1 Reply Latest reply on Mar 29, 2018 4:42 PM by Eric.Cuthill

    Creating report to find Spectre/Meltdown patches

    gwiner Rookie

      I would like to create a custom report on the SQL Server backend database to find the status of all servers with regard to the installation (or lack thereof) of the Spectre/Meltdown patches.  I'm sure that this is just a customization of the Patch Status Detail Report, but I'm curious about what people are doing for the filter clause?  Are you filtering by Bulletin ID?  Surely I can't be the first person who has asked this, ...

        • 1. Re: Creating report to find Spectre/Meltdown patches
          Eric.Cuthill SupportEmployee

          I understand you would like to get he information from the SQL database and have provided a query below that should help in getting the information you need. I have also included the below document links to create a scan and report that will specifically target the patches you want through the GUI. We do suggest and prefer to report from current data and suggest making sure that a current scan is done of the environment before any reporting.

           

          Important information on detection logic for the Intel 'Meltdown' security vulnerability 

          Scan for and Report On Specific Patch(s) in Ivanti Patch for Windows Servers

           

           

           

          DISTINCT

           

          .QNumber, patch.Bulletin AS [Bulletin Id], product.Name AS [Product Name], product.ServicePackName AS [Service Pack Name], patchScan.StartedOn AS ScanDate, machine.Name AS [Machine Name],

           

          .Domain, machine.LastKnownIP AS [IP Address], machine.LastPatchAssessedOn AS [Scan Date], detectedPatchState.InstalledOn AS [Installed On], Reporting.PatchAppliesTo.CveId, Reporting.Cve.Name,

           

          .Description

           

                      Reporting.PatchScan AS patchScan INNER JOIN


          .AssessedMachineState AS assessedMachineState ON assessedMachineState.PatchScanId = patchScan.Id INNER JOIN


          .Machine AS machine ON machine.LastAssessedMachineStateId = assessedMachineState.Id INNER JOIN


          .DetectedPatchState AS detectedPatchState ON detectedPatchState.AssessedMachineStateId = assessedMachineState.Id INNER JOIN


          .Patch AS patch ON detectedPatchState.PatchId = patch.Id INNER JOIN


          .InstallState AS installState ON installState.Id = detectedPatchState.InstallStateId INNER JOIN


          .Product AS product ON product.Id = detectedPatchState.ProductId INNER JOIN


          .VendorSeverity AS vendorSeverity ON vendorSeverity.Id = patch.VendorSeverityId INNER JOIN


          .PatchAppliesTo ON patch.Id = Reporting.PatchAppliesTo.PatchId INNER JOIN


          .Cve ON Reporting.PatchAppliesTo.CveId = Reporting.Cve.Id LEFT OUTER JOIN


          sys.syslanguages AS locale ON machine.Language = locale.lcid


          (Reporting.Cve.Name = 'CVE-2017-5753') OR


          (Reporting.Cve.Name = 'CVE-2017-5715') OR


          (Reporting.Cve.Name = 'CVE-2017-5754')


          BY [Machine Name], installState.Description

           

           

           

           

          Eric