Welcome
BigFix SaaS User Guide
This guide is for the regular users of BigFix SaaS.
CyberFOCUS
CyberFOCUS is a threat intelligence and remediation feature within BigFix SaaS Remediate that provides visibility into CISA KEV (Known Exploited Vulnerabilities) and MITRE ATT&CK reports. It enables users to assess their security posture and take proactive remediation actions based on real-world threat intelligence.
CyberFOCUS remediation flow
The CyberFocus Remediation Flow streamlines the process of identifying and addressing security vulnerabilities (CVEs) efficiently.

BigFix Documentation Homepage
BigFix SaaS Documentation
Welcome to BigFix SaaS, your comprehensive solution for cloud-based endpoint management. BigFix SaaS combines the reliability and control of BigFix with the flexibility of the cloud. Whether transitioning from an on-premises setup or exploring new possibilities, BigFix SaaS delivers simplicity, scalability, and security.
BigFix SaaS Overview
BigFix SaaS is a software-as-a-service based endpoint management platform that automates the management, patching, and inventory of nearly 100 different operating system versions.
Introduction
BigFix SaaS is an endpoint management platform that automates patch management and inventory across various operating systems and apps. Benefits include cost savings, accessibility, scalability, automatic updates, quick deployment, reliability, high compatibility, SaaS security, and reduced hardware requirements.
Getting Started with BigFix SaaS
This guide helps you get started with BigFix SaaS solution for managing your endpoints. BigFix SaaS is designed to simplify and streamline the management of users, devices, and deployments within your organization.
BigFix SaaS User Guide
This guide is for the regular users of BigFix SaaS.
- My Dashboard
  My Dashboard is the main page where users can add devices to their deployment and access additional functionality through icons for notifications and user profiles. The platform allows customization with light or dark mode at the account level, affecting all users. To maximize BigFix's capabilities, users are encouraged to add organization devices by clicking Add device and following on-screen prompts.
- CyberFOCUS
  CyberFOCUS is a threat intelligence and remediation feature within BigFix SaaS Remediate that provides visibility into CISA KEV (Known Exploited Vulnerabilities) and MITRE ATT&CK reports. It enables users to assess their security posture and take proactive remediation actions based on real-world threat intelligence.
  - CISA KEV Report
    The CISA Known Exploited Vulnerabilities (KEV) Catalog is a curated list maintained by the Cybersecurity and Infrastructure Security Agency (CISA). It includes vulnerabilities actively exploited in the wild and requiring immediate remediation. Organizations can use this intelligence to prioritize patching efforts and reduce exposure to cyber threats.
  - MITRE APT report
    The MITRE APT Report in CyberFOCUS helps organizations understand and mitigate vulnerabilities by mapping them to adversary tactics and techniques. It provides valuable insights for security teams, enabling proactive defense strategies.
  - CyberFOCUS remediation flow
    The CyberFocus Remediation Flow streamlines the process of identifying and addressing security vulnerabilities (CVEs) efficiently.
- Deployment Manager
  The Deployment Manager in BigFix streamlines the process of executing actions on devices within a deployment. It allows users to initiate and monitor deployments, which can range in complexity from quick tasks completed in minutes to more involved processes that may take days to finish on all targeted devices.
- Device Explorer
  The Device Explorer app in BigFix allows to view and explore their linked devices in a table format, displaying important details like device name, last connection time, OS information, and device type. To simplify device exploration use filter or device search. Click on specific device to access more details.
- Fixlet Explorer
  Fixlet Explorer enables users to view and manage Fixlets, which are sets of instructions for the BigFix agent to execute on devices. Users can filter and deploy Fixlets, access detailed information on CVEs, and navigate through a data table displaying relevant Fixlet details.
- Fixlet Streams
  Fixlet Streams help to automate the process of remediating endpoint vulnerabilities, such as patch and update deployments, while offering flexibility for manual intervention when critical issues arise. The feature ensures routine security and compliance tasks are handled efficiently, freeing up IT teams to focus on strategic initiatives. Additionally, it allows for ad-hoc remediation, enabling swift responses to urgent issues like zero-day vulnerabilities.
- Protection Level Agreement (PLA)
  Protection Level Agreements are a set of baselines that combine device contexts, and desired patch levels and compliance standards for a given set of Fixlets against agreed-to organisational service levels by key stakeholders including IT, Security, and the overall organization.
- User Management
  The User Manager application in BigFix SaaS provides administrators with a robust interface to efficiently manage user accounts, roles, permissions, and activities in BigFix SaaS. This guide walks you through the process of creating new users, disabling or deleting existing users, setting passwords, managing roles, and more, ensuring you have a smooth and efficient experience.
Guides in PDF format
This section contains links to PDF versions of all the BigFix SaaS product guides.
Frequently Asked Questions

CyberFOCUS remediation flow

The CyberFocus Remediation Flow streamlines the process of identifying and addressing security vulnerabilities (CVEs) efficiently.

From the CyberFOCUS dashboard, to initiate remediation and set up your custom remediation flow, complete the following steps.

1. Accessing the Remediate widget from CyberFOCUS dashboard

From the CyberFOCUS CISA KEV table that lists the CVEs, select one or more CVEs. The Remediate button becomes active.
Click the Remediate button to open the Remediate widget.

2. Setting up remediation flow

To configure a custom remediation flow, complete the following steps:

Fixlets: The selected CVEs are auto filtered to fetch relevant Fixlets. You can modify the filter further as needed. For information on how to modify the filter, refer to Setting up remediation flow.
Actions: You can review and update the actions for the set of Fixlets with default action and without default action.
Devices: Relevant devices are automatically filtered. You can modify the filtering using a query and enable or disable dynamic targeting. Alternatively, you can select devices from the list to adjust the filtering.
Sequence: You can configure the options to deploy the Fixlets from here.
Schedule: Configure start date and end date.
Summary: Shows all the configured remediation flow settings. Provide a unique Deployment Name.

Review the configurations and click Deploy to submit the action.

Result: The remediation flow is created and saved.

What to do next: Go to Deployment Manager and you can see that the action is deployed. It also displays all the configured remediation flow settings. It shows the devices on which the deployment is being done, and the Fixlets that are deployed.

To add feedback about this topic, select the following checkbox:

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners Four, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site. Personal data should not be shared in this comment box. See our Privacy Statement to understand how personal data is used.