Common problems and troubleshooting
Read this section for information about any known issues using the Manage Vulnerable Computers dashboard.
For more information about the Manage Vulnerable Computers dashboard, see the BigFix wiki.
- Verify that the installation is successful
-
Check that the action for the
Install or Update the Manage Vulnerabilities Plugin
completed successfully and make sure that the Fixlet® is no longer relevant. Allow some time for the action to complete and for the relevance to be evaluated.
- Checking for data posted by QRadar®
- To check for incoming data from QRadar®, check the dashboard variable under
which QRadar® posts data on the
BigFix server. On the BigFix server, open the following URL in a browser and log in using your
BigFix credentials:
https://127.0.0.1:52311/api/dashboardvariables/QRadarScan.ojo. Every time that QRadar® sends data to your BigFix server, a unique variable is created under
QRadarScan.ojo
. If there are no variables orQRadarScan.ojo
does not exist, QRadar® has not sent any data to the BigFix server. The variable name starts with the date on which the scan was run, for example:<Value>{"name":"20160118.120854.285.1 QRadar Data","assets":[ {"fqdn":"SIWW14EMMX-014","besid":"251301","cves":[{"id":"2015-6112", "risk":1},{"id":"2015-6113","risk":1},{"id":"2015-6104","risk":1}, {"id":"2015-6103","risk":1},{"id":"2015-6102","risk":1},{"
In addition,
besid
identifies the BigFix computers to which the CVE information relates. - No BigFix content appearing for CVE or computer
-
Make sure that you have permission to manage the computers as an operator in BigFix. Operators see only the computers in BigFix for which they have permission to manage. For more information, see: https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Console/c_operators.html.
As an operator, you must have access to the site and the computers subscribed to the patch sites that contain the remediation content. Computers must be subscribed to relevant patch sites for content to be available, otherwise the filter eliminates them from the original data set because they have no relevant content. For more information, see: https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Console/c_viewing_site_properties.html?hl=viewing%2Csite%2Cproperties.
- Checking that the QRadar® process is running
- To check if the QRadar®
process is running, check the processes on the Task Manager. When the
QRadar® plugin is installed and
running, the
QRadarNode.exe
process is visible from the Task Manager. - Logging
- The log files for the QRadar® plugin are located in the C:\Program Files\Bigfix Enterprise\BES Server\Applications\Logs directory.
- No Fixlet for CVE
- For complete information, see Viewing Common Vulnerability Exposures (CVEs) and associated Fixlets.
- Unable to quarantine or un-quarantine computers
- If you are unable to successfully quarantine or un-quarantine Microsoft Windows computers, make sure that the policy actions are set up correctly for the quarantine or un-quarantine Fixlets. See the Requirements for more information.