Working on this recently and wanted to share for using NOT correctly when trying to build a remediation project and or GOAL/SLA.
So the use case here will be a GOAL that you want to configure to look for endpoints that have a specific software and your GOAL is to have the software removed.
The first query you would need to configure is looking for all endpoints that have a specific software e.g. Chrome
Now the next step is to create the filter to find assets that DO NOT have chrome installed. This is where the confusion comes in. At first thought you may think that you could do a DOES NOT CONTAIN actually queries assets that have software that is not chrome so you would still be getting all of the same assets.
The right way to do it would be to “Switch to Expert” in query builder
Now keep the same query of CONTAINS chrome but wrap the whole statement in parenthesis and prefix it with an exclamation point like so:
How that looks in the GOALS and SLAs is shown below. By using the DOES NOT CONTAIN you will show 100% compliant upon creation which of course is wrong, but by using the Expert Query you get the accurate 0% compliant.
