Glossary

A

action

See Fixlet.
A set of Action Script commands that perform an operation or administrative task, such as installing a patch or rebooting a device.

Action Script

Language used to perform an action on an endpoint.

agent

See BigFix agent.

Air-gapped Environments

Organizations with restricted internet access that require an internal patch source.

ambiguous software

Software that has an executable file that looks like another executable file, or that exists in more than one place in a catalog (Microsoft Word as a standalone product or bundled with Microsoft Office).

audit patch

A patch used to detect conditions that cannot be remediated and require the attention of an administrator. Audit patches contain no actions and cannot be deployed.

automatic computer group

A computer group for which membership is determined at run time by comparing the properties of a given device against the criteria set for group membership. The set of devices in an automatic group is dynamic, meaning that the group can and does change. See also computer group.

automatic update

Automatically download and install updates without manual intervention, ensuring continuous maintenance, and security enhancement.

B

baseline: A collection of actions that are deployed together. A baseline is typically used to simplify a deployment or to control the order in which a set of actions are applied. See also deployment group.
BigFix agent: The BigFix code on an endpoint that enables management and monitoring by BigFix.
BigFix client: See BigFix agent.
BigFix console: The primary BigFix administrative interface. The console provides a full set of capabilities to BigFix administrators.
BigFix Patch Management for Linux: A module that supports custom repositories for patching Linux endpoints.
BOS: In BigFix Patch, Base Operating System (BOS) updates ensure that critical security, stability, and performance patches are applied to the core OS components of various platforms, including Windows, Linux, UNIX, and macOS.
BYOD: Bring Your Own Device (BYOD) refers to employees using personal devices to connect to their organizational networks and access work-related systems and potentially sensitive or confidential data.

C

Click-to-Run: Click-to-Run is a streaming and virtualization Microsoft technology that install and update Microsoft products, including Office 365 and Office 2016.
client: A software program or computer that requests services from a server. See also server.
client time: The local time on a BigFix client device.
client (endpoint): A device (workstation, server, or other managed asset) running the BigFix agent that receives and processes patches and configurations.
Cloud: A set of compute and storage instances or services that are running in containers or on virtual machines.
Common Vulnerabilities and Exposures Identification Number (CVE ID): A number that identifies a specific entry in the National Vulnerability Database. A vendor's patch document often includes the CVE ID, when it is available. See also National Vulnerability Database.
Common Vulnerabilities and Exposures system (CVE): A reference of officially known network vulnerabilities, which is part of the National Vulnerabilities Database (NVD), maintained by the US National Institute of Standards and Technology (NIST).
component: An individual action within a deployment that has more than one action. See also deployment group.
computer group: A group of related computers. An administrator can create computer groups to organize systems into meaningful categories, and to facilitate deployment of content to multiple computers. See also automatic computer group and manual computer group.
console: See BigFix console.
content: Digitally-signed files that contain data, rules, queries, criteria, and other instructions, packaged for deployment across a network. BigFix agents use the detection criteria (Relevance statements) and action instructions (Action Script statements) in content to detect vulnerabilities and enforce network policies.
content relevance: A determination of whether a patch or piece of software is eligible for deployment to one or more devices. See also device relevance.
content site: A repository of Fixlets, Tasks, and Analyses categorized for different functionalities (e.g., Patches for Windows, Patches for RHEL).
Coordinated Universal Time (UTC): The international standard of time that is kept by atomic clocks around the world.
corrupt patch: A patch that flags an operator when corrections made by an earlier patch have been changed or compromised. This situation can occur when an earlier service pack or application overwrites later files, which results in patched files that are not current. The corrupt patch flags the situation and can be used to re-apply the later patch.
custom content: BigFix code that is created by a customer for use on their own network, for example, a custom patch or baseline.
Custom Repository Setting: This allow organizations to configure and use their own internal software repositories instead of relying on external vendor repositories for patching.
CVE: See Common Vulnerabilities and Exposures system.
CVE ID: See Common Vulnerabilities and Exposures Identification Number.

D

data stream: A string of information that serves as a source of package data.
default action: The action designated to run when a Fixlet is deployed. When no default action is defined, the operator is prompted to choose between several actions or to make an informed decision about a single action.
definitive package: A string of data that serves as the primary method for identifying the presence of software on a computer.
deploy: To dispatch content to one or more endpoints for execution to accomplish an operation or task, for example, to install software or update a patch.
deployment: Information about content that is dispatched to one or more endpoints, a specific instance of dispatched content.
deployment group: The collection of actions created when an operator selects more than one action for a deployment, or a baseline is deployed. See also baseline, component, deployment window, and multiple action group.
deployment state: The eligibility of a deployment to run on endpoints. The state includes parameters that the operator sets, such as 'Start at 1AM, end at 3AM.'
deployment status: Cumulative results of all targeted devices, expressed as a percentage of deployment success.
deployment type: An indication of whether a deployment involved one action or multiple actions.
deployment window: The period during which a deployment's actions are eligible to run. For example, if a Fixlet has a deployment window of 3 days and an eligible device that has been offline reports in to BigFix within the 3-day window, it gets the Fixlet. If the device comes back online after the 3-day window expires, it does not get the Fixlet. See also deployment group.
device: An endpoint, for example, a laptop, desktop, server, or virtual machine that BigFix manages; an endpoint running the BigFix Agent.
device holder: The person using a BigFix-managed computer.
device property: Information about a device collected by BigFix, including details about its hardware, operating system, network status, settings, and BigFix client. Custom properties can also be assigned to a device.
device relevance: A determination of whether a piece of BigFix content applies to applies to a device, for example, where a patch should be applied, software installed, or a baseline run. See also content relevance.
device result: The state of a deployment, including the result, on a particular endpoint.
Disaster Server Architecture (DSA): An architecture that links multiple servers to provide full redundancy in case of failure.
Download Cache: The Download Cache stores previously downloaded patches locally to reduce bandwidth usage and speed up deployments.
Download Plugin: A Download Plugin is a BigFix component that handles downloading patches from external sources that require authentication, licensing, or custom access.
DSA: See Disaster Server Architecture.
dynamically targeted: Pertaining to using a computer group to target a deployment.

E

endpoint: A networked device running the BigFix agent.

F

filter: To reduce a list of items to those that share specific attributes.
Fixlet: A piece of BigFix content that contains Relevance and Action Script statements bundled together to perform an operation or task. Fixlets are the basic building blocks of BigFix content. A Fixlet provides instructions to the BigFix agent to perform a network management or reporting action.
Fixlet Fields: Fixlet fields provide essential information about Fixlets, helping them assess the importance, relevance, and impact of deploying a particular Fixlet to their systems.
Full Disk Encryption: To reduce a list of items to those that share specific attributes.

G

GPG Key: A security key used to verify the authenticity of downloaded packages from the repository.
group: A collection of endpoints defined by criteria (manual or automatic) to simplify deployment and reporting.
group deployment: A type of deployment in which multiple actions were deployed to one or more devices.

H

Hybrid cloud: The utilization of distinct sets of cloud services (typically public and private) with integration and/or orchestration across them.

I

Interim Fixes: Released by software vendors to address critical security vulnerabilities, functional bugs, or stability issues before the next full update.

L

locked: An endpoint state that prevents most of the BigFix actions from running until the device is unlocked.

M

MAG: See multiple action group.
management rights: The limitation of console operators to a specified group of computers. Only a site administrator or a master operator can assign management rights.
manual computer group: A computer group for which membership is determined through selection by an operator. The set of devices in a manual group is static, meaning they do not change. See also computer group.
master operator: A console operator with administrative rights. A master operator can do everything that a site administrator can do, except creating operators.
masthead: A collection of files that contain the parameters of the BigFix process, including URLs to Fixlet content. The BigFix agent brings content into the enterprise based on subscribed mastheads.
mirror server: A BigFix server required if the enterprise does not allow direct web access but instead uses a proxy server that requires password-level authentication.
Multicloud: The utilization of distinct sets of cloud services, typically from multiple vendors, where specific applications are confined to a single cloud instance.
multiple action group (MAG): A BigFix object that is created when multiple actions are deployed together, as in a baseline. A MAG contains multiple Fixlets or tasks. See also deployment group.
Multiple-Package Baseline: A Multiple-Package Baseline in BigFix Patch is a grouping of multiple patches, software updates, or package installations into a single deployment reducing overhead and deployment time.

N

National Vulnerability Database (NVD): A catalog of officially known information security vulnerabilities and exposures, which is maintained by the National Institute of Standards and Technology (NIST). See also Common Vulnerabilities and Exposures Identification Number.
NVD: See National Vulnerability Database.

O

offer: A deployment option that allows a device holder to accept or decline a BigFix action and to exercise some control over when it runs. For example, a device holder can decide whether to install a software application, and whether to run the installation at night or during the day.
open-ended deployment: A deployment with no end or expiration date; one that runs continuously, checking whether the computers on a network comply.
operator: A person who uses the BigFix WebUI, or portions of the BigFix console.

P

patch: A piece of code added to vendor software to fix a problem, as an immediate solution that is provided to users between two releases.
patch category: A description of a patch's type and general area of operation, for example, a bug fix or a service pack.
Patch client setting: This refers to the configurations and preferences established within the Windows operating system for managing and applying software patches, updates, and fixes.
patching cycle: The periodic process of identifying, approving, testing, and deploying patches to maintain endpoint security and compliance.
Patch Deployment Wizard: A tool in BigFix used to streamline the process of deploying patches to multiple endpoints.
patch policy: A set of rules and schedules for automating patch deployments across endpoints.
patch severity: The level of risk imposed by a network threat or vulnerability and, by extension, the importance of applying its patch.

R

relay: A client that is running special server software. Relays spare the server and the network by minimizing direct server-client downloads and by compressing upstream data.
Relevance: BigFix query language that is used to determine the applicability of a piece of content to a specified endpoint. Relevance asks yes or no questions and evaluates the results. The result of a Relevance query determines whether an action can or should be applied. Relevance is paired with Action Script in Fixlets.
Report: A summary of patching status, compliance levels, and system health generated by BigFix Web Reports or Console.
Repository URL: Specifies the URL to access the repository.
RPM Package: A file with a .rpm extension containing binaries, libraries, and metadata for software installation or updates.

S

server: A software program or a computer that provides services to other software programs or other computers. See also client.
signing password: A password that is used by a console operator to sign an action for deployment.
single deployment: A type of deployment where a single action was deployed to one or more devices.
site: A collection of BigFix content. A site organizes similar content together.
site administrator: The person who is in charge of installing BigFix and authorizing and creating new console operators.
site subscription: The process of assigning endpoints to specific content sites to receive relevant Fixlets and Tasks.
software package: A collection of Fixlets that install a software product on a device. Software packages are uploaded to BigFix by an operator for distribution. A BigFix software package includes the installation files, Fixlets to install the files, and information about the package (metadata).
SQL Server: A full-scale database engine from Microsoft that can be acquired and installed into the BigFix system to satisfy more than the basic reporting and data storage needs.
standard deployment: A deployment of BigFix that applies to workgroups and to enterprises with a single administrative domain. It is intended for a setting in which all Client computers have direct access to a single internal server.
statistically targeted: Pertaining to the method used to target a deployment to a device or piece of content. Statically targeted devices are selected manually by an operator.
superseded patch: A type of patch that notifies an operator when an earlier version of a patch has been replaced by a later version. This occurs when a later patch updates the same files as an earlier one. Superseded patches flag vulnerabilities that can be remediated by a later patch. A superseded patch cannot be deployed.
Supersedence: Supersedence is a property of Fixlets used in BigFix that provides multiple packages.
system power state: A definition of the overall power consumption of a system. BigFix Power Management tracks four main power states Active, Idle, Standby or Hibernation, and Power Off.

T

target: To match content with devices in a deployment, either by selecting the content for deployment, or selecting the devices to receive content.
targeting: The method used to specify the endpoints in a deployment.
task: A type of Fixlet designed for re-use, for example, to perform an ongoing maintenance task.

U

UTC: See Coordinated Universal Time.

V

virtual private network (VPN): An extension of a company intranet over the existing framework of either a public or private network. A VPN ensures that the data that is sent between the two endpoints of its connection remains secure.
VPN: See virtual private network.
vulnerability: A security exposure in an operating system, system software, or application software component.

W

Wake-from-Standby: A mode that allows an application to turn a computer on from standby mode during predefined times, without the need for Wake on LAN.
Wake on LAN: A technology that enables a user to remotely turn on systems for off-hours maintenance. A result of the Intel-IBM Advanced Manageability Alliance and part of the Wired for Management Baseline Specification, users of this technology can remotely turn on a server and control it across the network, thus saving time on automated software installations, upgrades, disk backups, and virus scans.
WAN: See wide area network.
Web Reports: A reporting module in BigFix that provides detailed insights on patch compliance, actions, and overall endpoint health.
wide area network (WAN): A network that provides communication services among devices in a geographic area larger than that served by a local area network (LAN) or a metropolitan area network (MAN).
Wizard: A guided interface in BigFix that simplifies complex tasks like patch deployment, automation, and policy creation.

Y

Yum repository: A structured directory storing RPM packages and metadata, often used in RHEL, CentOS, and SUSE environments.
Yum transactions: In BigFix Patch, YUM transactions play a critical role in managing updates and ensuring system consistency by deploying patches through Fixlets and Baselines.