Welcome
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
BigFix Compliance Analytics User Guide
BigFix Compliance Analytics is a component of BigFix Compliance, that includes technical controls and tools that are based on industry practices and standards for endpoint and server security configuration.
Patch Domain
Learn more about patch domain that share a common patching context. The concept is intergral to organize and manage the patching activities across the diverse environments.
ESXi Device Enrollment
Learn how to add VMware ESXi hosts to BigFix Compliance using vSphere and plugin-based discovery.

BigFix Documentation Homepage
BigFix 10 Compliance Documentation
Welcome to the BigFix Compliance documentation, where you can find information about how to install, maintain, and use BigFix Compliance.
BigFix Platform
BigFix Query
Compliance Overview
BigFix Compliance helps support endpoint security throughout your organization.
Compliance Guides in PDF format
Following is a list of links to the BigFix Compliance user guides in PDF format:
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
- BigFix Compliance Analytics Setup Guide
- BigFix Compliance Analytics User Guide
  BigFix Compliance Analytics is a component of BigFix Compliance, that includes technical controls and tools that are based on industry practices and standards for endpoint and server security configuration.
  - Introduction
  - General Usage Concepts
  - Management Tasks
    The following management tasks can be performed if you have appropriate permissions.
  - Security Configuration Reporting
  - Patch Domain
    Learn more about patch domain that share a common patching context. The concept is intergral to organize and manage the patching activities across the diverse environments.
    - Overview Report
    - Custom Patch Sites
    - EnableSupersededEval
    - View enrolled Android Devices in SCA
      Learn how to view and filter the Android devices that are enrolled through BigFix MDM in Security and Compliance Analytics (SCA). This guide explains where the Android devices appear in the SCA reports and provides step-by-step instructions for filtering patch data specific to the Android devices.
    - ESXi Device Enrollment
      Learn how to add VMware ESXi hosts to BigFix Compliance using vSphere and plugin-based discovery.
    - Patches Report
    - Computers Report
    - Computer Groups Report
    - Unsupported Computers Report
  - Vulnerability Domain
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Client Manager for Endpoint Protection
BigFix Compliance CMEP is an effective tool to monitor the deployment and health status of various Endpoint Protection products and provide quick remediation actions to recover needed endpoint protection.
BigFix Client Compliance
This guide describes the BigFix Client Compliance and its solutions (BigFix Client Compliance Configuration and BigFix Client Compliance Windows (IPSec Framework)) which helps in maintaining the compliance status of the computers.
BigFix and Carbon Black integration
The HCL BigFix and Carbon Black integration allows administrators to deploy a full endpoint security solution to detect, contain, investigate, and remediate security threats and attacks on endpoints across the enterprise. The following sections provide useful information and links to the resources available for the solution.
Middleware Application Patching
Middleware patching is an important process for organizations to ensure their systems are secure and up to date. By applying the appropriate patches and security updates, organizations can minimize the risk of malicious attacks and potential data loss. BigFix users can enjoy unified patch management by using a single platform for deploying database and middleware patches.
BigFix Remediate
BigFix MCM
Glossary
This glossary provides terms and definitions for the BigFix® Compliance software and products.

ESXi Device Enrollment

Learn how to add VMware ESXi hosts to BigFix Compliance using vSphere and plugin-based discovery.

Before you begin

As per platform requirements, complete the following setup from the BES Support site:

Install the BigFix Plugin Portal. This acts as the communication and execution bridge between BigFix and VMware vSphere/ESXi. The communication flow is as follows: BigFix Console > BigFix Server > Plugin Portal > vCenter / ESXi Host (VMware APIs). For more information, refer to The Plugin Portal.
Install the BigFix Plugin for VMware Discovery. This reports ESXi devices to the BigFix root server.
Important: The user account used to install the VMware Plugin must have Read-only access at the vCenter level to retrieve information about ESXi hosts in the data center.
For installation details, refer to Installing the VMware plug-in.
Run the Fixlet 5629 - VMware Plugin: Manage Hosts Discovery and provide the Action Parameter 1 to enable reporting of ESXi hosts. For details, refer to VMware Asset Discovery Plugin Inspectors.

About this task

This task describes how to import and view VMware ESXi hosts and their associated patches within Security and Compliance Analytics (SCA).

Import and Enable Analyses

Procedure

Navigate to the SCM Reporting Site. Open the BigFix Console > Sites > External Sites > SCM Reporting.
Within the SCM Reporting site, locate the Analyses section and find Device IDs of ESXi Hosts. Right-click the Analyses and select Activate.

Figure 1. Enable Analyses
Once the enrollment is complete, SCA begins importing the ESXi hosts automatically.

Validate and View ESXi Devices

Procedure

Log in to the SCA application and navigate to the Computers section to confirm that the ESXi hosts are listed.

Figure 2. Patch View
Navigate to the Patch section and click See More Patches to display all available patches.

Figure 3. See More Patches
In the Patch view, use the Site Name filter and set the filter condition to Patches for ESXi filter to show only the available patches specific to ESXi devices.

Figure 4. Filter Site Name

Results

The system displays all available patches that are relevant to enrolled ESXi devices, ready for compliance reporting.