Welcome
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
BigFix Compliance Analytics Setup Guide
Installing BigFix Compliance Analytics
Use this guide to deploy and configure the BigFix Compliance Analytics.
Migrating Keystores
Follow these steps to migrate keystores in BigFix Compliance Analytics. A keystore is a database file that stores security certificates, such as authorization or public key certificates.

BigFix Documentation Homepage
BigFix 10 Compliance Documentation
Welcome to the BigFix Compliance documentation, where you can find information about how to install, maintain, and use BigFix Compliance.
BigFix Platform
BigFix Query
Compliance Overview
BigFix Compliance helps support endpoint security throughout your organization.
Compliance Guides in PDF format
Following is a list of links to the BigFix Compliance user guides in PDF format:
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
- BigFix Compliance Analytics Setup Guide
  - Introduction
    BigFix Compliance Analytics is a component of BigFix Compliance, that aggregates and reports on the compliance statuses of all endpoints against deployed policies that are continually collected, aggregated, and reported using a powerful Compliance Analytics engine, database and user interface.
  - Installing BigFix Compliance Analytics
    Use this guide to deploy and configure the BigFix Compliance Analytics.
    - Download BigFix Compliance Analytics
      You can download BigFix Compliance Analytics by completing the following steps:
    - Running the Installer
      Follow these steps to install BigFix Compliance Analytics.
    - Upgrading
      When upgrading from earlier versions of BigFix Compliance Analytics, the installer replaces the previously supplied server certificate and private key pair with a new self-signed certificate and key pair.
    - Migrating Keystores
      Follow these steps to migrate keystores in BigFix Compliance Analytics. A keystore is a database file that stores security certificates, such as authorization or public key certificates.
    - Performing initial set up and configuration
      To set up the database connection, perform the following steps:
    - Configure HTTPS
      HCL BigFix Compliance Analytics administrators can configure SSL and the TCP ports from the Management > Server Settings section of the web interface.
    - Configuring LDAP
      BigFix for BigFix Compliance Analytics supports authentication through the Lightweight Directory Access Protocol (LDAP) server.
    - Updating National Vulnerability Database Data Feeds
      Administrator updates the BigFix Compliance Analytics periodically to upload and sychronize the latest vulnerabilities.
    - Log files
      This section describes how to access log files and the options associated with BigFix Compliance Analytics.
  - Uninstalling
    To remove BigFix Compliance from your infrastructure, stop the application-specific actions and analyses that are running on the computers and uninstall the scanner. Remove the VM Manager tool. Subsequently, uninstall the BigFix Compliance server, and optionally eliminate the associated database as well.
  - Configuring report definitions using REST API
    Administrators can use REST API to create, update, and delete saved report view definitions across BFC instances.
  - Disaster recovery for BigFix Compliance Analytics
    Use the standard cold standby method of creating a backup and restoring the system in your disaster recovery plan for BigFix Compliance Analytics.
- BigFix Compliance Analytics User Guide
  BigFix Compliance Analytics is a component of BigFix Compliance, that includes technical controls and tools that are based on industry practices and standards for endpoint and server security configuration.
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Client Manager for Endpoint Protection
BigFix Compliance CMEP is an effective tool to monitor the deployment and health status of various Endpoint Protection products and provide quick remediation actions to recover needed endpoint protection.
BigFix and QRadar User Guide
QRadar® provides security intelligence for protecting assets and information from advanced threats. BigFix provides a dashboard that is integrated with QRadar®. This dashboard is called the Manage Vulnerable Computers dashboard and is located within the Endpoint Protection domain in BigFix. From this dashboard, you can view enriched vulnerability and risk data, from which you can quickly identify the computers that are most at risk. You can remediate the vulnerabilities that are detected by QRadar® and you can also quarantine or un-quarantine computers.
BigFix Client Compliance
This guide describes the BigFix Client Compliance and its solutions (BigFix Client Compliance Configuration and BigFix Client Compliance Windows (IPSec Framework)) which helps in maintaining the compliance status of the computers.
BigFix and Carbon Black integration
The HCL BigFix and Carbon Black integration allows administrators to deploy a full endpoint security solution to detect, contain, investigate, and remediate security threats and attacks on endpoints across the enterprise. The following sections provide useful information and links to the resources available for the solution.
Middleware Application Patching
BigFix Remediate
BigFix MCM

Migrating Keystores

Follow these steps to migrate keystores in BigFix Compliance Analytics. A keystore is a database file that stores security certificates, such as authorization or public key certificates.

About this task

The BigFix Compliance Analytics installer will save the following files for your reference under <BFC_ROOT>\wlp\usr\servers \server1\resources\security\.

Under <BFC_ROOT>\wlp\usr\servers \server1\resources\security\, a copy of your original keystore file
Under <BFC_ROOT>\wlp\usr\servers \server1\config\
- A copy of your original jetty.xml file
- The keystore password in deobfuscated_password file

Migrating keystores require the following:

Java Runtime Environment (installed in <BFC_ROOT>\jre\bin\
The original keystore file
The deobfuscated_password file
Command prompt (Windows) with appropriate PATH set

Procedure

Convert the keystore from JKS to PKCS12 format.

Table 1. Example command line of converting the keystore format from JKS to PKCS12
Command line example	Reference
	Input file: `keystore` Output file: `keystore.p12` <password_string>: The password string saved in the deobfuscated_password file `key_pass`: The new password of your choice for `keystore.p12`. The password must be a minimum of 6 characters.

Convert the PKCS12 format keystore into PEM format certificate and key using OpenSSL.

Table 2. Example command line of converting the keystore format from PKCS12 to PEM
Command line example	Reference
`> openssl pkcs12 -in keystore.p12 -out keystore.pem`	Input file: `keystore.p12` Output file: `keystore.pem`

You will be prompted to enter the following passwords:

Password (Import password) for keystore.p12
New password of your choice for the private key. The password must be a minimum of 4 characters.

Open the PEM encoded certificate and key (keystore.pem). Save it as certificate and a private key file.
1. The file keystore.pem contains both the certificate and private key in sections.
2. Copy then save the following section server.crt.
  -----BEGIN CERTIFICATE-----
  ...
  -----END CERTIFICATE-----
3. Copy then save the following section as server.key.
  -----BEGIN RSA PRIVATE KEY-----
  ...
  -----END RSA PRIVATE KEY-----
Go to Management > Server Settings.
Apply the following in BigFix Compliance Analytics.
- certificate (server.crt)
- key pair (server.key)
- password (PEM pass phrase entered in Step 2.)