Topic
  • 16 replies
  • Latest Post - ‏2009-12-14T18:41:54Z by Lee Wei
Lee Wei
Lee Wei
599 Posts

Pinned topic Report Available: Microsoft Patch Compliance by Computer Group

‏2009-08-03T18:24:25Z |
I have seen requests for similar report in the past, so I hope this is useful for others.

  • There are many reports that we have from the perspective of a vulnerability (Fixlet).
However, sometimes there is a need to focus on the computers instead.

  • Note that this report has to correlate all the results posted by the endpoint, and it will take a long time to run.
For my laptop, it takes about 5 minutes to process 1,000 computers.
Please figure out the processing time using a small subset of computers on your system,
before running this against a large group of computers.

  • Also note that the BigFix Agent will only report patches that it detected since the installation.
So many existing patches installed via other mechanisms (e.g. Windows Update) will not be included.

Lee Wei

http://www.leewei.com/bigfix/prod/forum_images/mspatch_compliance_by_computergroup.png
  • TommyG91
    TommyG91
    18 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-08-03T18:47:07Z  
    Lee,

    This is beautiful! Could I talk you into changing the "critical / med / low", to a drop down menu that will list baselines? In the real world, we create patch policies (baselines) and patch against those.

    Thank you again! I'm learning to create my own reports but I spent no less than 12 hours this weekend and still don't have anything this nice.

    Tom
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-08-03T18:58:25Z  
    Umm, yeah, this is pretty incredible.

    Looking at this code, I realize this is something we never could have done in house. I wish Web Reports were more point and click!

    So, if one wanted to add the ability to drill down and see what patched were needed for each system, could that be done? Right now, clicking on a computer brings up all the computer information. Could things be done to enable the individual patches to be listed when one clicks on the server name - or perhaps the number of patches under "applicable patches?" Could this be expanded to be cross platform?

    Again, much thanks, this will be extremely useful! Stuff like this should ship out of the box!
  • Lee Wei
    Lee Wei
    599 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-08-03T20:50:39Z  
    TommyG,

    What you have requested makes sense, and other might benefit from this as well.
    Here is the report I created call "Baseline Compliance by Computer Group".
    http://forum.bigfix.com/viewtopic.php?pid=14445#p14445

    Lee Wei
  • Lee Wei
    Lee Wei
    599 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-08-03T20:57:44Z  
    Hello Jspanitz,

    Thanks for the feedback.
    Crossing platform is doable, as we can switch the current filter by Site to any available site subscription.
    I had thought about your other request - which is to drill into the vulnerable Fixlets. It is obvious and useful, but I can't think of a way to do yet...

    Lee Wei
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-08-05T16:12:48Z  
    Lee,

    Again, this is great. Exactly what we were looking for - your time is very much appreciated. This is the kind of report BigFix should ship with the product.

    To continue to improve on this, I would suggest to things (Reality Check - we are so happy with this report you can stop reading here). One is that some type of indicator be displayed showing that the report is running. The second is that once you have drilled down, if you could then click on the Relevant Computer count and have all the computers listed that need the patch. Kind of a Microsoft Patch Compliance by Patch report. Right now you can click on the name of the patch and you get dropped into the "old" style report. Which fully works - but it would just give the web reports a more polished look and feel.

    (warning - thread hijack in progress) My only concern here is that once you drill down, there is no going back. You need to rerun the report. I'm curious - is this the direction web reports is going?
  • Lee Wei
    Lee Wei
    599 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-08-05T16:39:56Z  
    jspanitz,

    Thank you for the feedback and here are a few quick notes:
    • These custom reports do not reflect the direction of Web Reports for the future. We are using the reporting platform to customize the information and formatting. So it is simply one person's preference (or capability...). Note that others prefer Flex and so on. :)
    • I am manipulating the data within the page dynamically, so the browser Back button does not work. Note that I have provided a BACK button that will preserve the information so that we don't have to rerun the report.
    • Regarding the "progress indicator", I notice that on IE, I cannot force the screen to update inflight. If you use FireFox, you will see the "searching..." and "processing..." messages.

    Lee Wei
  • Lee Wei
    Lee Wei
    599 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-08-06T19:43:42Z  
    jspanitz,

    Browsing and using any sites is reasonable. Patches for Windows is so common that I had leftit that way in hope to hit most use cases.
    If more people are using it, I will add the other sites.

    Lee Wei
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-08-06T23:34:57Z  
    Lee,

    I completely missed the Back button. You are one step ahead of me (well, way more than one but you get the point!). Thanks again!

    I just thought of another thing. Perhaps let us select the site to report against or let us choose multiple sites. But that may really add complexity.

    john
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-08-06T23:37:09Z  
    An overall patch compliance report that is cross platform (Win, Mac OSX & Linux) would fill a need here. Thx for considering it!
  • jnmoore91
    jnmoore91
    45 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-08-07T17:05:28Z  
    Off Topic:

    Hope you don't mind if I borrow your stripe & sortable table functions for my custom report (with source cited of course!)

    --Jerroyd Moore
  • choro
    choro
    6 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-10-13T17:56:18Z  
    Thanx Lee Wei, this is a very valuable report.

    Was wondering if we could get a version of this report that lists the needed patches instead of the number of needed patches?

    This report is very useful and I have been using it. But, I have to click on the number of needed patches to see the list. It would be great to just see the list there.

    Thanx for this great report!
  • Lee Wei
    Lee Wei
    599 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-10-13T18:03:32Z  
    Just wanted to acknowledge the requests.
    I won't get to this for a while though.

    Choro,

    Are you imagining clicking on a link to see the details shown in the same page, or the details showing by default for all computers?
    The latter is difficult without rewriting the whole report, because there needs to be as many additional queries as there are computers.

    Lee Wei
  • choro
    choro
    6 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-10-13T19:36:28Z  
    Hello Lee,

    Life is never simple :-), the latter one. Showing the details by default for all computers, just the needed patches. The patch's description would do.
    Bosses boss wants to see what computer needs what patch in one report.

    How about an Option to check if you want to display the needed patches instead of the number with the link? This way we would have the best of both worlds. :-)

    Choro
  • Lee Wei
    Lee Wei
    599 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2009-12-14T18:41:54Z  
    This report has been superseded by the one posted here:
    http://forum.bigfix.com/viewtopic.php?id=4307

    The new report is much faster with more features. I have changed the way the results are calculated yielding much performance improvement.
    Please give it a try.

    Lee Wei
  • Lee Wei
    Lee Wei
    599 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2011-12-08T18:12:22Z  
    Posting the report attachment.

    This is now superseded by a newer version with drilldown capability.
    It is about 5 posts down.
    NOTE!!: Don't download this one, use the one further down the thread.

    Lee Wei
  • Lee Wei
    Lee Wei
    599 Posts

    Re: Report Available: Microsoft Patch Compliance by Computer Group

    ‏2011-12-08T18:12:22Z  
    I have added the drilldown capability to the report.
    You can click on the numbers to see a list of the vulnerabilities.

    Lee Wei