is like, computer name and a boolean value. I want to group all the boolean values by its computer names. Like, for a particular computer name all the corresponding boolean values should be there. For eg:
The output I am getting right now is like,
Server1, True
Server1, False
Server2, True
Server3, True
Server3, True
The requirement is more of like,
Server1, (True, False)
Server 2, True
Server 3, (True, True)

nitesh_maurya · August 30, 2024, 11:46am

@JasonWalker if you can help in this, that would be great

JasonWalker · August 30, 2024, 11:55am

I don’t understand what you’re trying to present

nitesh_maurya · August 30, 2024, 12:04pm

What I am trying to say is:
I am getting the result of the given session relevance in the below format:
Server1, True
Server1, False
Server2, True
Server3, True
Server3, True

I want to group the result by server names, so it would look like:
Server1, (True, False)
Server 2, True
Server 3, (True, True)

nitesh_maurya · August 30, 2024, 7:25pm

@JasonWalker do you see any possible way to do that? I spent much time in formulating some work around, but couldn’t get it through.

JasonWalker · August 30, 2024, 7:35pm

I really don’t see how you would get value out of having some arbitrary true/false values in a list - since there doesn’t seem to be a linkage back to which fixlet is True or False. I think I’m going to let someone else take a shot at this one.

Aram · September 3, 2024, 1:22pm

Am I understanding correctly that the intent of this session relevance is to return FALSE if any of the remediated Fixlet results were remediated more than 30 days after the Fixlet’s Source Release Date (and therefore only return TRUE if all of the remediated Fixlet results were remediated within 30 days of the Fixlet’s Source Release Date)? If so, this reminds me of the PLA Report in CyberFOCUS, though currently, it’s Fixlet scope is a bit more granular than what you have above.

This is doable, but can take quite a while to evaluate, especially if there are a lot of devices. Would it be valuable to limit the scope of this to specific groups of devices/computers?