@holly_wilsey Thank you for your response , below is the query : I have tested number of time and it is still showing most recent result , however within the console , I can see result of the policy scan that occured on 2021-10-28 but Query always output most recent scan results.
SELECT
dp.policy_id, dp.title as policy_title, dpr.rule_id, dpr.title as policy_rule_title,
dp.benchmark_name, da.ip_address, da.host_name, dpr.description, dp.category,
fapr.date_tested, (regexp_replace(fapr.proof,'<[^>]*>|^\s+|\s\s+','','g')) as proof, fapr.compliance,
dpr.severity, (regexp_replace(dpr.rationale,'<[^>]*>|^\s+|\s\s+','','g')) AS rationale, (regexp_replace(dpr.remediation,'<[^>]*>|^\s+|\s\s+','','g')) AS remediation
FROM fact_asset_policy_rule fapr
JOIN dim_policy dp on dp.policy_id = fapr.policy_id
JOIN dim_policy_rule dpr on dpr.policy_id = fapr.policy_id and fapr.rule_id = dpr.rule_id
JOIN dim_asset da on da.asset_id = fapr.asset_id
WHERE fapr.date_tested< '2021-10-30'
Thank you
My initial thought is that you would need to include the full date + time in your comparison value for the timestamp, or else there may be results outside of your intended date range. It depends on how the timestamps in the fapr.date_tested field are actually formatted, though. You could try something like:
WHERE fapr.date_tested < '2021-10-30 12:00:00.000000'
Hi @holly_wilsey ,
I just tried your suggestion , It comes out with empty result , it is still not working , Any further suggestions ?
The scan however did happen :
Regards,
Manny
If you see no results, it sounds like it could be a date formatting issue. I would copy an example date from the date_tested column and just update the date to the desired year/month/day to ensure it retains the proper formatting. If that doesn’t work, I suspect it may be due to the table itself.
The description for the table says the following:
Hi @holly_wilsey ,
I do see result if the Date is WHERE fapr.date_tested > ‘2021-10-30 12:00:00.000000’ however there is 0 result for WHERE fapr.date_tested < ‘2021-10-30 12:00:00.000000’ , I tried copying example date from the date_tested column as you suggested however it still doesn’t work.
Do we have any other suggestion? to fix or workaround ? I also tried to use fact_asset_scan_policy table with another query both fact_asset_scan_policy and fact_asset_policy_rule are behaving exactly same.
Thank you.
Manny
Currently using the SQL query below to import the scan results into our ServiceNow custom table. This query also works with the sql export report in InsightVM, but you might need the rename “check_result” tot “compliance”. The WHERE gives me the scan results of yesterday.
SELECT dp.policy_id,
dp.title as policy_title,
dpr.rule_id,
dpr.title as policy_rule_title,
da.ip_address,
da.host_name,
fapr.asset_id,
dpr.description,
fapr.date_tested,
htmlToText(fc.proof) as proof,
fc.check_result,
dpr.severity,
(regexp_replace(dpr.rationale,’<[^>]>|^\s+|\s\s+’,’’,‘g’)) AS rationale,
(regexp_replace(dpr.remediation,’<[^>]>|^\s+|\s\s+’,’’,‘g’)) AS remediation
FROM fact_asset_policy_rule fapr
JOIN dim_policy dp on dp.policy_id = fapr.policy_id
JOIN dim_policy_rule dpr on dpr.policy_id = fapr.policy_id and fapr.rule_id = dpr.rule_id
JOIN dim_asset da on da.asset_id = fapr.asset_id
JOIN fact_asset_policy_rule_check fc on fc.policy_id = fapr.policy_id and fc.rule_id = fapr.rule_id AND fapr.asset_id = fc.asset_id
WHERE date(fapr.date_tested) = CURRENT_DATE - 1
edit: you can change CURRENT_DATE - 1 to YYYY-MM-DD (between quotes) to get the scans for that date.
This doesn’t work , Thank you for suggestion though.
