/bundles/itninjaweb/img/Breadcrumb_cap_w.png
I'm building a smart label to find patches meeting certain criteria. I'm testing for:

Publisher = Microsoft Corp.
Impact is Critical
Status is Active
Superseded is No

but the very second and fourth returns say "Yes" in the "Superseded" column.

Just for kicks, I changed the "Impact" setting to "is not" "Critical", and that set of criteria returns one hit that is Critical Impact and Superseded. See picture.

i5u15s.png

If I simplify the criteria, the returns still don't match:


Answer Summary:
Cancel
2 Comments   [ - ] Hide Comments

Comments

  • Change the view from Applicable Packages to All Patches, see if that helps.

    (Upper right corner of your screenshot)
    • I've added a picture with simpler criteria, and the change you suggested. Still not matching.
      • save it with the initial criteria.

        Go to Security > Catalog

        Select the smart label filter on the Catalog, Make sure you are showing Individual Patches, see if it shows more there
  • I opened a ticket with Quest, and they came back with a similar answer to that of Channeler, but with enough information that I now understand why it's doing that.

    The two options, "Applicable Packages" and "All Packages" search bundles of patches, not individual patches. The third option, "Individual Patches", of course only searches individual patches.

    When you search in a bundle/package, some of the patches in that bundle will match the search criteria, and some won't, and therefore might return results you don't expect. For example, searching for "Impact = Critical" in a package/bundle that contains both critical and non-critical patches might return that bundle (depending on how the search is worded); essentially that particular field in such a case is useless. I suggested that in such a search that field's result be returned as something like "Not Applicable" rather than a deceptive "Critical" or not, and he believes there's a uservoice request for just that sort of solution to the potential confusion.

    TL:DR - Search on "Individual Patches" instead of on the "Applicable Packages" or "All Packages" bundles, when you need results to be precise to a patch's characteristics.
Please log in to comment

Answer Chosen by the Author


Answers

0
I opened a ticket with Quest, and they came back with a similar answer to that of Channeler, but with enough information that I now understand why it's doing that.

The two options, "Applicable Packages" and "All Packages" search bundles of patches, not individual patches. The third option, "Individual Patches", of course only searches individual patches.

When you search in a bundle/package, some of the patches in that bundle will match the search criteria, and some won't, and therefore might return results you don't expect. For example, searching for "Impact = Critical" in a package/bundle that contains both critical and non-critical patches might return that bundle (depending on how the search is worded); essentially that particular field in such a case is useless. I suggested that in such a search that field's result be returned as something like "Not Applicable" rather than a deceptive "Critical" or not, and he believes there's a uservoice request for just that sort of solution to the potential confusion.

TL:DR - Search on "Individual Patches" instead of on the "Applicable Packages" or "All Packages" bundles, when you need results to be precise to a patch's characteristics.
Answered 06/07/2018 by: kentwest
Third Degree Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity

Answers