Welcome
CISA Known Exploited Vulnerabilities (KEV): Overview
The Known Exploited Vulnerabilities (KEV) Content Pack is available as an add-on for BigFix. It is a collection of BigFix Fixlets that is derived from extensive research of the CISA KEV catalog, NVD, and Vendor Advisories. This KEV Content Pack provides BigFix operators with the ability to quickly identify endpoints with vulnerabilities that are high-risk and time-sensitive given that they are known to have been exploited or are actively being exploited.
Migration from old KEV site to new KEV site
This section provides instructions on migrating from old Known Exploited Vulnerabilities (KEV) Content Pack to new Known Exploited Vulnerabilities (KEV) Content Pack by removing the older scanner binary, disabling the legacy KEV content, and enabling the new KEV content packs.

BigFix Documentation Homepage
BigFix AEX
Welcome to the BigFix AEX (Advanced Endpoint Management) documentation.
Runbook AI (Add-on)
The Runbook AI (Add-on) is designed for both BigFix Runbook AI administrators and end users who are working towards the resolution of IT support tickets. Its primary purpose is to help BigFix administrators to easily monitor the health of their servers and initiate well-informed recovery actions with specialized Runbooks AI.
CISA Known Exploited Vulnerabilities (KEV): Overview
The Known Exploited Vulnerabilities (KEV) Content Pack is available as an add-on for BigFix. It is a collection of BigFix Fixlets that is derived from extensive research of the CISA KEV catalog, NVD, and Vendor Advisories. This KEV Content Pack provides BigFix operators with the ability to quickly identify endpoints with vulnerabilities that are high-risk and time-sensitive given that they are known to have been exploited or are actively being exploited.
- Migration from old KEV site to new KEV site
  This section provides instructions on migrating from old Known Exploited Vulnerabilities (KEV) Content Pack to new Known Exploited Vulnerabilities (KEV) Content Pack by removing the older scanner binary, disabling the legacy KEV content, and enabling the new KEV content packs.
- Enable BigFix KEV Content Pack Site
  Learn how to enable the Known Exploited Vulnerabilities (KEV) Content Packs and subscribe computers to the site.
- KEV Scanner Policy Action Management
  BigFix provides four utility tasks to facilitate the deployment, execution, and configuration of the Known Exploited Vulnerabilities (KEV) Scanner. The KEV Scanner is necessary to identify certain CVEs (for more details on which CVEs require the KEV Scanner, refer to BigFix Wiki at BigFix Known Exploited Vulnerabilities (KEV) Content Pack).
Payment Card Industry (PCI) Add-on User Guide
The BigFix PCI DSS Add-On is a premium component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
RHEL ESU Add-On User's Guide
BigFix content supporting Red Hat's Extended Update Support (EUS) and Extended LifeCycle Support (ELS) patching program is available as an add-on to the BigFix Patch, BigFix Lifecycle, and BigFix Compliance products.
Service Graph Connector Integration
The Service Graph Connector is available as an add-on for integrating BigFix Inventory with your CMDB. The connector is designed to support common use cases and requires additional customizations to meet your specific business process requirements. Successful implementation of the connector requires thorough assessment and due diligence, and could involve modifications to input fields or the implementation of specialized reconciliation processes to align with your internal workflows.
Windows ESU Patch Add-On User's Guide
BigFix content supporting the Extended Support Updates (ESU) patching program from Microsoft® is available as an add-on to BigFix Patch, BigFix Lifecycle and BigFix Compliance.
BigFix Patch Workbench Add-On
This topic provides an overview of BigFix Patch Workbench, an automated solution that streamlines patch deployment, reduces tool fragmentation, integrates with ServiceNow, and enhances compliance and productivity across ITSM processes.
Add-ons guides in PDF format
Below is a comprehensive list of links to the Add-ons user guides available in PDF format, designed to assist users in navigating and utilizing the software effectively:

Migration from old KEV site to new KEV site

This section provides instructions on migrating from old Known Exploited Vulnerabilities (KEV) Content Pack to new Known Exploited Vulnerabilities (KEV) Content Pack by removing the older scanner binary, disabling the legacy KEV content, and enabling the new KEV content packs.

Follow the steps below to migrate from the old KEV Content Pack to new KEV Content Pack:

Run the Task 110: Remove older version of scanner binary. After completion of this step, KEV Content Pack will be removed from all the endpoints.
Disable the legacy Known Exploited Vulnerabilities Content Pack.
Enable the following new KEV content sites:
- BigFix Scanner
- Known Exploited Vulnerabilities Content Pack for Windows
- Known Exploited Vulnerabilities Content Pack for NIX
- Known Exploited Vulnerabilities Content Pack for MacOS
- Known Exploited Vulnerabilities Content Pack for Mobile
Run the Task 103: Install or upgrade Scanner from the BigFix Scanner site. This deploys the latest unified scanner binary to all relevant endpoints.
Run the Task 130: Execute KEV Scanner for both Windows and NIX Known Exploited Vulnerabilities sites to trigger the scan on your corresponding endpoints.