CyberFOCUS remediation flow

The CyberFocus Remediation Flow streamlines the process of identifying and addressing security vulnerabilities (CVEs) efficiently.

From the CyberFOCUS dashboard, to initiate remediation and set up your custom remediation flow, complete the following steps.

1. Accessing the Remediate widget from CyberFOCUS dashboard

  1. From the CyberFOCUS CISA KEV table that lists the CVEs, select one or more CVEs. The Remediate button becomes active.
    CyberFOCUS Remediation flow
  2. Click the Remediate button to open the Remediate widget.
    CyberFOCUS Remediate Wdiget

2. Setting up remediation flow

To configure a custom remediation flow, complete the following steps:

  1. Fixlets: The selected CVEs are auto filtered to fetch relevant Fixlets. You can modify the filter further as needed. For information on how to modify the filter, refer to Setting up remediation flow.

  2. Actions: You can review and update the actions for the set of Fixlets with default action and without default action.

  3. Devices: Relevant devices are automatically filtered. You can modify the filtering using a query and enable or disable dynamic targeting. Alternatively, you can select devices from the list to adjust the filtering.


    CyberFOCUS Remediation Flow
  4. Sequence: You can configure the options to deploy the Fixlets from here.
    Remediate Flow Sequence

    • Start downloading immediately: Select this option to download deployment files immediately regardless of the start time schedule. Pre-cache deployment-related files, transferring them from a vendor's server to a BigFix server before deployment. You can save time when working with large files or a tight maintenance window by completing this part of the job first.

    • Before running message: To display a message on target computers before the deployment runs, select this option and enter your message.

    • While running message: Select this option to display the message on targeted computers while the deployment is running.

    • Reboot/Restart devices on completion of deployment: Select this option to restart the computer after the action is run.

    • On failure, retry: Select this option to configure when to retry deployment on failure.

    • Reapply: Select this option to reapply the action. By default, whenever it becomes relevant again, you can reapply with 1-hour wait between attempts, up to 3 times. You can configure the wait time and the number of attempts as needed.

  5. Schedule: Configure start date and end date.

  6. Summary: Shows all the configured remediation flow settings. Provide a unique Deployment Name.

    Review the configurations and click Deploy to submit the action.

Result: The remediation flow is created and saved.

What to do next: Go to Deployment Manager and you can see that the action is deployed. It also displays all the configured remediation flow settings. It shows the devices on which the deployment is being done, and the Fixlets that are deployed.