Configuration Instructions

Beginning with Rome, the out of the box MID Server security policy checks for certificates for communicating with mid server. For more information on MID Server certificate check policies, refer to ServiceNow documentation.

About this task

Customers see certificate errors while using the Service Graph Connector for HCL BigFix if BigFix Inventory does not use valid certificates that are trusted by the MID Server. To avoid these issues, leverage trusted certificates with BigFix Inventory (Configuring secure communication), or disable the checks within ServiceNow by setting the flags to be false for the Internet/Intranet depending on how the MID server communicates with the instance.

You may need to update Application Access Permissions to the CMDB tables to enable the Service Graph Connector for BigFix to remove software records from CMDB that no longer exist on endpoints. For details and reference, refer to ServiceNow Table design and runtime settings.

Follow steps through ‘Service Graph Connector for BigFix’ guided setup for setting up the application.

  1. Configure the API:
    1. Login to the BigFix Inventory user interface.
    2. In the Header, on the righ-hand side, click Profile:
    3. Click on Show Token.
    4. Copy the token and place it in the API Key of ServiceNow setup.
    5. Click Update.
    6. Go back to the setup page and mark the action as complete.
  2. Configure https connection:
    1. In the Host Section, provide IP/Domain name of the BigFix Inventory server
    2. Click on Mid server for your integration and select the appropriate field as shown:

      Make sure to have ‘Capabilities’ selected and MID Application as ‘ALL’
      1. Click Update
      2. Back to Setup Page-Mark as complete
  3. Test connection:
    1. Click Configure
    2. Click Test Load 20 Records
  4. Adding Discovery Source:
    1. In the left navigator-Fix Scripts
    2. In the Fix Script list, look for Register BigFix Discovery Source
    3. Open that record and click “Run Fix Script”
  5. Confirming Test Connection:
    1. Go to Flow Designer
    2. Under Actions: Look for Actions under Application ‘Service Graph Connector for HCL BigFix’:

    3. Open Any action Action. For e.g.: ‘List hardware Inventory Details’
    4. Click on ‘test’ button:

    5. Select the Connection Alias and click on “Run Test”:

      Run test and see if the data is being populated. If yes, connections are good and we are good to move with next steps.

    6. Selecting the flags for ‘Criteria’ shown above:
      We have below system properties:
      • x_hclte_sg_bigfix.include_aix_computers – false [by default]- exclude AIX computers from graph connector integration. Can be flipped to ‘true’ from sys_properties table.
      • x_hclte_sg_bigfix.include_computers_with_no_bios_serial_number - true [by default] - Include computers with no bios number
      • x_hclte_sg_bigfix.include_macos_computers - false [by default] - exclude macos computers from graph connector integration as currently we don’t have a way to pull serial number from Inventory
      Note: The properties can be changed as per customer’s requirements.