Setting up remediation flow

The remediation process in BigFix SaaS is designed to simplify and streamline patch management and vulnerability remediation.

To set up your custom remediation flow and initiate remediation, complete the following steps.

1. Accessing the Remediate widget

  1. Loging in

    Log in to BigFix SaaS using your Admin credentials.

  2. Go to the Device Explorer Section

    1. In the BigFix SaaS application, from the left pane click Apps and select Device Explorer .
    2. Click the List button to view the devices in list view.
    3. Select the devices that you want to target, the Remediate button becomes active.
    4. Click the Remediate button to open the Remediate widget.

    Remediation flow

2. Setting up remediation flow

To configure a custom remediation flow, complete the following steps:

  1. Fixlets: Configure conditions to filter and select Fixlets to deploy.

    1. Click the Attribute dropdown to choose an attribute. For each attribute, specify a condition and add a value. You can define multiple conditions.
      • CVE: Add relevant CVEs by typing them and click Add.
        Note:
        • To enter multiple CVE entries at once, you can copy paste a list of CVEs separated by comma, semicolon or a space. For example: CVE-123-1234,CVE-123-1256, CVE-123-1278
        • View All button is displayed when there are more than eight CVE values. Click the View All button to view the list in detail, review, search, or remove a specific CVE.
      • Category: Select categories from the list of categories dynamically displayed based on your system’s database and click Add. This displays all the available categories with the ones that you have selected in blue. You can also modify your selection from here.
      • Name: Select the "contains" or "not contains" condition and for the value, enter your string, and click Add. This displays all the strings that you have entered. You can also modify your selection from here, inserting or deleting values.
      • Severity: Select the "in" or "not in" condition; for the value, choose the level of severity for the Fixlet. Modify selection by adding or removing as required.
      • Source: Select the "in" or "not in" condition; for the value, select one or more vendors from the available option, and click Add. This displays all the available options for vendors with the ones that you have selected in blue. You can also modify your selection from here.
      Note:
      • To remove all entries in a section, click .
      • The Attribute dropdown dynamically displays the attributes available to you.
      • The Value text box dynamically fetches data from your database for you to select.
    2. Once the conditions are defined, click Next to proceed.

  2. Actions: You can review and update the actions for the set of Fixlets with default action and without default action.

  3. Sequence: You can configure the options to deploy the Fixlets from here.
    Remediate Flow Sequence

  4. Schedule: Configure start date and end date.

  5. Summary: Shows all the configured remediation flow settings. Provide a unique Deployment Name.

    Review the configurations and click Deploy to submit the action.

Result: The remediation flow is created and saved.

What to do next: Go to Deployment Manager and you can see that the action is deployed. It also displays all the configured remediation flow settings. It shows the devices on which the deployment is being done, and the Fixlets that are deployed.