Welcome
Configuring
After you install BigFix Inventory, configure the application. Create accounts for the users who need access to the application and set up scans to collect software and hardware inventory data from your environment.
Setting up scans to discover software and hardware inventory
The scanner is an independent, well-defined component that is used by BigFix Inventory. It is installed and managed through the BigFix client, and it enables the software and capacity scans. Software and capacity scans collect data that is later on displayed on the BigFix Inventory reports. For environments with up to a few thousand computers, you can enable the default scan configuration. In this case, the analyses are activated and software and capacity scans as well as uploads of their results are scheduled automatically on the computers that are subscribed to the BigFix Inventory site. For larger environments, it is advisable to divide the computers into groups and manually configure a separate scan schedule for each group to avoid performance issues.
Advanced scan configuration
After you successfully schedule software and capacity scans and the scan data is displayed on the BigFix Inventory reports, you can further customize the scans. For example, you can exclude directories from software scans or scan remote shared file systems.
Discovering software in Docker containers
Available from 9.2.5. Docker and Podman are platforms that allow automating the deployment of applications inside software containers. BigFix Inventory BigFix Inventory discovers software that is installed inside Docker containers. It also measures license metric utilization of the discovered BigFix products.
Disabling scans on Docker containers
Available from 9.2.5. By default, BigFix Inventory scans all Docker containers that are deployed on computers where the BigFix client is installed. If you do not want to scan the containers but still want to monitor the host computer, change the value of the DOCKER_SCAN parameter on the host computer.

BigFix Documentation Homepage
BigFix 11 Inventory Documentation
Welcome to the BigFix Inventory documentation, where you can find information about how to install and configure BigFix Inventory. The application provides you with information about your inventory and license metrics. You can manage your software assets, gather information about your hardware, and ensure license compliance for your enterprise using BigFix Inventory.
BigFix Platform
Overview
Become familiar with key concepts that are necessary to understand how BigFix Inventory works and learn about features and functions that are introduced in every version of the application.
Installing
Learn about the requirements and available installation scenarios to ensure that the deployment of BigFix Inventory goes smoothly in your environment.
Configuring
After you install BigFix Inventory, configure the application. Create accounts for the users who need access to the application and set up scans to collect software and hardware inventory data from your environment.
- Creating users and groups
  Each user who has access to BigFix Inventory must be assigned a role and a computer group. The role defines which reports and panels the user can view. The computer group narrows down the scope of these reports and panels to computers that meet certain criteria.
- Setting up scans to discover software and hardware inventory
  The scanner is an independent, well-defined component that is used by BigFix Inventory. It is installed and managed through the BigFix client, and it enables the software and capacity scans. Software and capacity scans collect data that is later on displayed on the BigFix Inventory reports. For environments with up to a few thousand computers, you can enable the default scan configuration. In this case, the analyses are activated and software and capacity scans as well as uploads of their results are scheduled automatically on the computers that are subscribed to the BigFix Inventory site. For larger environments, it is advisable to divide the computers into groups and manually configure a separate scan schedule for each group to avoid performance issues.
  - Frequency of scans and uploads of data
    By default, software and capacity scans are scheduled with a frequency that meets auditing requirements. If you want to change the default frequency, ensure that the new setup fulfills the minimal requirements and all considerations.
  - Default scan configuration
    Default scan configuration is advised for environments with up to a few thousand computers. It ensures that the required analyses are activated and software and capacity scans as well as uploads of their results are scheduled automatically. These actions are necessary to collect data from the computers in your infrastructure and to display it on the BigFix Inventory reports. You can enable the default scan configuration during the configuration of BigFix Inventory connections to the databases or when adding another data source.
  - Manual scan configuration
    Manual scan configuration is advised for environments with more than a few thousand computers. It requires that analyses are activated and software and capacity scans as well as uploads of their results are scheduled manually after the installation. These actions are necessary to collect data from the computers in your infrastructure and display in on the BigFix Inventory reports. Flexibility of the manual scan configuration allows for avoiding performance issues that might occur when you scan too many computers at the same time.
  - Advanced scan configuration
    After you successfully schedule software and capacity scans and the scan data is displayed on the BigFix Inventory reports, you can further customize the scans. For example, you can exclude directories from software scans or scan remote shared file systems.
    - Detailed hardware scan
      Available from 9.2.12. Detailed hardware scan collects hardware information related to memory, operating systems, storage, processors, partitions, network adapters, SMBIOS data, IP addresses and logical partition capacity data. The solution is supported on Windows, Linux x86-64 and x86-32, and AIX. It can be run also on other operating systems but the results might not be accurate.
    - Discovering software on shared disks
      BigFix Inventory allows you to scan the shared disk on designed endpoint and use the information across all of endpoints. The solution is fully-automated.
    - Discovering software in Docker containers
      Available from 9.2.5. Docker and Podman are platforms that allow automating the deployment of applications inside software containers. BigFix Inventory BigFix Inventory discovers software that is installed inside Docker containers. It also measures license metric utilization of the discovered BigFix products.
      - Configuring scans on Docker containers
        Available from 9.2.5. Discovery of software that is installed in Docker or Podman containers is enabled by default. In some environments, you might need to perform additional steps to specify a non-default installation path, or to exclude directories from scanning.
      - Disabling scans on Docker containers
        Available from 9.2.5. By default, BigFix Inventory scans all Docker containers that are deployed on computers where the BigFix client is installed. If you do not want to scan the containers but still want to monitor the host computer, change the value of the DOCKER_SCAN parameter on the host computer.
    - Excluding directories from being scanned
      Excluding some directories from scanning is useful if the directories are large and contain no information that is important to the software inventory. By excluding them, you can speed up the scanning process. Some directories are excluded from software scans by default. They must remain excluded to ensure accuracy of data. You can add or remove other directories from the list by using tasks in the BigFix console. You can also manually add them to the scanner files on particular endpoints.
    - Discovering software and hardware with disconnected scanner on Windows and UNIX
      Available from 9.2.7. You can discover software and hardware inventory by using disconnected scans that do not require direct connection between the scanned computers and the BigFix server. Scripts that are provided in the disconnected scanner package initiate software and capacity scans, and prepare scan results that you later on upload to BigFix Inventory.
    - Scheduling imports of data
      BigFix clients report data to the BigFix server that stores the data in its file system or database. BigFix Inventory server connects to the BigFix server and its database, downloads the stored data, and processes it. This process is called an import or Extract, Transform, Load (ETL). By default, the import runs once a day at midnight. You can schedule it for a period that is most suitable for your environment considering its size and specification.
    - Creating capacity configuration for Linux on z Systems
      To properly calculate subcapacity values for products that are installed on Linux on z Systems, create capacity configuration for such computers. First, run a fixlet that creates a file with manually entered capacity values and places it on the target computer. Then, run regular software and capacity scans to discover the installed software and calculate its license metric utilization.
    - Setting the DSD mode on Solaris
      If a computer runs the Solaris operating system and is in the DSD domain, set the DSD mode to ensure that metric utilization is correctly calculated for software that is installed on this computer. If you do not set the DSD mode, Solaris machines in DSD might not be properly identified and metric utilization might be underestimated.
    - Advanced Scanner Configuration Option
    - Optimizing scanner cache configuration
      The scanner cache folder is used to store information about scanned files and directories in your file system. By knowing the hierarchy of files, the scanner can locate them quicker, which results in shorter scans. The amount of disk space that is needed for the cache depends on the number of files that are being scanned. If the current location of the cache folder cannot ensure sufficient disk space, you can change the location of the cache folder or optimize the cache.
    - Deprecated: Setting up additional analysis properties
      Analysis properties are used to recognize software and gather information about its usage. Analysis properties are set by default in BigFix Inventory. You can also set up your own properties that you want to use to gather information from the endpoints.
    - Disabling the collection of software usage
      Information about software usage is collected if you enabled the default scan configuration or manually activated the Application Usage Statistics analysis and ran the relevant scan. If you are in the initial deployment phase, or if you do not need information about software usage, you can disable the collection of this information to improve BigFix Inventory performance and shorten the import time.
  - Discovering software and hardware on IBM i
    Available from 9.2.5. You can discover software and hardware inventory on IBM i systems by using disconnected scans that do not require direct connection between the scanned computers and BigFix server. Scripts that are provided in the disconnected scanner package initiate software and capacity scans, and prepare scan results that you later on upload to BigFix Inventory.
- Performing optional configuration
  You can perform optional configuration tasks to further customize the application.
- Classifying the BigFix client used by multiple BigFix products
Upgrading
A new version of BigFix Inventory is released periodically, typically at the end of each calendar quarter. Upgrade to the new version regularly to take full advantage of new features and application fixes.
Catalog Overview
This section provides information about catalog updates available with every release.
Managing the infrastructure
After you complete the initial configuration of BigFix Inventory, learn how to manage components of its infrastructure: VM managers, server, database, and data sources.
Software inventory and license utilization
You can classify the discovered software so that reports in BigFix Inventory reflect your entitlements and properly show utilization of license metrics by particular products.
Managing security threats
Learn how to use BigFix Inventory to manage security threats in your environment. You can view whether any of the installed components is prone to any Common Vulnerability and Exposure (CVE).
Tutorials
Tutorials help you understand how to use BigFix Inventory. They consist of modules that focus on broad goals. Modules consist of tasks that show how to configure specific settings step-by-step.
Security
Configure different security features to adequately protect business assets and resources in the data model when using BigFix Inventory.
Troubleshooting and support
Learn about solutions to common problems that might arise when you use BigFix Inventory BigFix Inventory and how to find logs and trace files that help you troubleshoot those problems.
Tuning performance
Learn how to plan the infrastructure of BigFix Inventory and to configure the application server to achieve optimal performance. The following guidelines are applicable in big data environments as well as in smaller environments that are running on low-performance hardware.
Integrating with REST API
External systems integration is one of the key features of BigFix Inventory. Business logic is enabled for integration and interfaces are provided for common integration points.
Glossary
Guide in PDF format
DataFlow ServiceNow Integration

Disabling scans on Docker containers

Available from 9.2.5. By default, BigFix Inventory scans all Docker containers that are deployed on computers where the BigFix client is installed. If you do not want to scan the containers but still want to monitor the host computer, change the value of the DOCKER_SCAN parameter on the host computer.

About this task

You can disable software discovery on all containers that are deployed on a host computer. You cannot disable it on a subset of containers only.

Procedure

Log in to the BigFix console, and click Computers.
Select the host computer on which Docker containers are deployed, and click Edit Settings.
Click Add. Specify DOCKER_SCAN as the setting name, and false as the setting value. Then, click OK.

Results

Docker containers are no longer scanned. Scan results remain in the <BES Client>/LMT/CIT/docker/containers directory on the host computer but the directory itself is added to the list of excluded directories. Thus, the results are not transferred to BigFix Inventory.

Important: The Docker file system directory /var/lib/docker might contain copies of software ID tags. When the Docker scan is enabled, the directory is excluded from scanning to avoid duplicated software discovery. When you disable the Docker scan, the directory is included back into regular scans.

If you want to re-enable the scans of Docker containers, change the value of the DOCKER_SCAN parameter to true.