Welcome
BigFix and QRadar User Guide
QRadar® provides security intelligence for protecting assets and information from advanced threats. BigFix provides a dashboard that is integrated with QRadar®. This dashboard is called the Manage Vulnerable Computers dashboard and is located within the Endpoint Protection domain in BigFix. From this dashboard, you can view enriched vulnerability and risk data, from which you can quickly identify the computers that are most at risk. You can remediate the vulnerabilities that are detected by QRadar® and you can also quarantine or un-quarantine computers.
Overview and getting started
HCL® BigFix provides the Manage Vulnerable Computers dashboard from which you can view and remediate QRadar® vulnerability data. The dashboard lists the QRadar® Computer Risk Score, CVEs, and CVE risk score, which you can use to quickly identify the computers that are at risk. The dashboard provides a list of the Fixlets and Baselines that are available to take action and remediate CVEs. You can also quarantine or unquarantine computers from the Manage Vulnerable Computers Manage Vulnerable Computers dashboard. An Actions tab shows the actions that you ran from the dashboard.
Requirements
Ensure that your system meets the requirements for the Manage Vulnerable Computers dashboard to operate correctly.

BigFix Documentation Homepage
BigFix 10 Compliance Documentation
Welcome to the BigFix Compliance documentation, where you can find information about how to install, maintain, and use BigFix Compliance.
BigFix Platform
BigFix Query
Compliance Overview
BigFix Compliance helps support endpoint security throughout your organization.
Compliance Guides in PDF format
Following is a list of links to the BigFix Compliance user guides in PDF format:
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Client Manager for Endpoint Protection
BigFix Compliance CMEP is an effective tool to monitor the deployment and health status of various Endpoint Protection products and provide quick remediation actions to recover needed endpoint protection.
BigFix and QRadar User Guide
QRadar® provides security intelligence for protecting assets and information from advanced threats. BigFix provides a dashboard that is integrated with QRadar®. This dashboard is called the Manage Vulnerable Computers dashboard and is located within the Endpoint Protection domain in BigFix. From this dashboard, you can view enriched vulnerability and risk data, from which you can quickly identify the computers that are most at risk. You can remediate the vulnerabilities that are detected by QRadar® and you can also quarantine or un-quarantine computers.
- Overview and getting started
  HCL® BigFix provides the Manage Vulnerable Computers dashboard from which you can view and remediate QRadar® vulnerability data. The dashboard lists the QRadar® Computer Risk Score, CVEs, and CVE risk score, which you can use to quickly identify the computers that are at risk. The dashboard provides a list of the Fixlets and Baselines that are available to take action and remediate CVEs. You can also quarantine or unquarantine computers from the Manage Vulnerable Computers Manage Vulnerable Computers dashboard. An Actions tab shows the actions that you ran from the dashboard.
  - At a glance
    The Manage Vulnerable Computers dashboard identifies the QRadar® Computer Risk Score for each of the computers that you manage in BigFix. The dashboard also identifies the CVSS risk score associated with each CVE. Using this enriched risk assessment data from QRadar®, you can immediately identify the computers that are most at risk. The dashboard provides a list of the Fixlets and Baselines that are available for CVEs. You can run Fixlets or Baselines from the Manage Vulnerable Computers dashboard to remediate vulnerabilities and secure the vulnerable computers.
  - Operator permissions
    Operators accessing the BigFix Manage Vulnerable Computers dashboard and Fixlet APIs must have particular read/write permissions. Master operators can use the BigFix Console to change or assign permissions for operators as required.
  - Requirements
    Ensure that your system meets the requirements for the Manage Vulnerable Computers dashboard to operate correctly.
  - Accessing the site
    The Manage Vulnerable Computers dashboard runs from the BigFix Endpoint Protection domain. Before you can access the Manage Vulnerable Computers dashboard, you must acquire the QRadar Vulnerabilities site and accept the license agreement. After you acquire the QRadar Vulnerabilities site, you must gather the contents of the site to your console. You must also subscribe your computers to the site so that they can access the Manage Vulnerable Computers dashboard.
  - Install the plug-in
    Before you can access the QRadar® vulnerability data from the BigFix console, you must install the QRadar® plug-in in BigFix. To install the QRadar® plug-in, you run a Fixlet®. There is a separate installation Fixlet available for Windows and Linux. When running the installation Fixlet, you must target the BigFix server. After you have installed the QRadar® plug-in, you can access the Manage Vulnerable Computers dashboard from the BigFix Endpoint Protection domain.
- Remediate vulnerabilities
  Use the Manage Vulnerable Computers dashboard to view and remediate QRadar vulnerability data and quarantine or un-quarantine computers.
BigFix Client Compliance
This guide describes the BigFix Client Compliance and its solutions (BigFix Client Compliance Configuration and BigFix Client Compliance Windows (IPSec Framework)) which helps in maintaining the compliance status of the computers.
BigFix and Carbon Black integration
The HCL BigFix and Carbon Black integration allows administrators to deploy a full endpoint security solution to detect, contain, investigate, and remediate security threats and attacks on endpoints across the enterprise. The following sections provide useful information and links to the resources available for the solution.
Middleware Application Patching
BigFix Remediate
BigFix MCM

Requirements

Ensure that your system meets the requirements for the Manage Vulnerable Computers dashboard to operate correctly.

The Manage Vulnerable Computers dashboard has the following requirements:

BigFix console version 9.2.6 is recommended.
BigFix client version 9.2.6 or later is required.
The BES Server Plugin Service must be installed on the BigFix server and must be configured correctly.
BigFix Web Reports must be set up and running for the QRadar® plug-in to operate correctly. For information about configuring Web Reports, see Web Reports Guide.
Your computers must be subscribed to the site that contains the Fixlet® and patch content.
If you are not a master operator, you must be subscribed to the site that contains the Fixlet® and patch content to remediate CVEs.
As an operator, you must be subscribed to the Patching Support site.
You must activate the Quarantine Status analysis from Manage Vulnerabilities > Setup and Maintenance > Activate Analyses.
As an operator, you must have permissions to manage the computers that are subscribed to the site. For information about how operators are assigned permissions to computers, see Operator's permissions.
To quarantine and un-quarantine computers, you must set up a policy action for both the Quarantine and Un-quarantine Fixlets. To set up the policy actions, use the following example, which shows how to set up the policy action for the quarantine Fixlet® to quarantine computers:
1. From the Endpoint Protection domain, select Manage Vulnerabilities > Setup and Maintenance > Fixlets and Tasks.
2. Select the Quarantine Microsoft Windows computers Fixlet® and review the information in the Fixlet® description.
3. Click Take Action.
4. On the Targets tab in the Take Action dialog, select the Dynamically target by property option, and select All Computers.
5. On the Execution tab, clear the Ends on check box, check the Reapply this action check box with the whenever it becomes relevant again option selected, and clear the Limit to check box.
6. Click OK to set up the policy action.
Complete a similar procedure to set up the policy action for the un-quarantine Fixlet®. Set up the un-quarantine policy action on the Un-quarantine Microsoft Windows computers Fixlet® from Manage Vulnerabilities > Setup and Maintenance > Fixlets and Tasks.