Topic
  • 5 replies
  • Latest Post - ‏2013-01-24T19:22:12Z by SystemAdmin
anthonymap91
anthonymap91
14 Posts

Pinned topic cve report

‏2010-02-05T23:07:36Z |
I hope someone can help, please
I need to create a report that will list out the Fixlet ID, Fixlet name, category, source, Source Severity and CVE number.
This report is filtered by:

Include sites:
Patches for Windows (English)
Patches for AIX
Patches for ESX
Patches for HP-UX
Patches for Oracle
Patches for RHEL 3
Patches for RHEL 4
Patches for RHEL 5
Patches for RedHat Enterprise Linux
Patches for RedHat Linux
Patches for SUSE Linux Enterprise
Patches for Solaris
Patches for Solaris Maintenance
Updates for Windows Applications
Include Fixlet categories:

Recommended Security
Required by a Recommended/Security Patch
Security
Security Advisory
Security Fix
Security Hotfix
Security Setting
Security Update
Security fix
Service Pack

Example:

Fixlet name Fixlet ID Category Source Source Severity CVE
MSXX-11 - name 2000401 Security Hotfix Microsoft High CVE-2000-0089, CVE-2000-0090
MSXX-22 - name 2000401 Security Hotfix Microsoft High CVE-2000-0075
MSXX-33 - name 2000401 Security Hotfix Microsoft High CVE-2000-0076
Also I need to have all CVE numbers that are on one line to be on the next line:

Before:
Fixlet name Fixlet ID Category Source Source Severity CVE
MSXX-11 - name 2000401 Security Hotfix Microsoft High CVE-2000-0089,CVE-2000-0090
MSXX-22 - name 2000401 Security Hotfix Microsoft High CVE-2000-0075
MSXX-33 - name 2000401 Security Hotfix Microsoft High CVE-2000-0076

After:
Fixlet name Fixlet ID Category Source Source Severity CVE
MSXX-11 - name 2000401 Security Hotfix Microsoft High CVE-2000-0089
MSXX-11 - name 2000401 Security Hotfix Microsoft High CVE-2000-0090
MSXX-22 - name 2000401 Security Hotfix Microsoft High CVE-2000-0075
MSXX-33 - name 2000401 Security Hotfix Microsoft High CVE-2000-0076
Thanks for the help
  • BenKus
    BenKus
    597 Posts

    Re: cve report

    ‏2010-02-06T01:18:46Z  
    You can use a filtered "All Fixlets" report in the Web Reports to get this data (use the "Preferences" to choose the columns for the Fixlet report to include CVE and other things you might want).

    The only issue is that the CVE will be on one line... to get it on multiple lines, you will need to use the Excel Connector (http://support.bigfix.com/labs/excelconnect.html) and then use this session relevance:

    (name of it, id of it, (if exists category of it then category of it else "n/a"), (if exists source of it then source of it else "n/a"), (if exists source severity of it then source severity of it else "n/a"), (if exists cve id list of it then substrings separated by ";" of cve id list of it else "n/a")) of fixlets of bes sites whose (name of it = "Enterprise Security" OR name of it contains "Patches" OR name of it = "Updates for Windows Applications")


    Ben
  • anthonymap91
    anthonymap91
    14 Posts

    Re: cve report

    ‏2010-02-08T23:20:42Z  
    This is great, thanks for the help.

    How do I put this in columns in web reports?

    Thanks
  • BenKus
    BenKus
    597 Posts

    Re: cve report

    ‏2010-02-09T01:44:18Z  
    Try this in a custom report:

    table of concatenation of trs of (td of item 0 of it & td of item 1 of it & td of item 2 of it & td of item 3 of it & td of item 4 of it) of (name of it, id of it as string, (if exists category of it then category of it else "n/a"), (if exists source of it then source of it else "n/a"), (if exists source severity of it then source severity of it else "n/a"), (if exists cve id list of it then substrings separated by ";" of cve id list of it else "n/a")) of fixlets of bes sites whose (name of it = "Enterprise Security" OR name of it contains "Patches" OR name of it = "Updates for Windows Applications")
  • anthonymap91
    anthonymap91
    14 Posts

    Re: cve report

    ‏2010-02-09T16:56:12Z  
    Sorry to keep being a pain:

    The report worked but I do not see any CSV numbers in the report.

    I think the best way to do this would not be a web report(report takes forever and is not exportable), but something I can export to CSV on a scheduled bases.

    Thanks
  • SystemAdmin
    SystemAdmin
    890 Posts

    Re: cve report

    ‏2013-01-24T19:22:12Z  
    Sorry to keep being a pain:

    The report worked but I do not see any CSV numbers in the report.

    I think the best way to do this would not be a web report(report takes forever and is not exportable), but something I can export to CSV on a scheduled bases.

    Thanks
    Try This
    
    table of concatenation of trs of (td of item 0 of it & td of item 1 of it & td of item 2 of it & td of item 3 of it & td of item 4 of it & td of item 5 of it) of (name of it, id of it as string, (
    
    if exists category of it then category of it 
    
    else 
    "n/a"), (
    
    if exists source of it then source of it 
    
    else 
    "n/a"), (
    
    if exists source severity of it then source severity of it 
    
    else 
    "n/a"), (
    
    if exists cve id list of it then substrings separated by 
    ";" of cve id list of it 
    
    else 
    "n/a")) of fixlets of bes sites whose (name of it = 
    "Enterprise Security" OR name of it contains 
    "Patches" OR name of it = 
    "Updates for Windows Applications")