Topic
  • 30 replies
  • Latest Post - ‏2013-10-11T21:54:34Z by Yuvaraj_Devadass
SystemAdmin
SystemAdmin
890 Posts

Pinned topic Report Available: Vulnerability Hotspot Report

‏2007-04-28T02:47:32Z |
Vulnerability Hotspot Report
http://support.bigfix.com/download/bes/customreports/VulnerabilityHotspotReport.jpeg
Description: This report creates a table of computers that have more relevant fixlets than a user defined amount. The fixlets counted in this report are only fixlets found in Enterprise security, or a Patch management site, such as "Patches for windows" or "Patches for AIX"

Archiveable/Mailable: No
Required BES Sites: Enterprise Security, or any patch management site

Updated 4/30/07 to remove a vestigial alert statement
  • paulc91
    paulc91
    20 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-05-02T19:19:44Z  
    I like the idea of the report, unfortunately like most of BES its MS-centric. All AIX issues are listed with a severity level of "Unclassified". This results in no hits for this report. This was a point that I was going to highlight in the 'overview' web report where my report is just a page of blue that shows no detail of the type of issues currently on the hosts and in reality is useless.

    Is there any way that these reports can be changed for us non-MS based customers?
  • BenKus
    BenKus
    597 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-05-03T01:18:12Z  
    Hey Paulc,

    Excellent! Good work modifying the reports... hopefully it wasn't too hard...

    For your question about the overview page, there unfortunately is not any modifyable code for the Overview page because it is a report built-in to the web reports.

    You could probably recreate the information on the overview page, but we would need to build it from other reports or build it from scratch.

    Ben
  • JesseR91
    JesseR91
    38 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-06-27T20:21:56Z  
    I am having a problem getting this working. I imported it as a custom report from Web Reports and when I press 'Search' it locks up my browser for a few minutes then comes back and says 'No Results Found'. I am using 6.0.21.5. What am I doing wrong?
  • Gallus2391
    Gallus2391
    10 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-08-17T08:48:59Z  
    I've just found this and I'm in love (no really I'm in love)....

    but Does any one have any idea how I can filer by manual Group ?
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-08-20T18:52:05Z  
    Hey galus23,

    If you go to create new filter at the top left corner of the web reports page, on the create filter page, expand the "Computer" tab and select the "Computer Group" option. There will be a list of both manual and automatic groups.

    This report is still being worked on. There is a new version for 7.0 that will be propagated as a "Content Report", which uses flex. The report posted here will work for both 6.0 and 7.0 deployments. This report can get very slow on larger deployments (in the 40,000 and above computer range) and still has some modifications to be made before it ready.
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-08-23T15:09:53Z  
    Hello,

    When I try and run this report it hangs IE. Is anything besides owc11
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-08-23T20:31:49Z  
    Hey pschwartz,

    This report is very slow, and may not finish in a reasonable span of time on bigger deployments. This report should be considered a "beta" version. At some point, a new version of this report will be sent in 7.0's content reports, which hopefully will run faster.

    -Zak
  • dtamasanis@kronos.com91
    1 Post

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-08-29T18:01:42Z  
    This is exactly the report I am searching for. Unfortunately, it is returning no computers found for every search. I know I have systems requiring 35 or more updates and should get results. I have run the report with 0 as an input and also received no computers returned as an answer.

    The query takes a long time and appears to be running.

    I have administrative privilege in web reports and manage all computers. I really want this to work - any more suggestions? I don't care about speed of reporting.
  • Gallus2391
    Gallus2391
    10 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-09-20T09:03:46Z  
    The new report works great. Many Thanks
  • khanand91
    khanand91
    17 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-10-10T13:44:06Z  
    Hi Zak

    The report looks good, but I wonder - is to possible to filter the report on a retrived propery i.e for example we have a propery that contains the machines support group, the ideal scenario would be to have a input box on the report. But if it has to be hardcoded into the report then thats ok too.

    Any help would be much appreciated.

    Andy
  • khanand91
    khanand91
    17 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-10-23T15:37:09Z  
    Zak

    Is there a way of saving the report to .csv etc ?

    thanks
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-10-25T18:53:53Z  
    Hey khanand,

    I do believe the new version of this report is filterable using the built in web reports filtering abilities. Using this, you can filter down to the retrieved property or computer group you want.

    There is no option to save this report as csv. I did recently update the flex table component to allow select all (ctrl +a) and copy (ctrl+c). Copy will save the data as a html table, which can easily be transfered into excel and other applications. Hopefully from here you can use Excel or some other application to convert to csv.

    -Zak
  • khanand91
    khanand91
    17 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-10-26T11:16:20Z  
    thanks zak.

    I thought I was running the latest version of the report i.e. the one in the post above .. will try the copy & paste again ( but sure that I tried this ) will also have another go at using the filters - it didn't look like they were working for me and as it stated at the top of the report that they wouldn't - I assumed that to be the case ..
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-10-26T18:13:10Z  
    Sorry, that "no filtering" message is left over from the old version of the report. I just tested this and it filtered correctly.

    I just recently updated the chart component to allow selecting and pasting. This component is pulled from our server so you don't have to update anything at your end, though your browser probably cached the old chart component, so you may want to clear your browser cache if it hasn't been updated.
  • khanand91
    khanand91
    17 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-11-06T14:16:48Z  
    ok - thanks zak, copying and pasting is working well and the filtering also appears to be working. I do seem to be getting one strange problem.

    it seems that I get one or two patches showing up with the wrong source severity / site in the report, when I drill down to look at relevant fixlets I cannot see any outstanding that match either the source severity or the site thats queried in the report.

    am I missing a trick here ?

    Andy
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2007-11-07T19:28:31Z  
    The report grabs any fixlet form enterprise security OR from any site that has "Patches for " in the name (Patches for Windows, Patches for AIX, etc). It could be that once you drill down you are only looking at enterprise security fixlets.

    A quick check would be to set a filter for enterprise security fixlets and see if that changes the numbers to be what you expect.

    Note that there is a bug in web reports that makes it so you have to save the filter before it works properly for this report.

    -Zak
  • khanand91
    khanand91
    17 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2008-02-27T10:46:05Z  
    Zak .. seems my problem is that the report is showing patches that are hidden, is there anyway to exclude these ?
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2008-02-28T01:01:54Z  
    Hey khanand,

    You can filter out globally hidden fixlets by doing a search and replace in the report's source code:

    replace (without single quotes): 'bes fixlets whose( '
    with: 'bes fixlets whose( globally visible flag of it AND '
  • khanand91
    khanand91
    17 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2008-02-29T14:27:56Z  
    that works fantastico ... looking at get supper quick results from the presenation debugger. can you help me work out how I can filter further on say another one or two retrived properties in the console ..

    ( html (it &","& multiplicity of it as string &","))of unique values of (link of it as string) of (applicable computers of it) whose(exists link of it) of bes fixlets whose( globally visible flag of it AND (name of site of it as lowercase contains "patch" or name of site of it = "Enterprise Security") AND (source severity of it as lowercase as string = "critical" ))

    this gives me the computername and number of critical relevant fixlets .. just want to filter this down on some other retrived properties .. i have on;y manged to figure out how to do it by name .. :-(

    thanks Zak
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2008-03-03T19:49:45Z  
    To do this, you just need to change the Whose clause for {applicable computers of it}. it should look something like this:

    ( html (it &","& multiplicity of it as string &","))of unique values of (link of it as string) of (applicable computers of it) whose(exists link of it AND exists results(bes property whose(name of it = "OS"), it)) of bes fixlets whose( globally visible flag of it AND (name of site of it as lowercase contains "patch" or name of site of it = "Enterprise Security") AND (source severity of it as lowercase as string = "critical" ))

    that will return results for computers that have results for the "OS" property. If you want to filter on a specific results, change the {exists results(bes property whose(name of it = "OS"), it)} to be :

    value of results(bes property whose(name of it = "OS"), it) contains "WinXP"

    This is the easiest change to make, however it is not the most efficient expression since has to find the "OS" property for each computer. If this expression is too slow we can rewrite it to be a faster one, but i think this should be fine.

    -Zak
  • khanand91
    khanand91
    17 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2008-04-09T13:25:15Z  
    hi Zak

    the above worked well, so now i have a great report and can get some quick results.

    moving forward, how easy is it to enumerate the patch names that are outstanding in another column.

    looking at the example above i have tried simply to replace the 'multiplicity of it as string' with 'Names of it' or 'id of it' thinking that this may work .. well actually more hoping ..

    thanks
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2008-04-15T19:28:02Z  
    Hey khanand,

    This expression would have to be heavily rewritten to display which fixlets are relevant for each computer. Our current expression is sort of a cheat, it uses "multiplicity of <unique values>" to quickly count of the number relevant critical fixlets. However to print out a link for the fixlets, you have to look every computer, and for every computer look up every fixlet, which gets extremely slow, depending on the number of computers you have.

    This may be difficult to get right, so you may want to use Professional Services to produce this report for you.

    -Zak
  • FITZPAW91
    FITZPAW91
    17 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2008-07-10T14:40:58Z  
    Great post all, thanks

    How about if you want to add <unspecified> vulnerabilities to the report?

    Thanks
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Vulnerability Hotspot Report

    ‏2009-05-28T11:51:15Z  
    Can this report be sorted by Host name?