Availability of BigFix Compliance Analytics version 2.0.10

HCL BigFix is pleased to announce the release of BigFix Compliance Analytics version 2.0 Patch 10

Product: BigFix Compliance

Title: Availability of BigFix Compliance Analytics version 2.0 Patch 10

Published site: SCM Reporting 156

BigFix Compliance Analytics version 2.0 Patch 10 includes the following new features, enhancements, and fixes.

Highlights of this release:

• Re-Design of Vulnerability Reporting: the reworked mechanics based on actual relevance of patch content addressing CVE reporting issues.
• Addition of Login Welcome Message for SSO configuration
• Support for MSSQL 2022 and Windows Server 2022
• TLS 1.3 Support
• Corrected behavior of in set / not in set filter on Configure Panel to react to adding and removing item in set
• Preserving custom account for BigFix Compliance Server service during upgrade
• Domain “Security Configuration Vulnerability Results” has been marked as deprecated due to deprecation of the “Vulnerabilities to Windows Systems” site. HCL will officially deprecate this site on December 31st, 2023
  BigFix Compliance: Upcoming Depreciation for "Vulnerability to Windows Systems" Site

Following are the Fixed Jira Tickets in this release.

• IBM SDK Java Technology Edition Version updated to 8.0.8.10 to address vulnerabilities:
  CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-22045, CVE-2023-22049
• [CVE Logic][KB0096824] SCA import gets stuck after enabling “Patches and Vulnerabilities”
• [CVE Logic][KB0099209] Unable to import Windows superseded setting
• [CVE Logic][KB0104572] False positive vulnerability result
• [CVE Logic] [KB0105583] SCA CVEs show older installed then actual
• [CVE Logic] Update the documentation for CVE Logic changes
• [KB0101361] Sending mail from SCA stucks with rufus error
• [KB0099549] SCA Overview report is not sent in an email
• [KB0106124] Compliance service is corrupted during upgrade
• [KB0107937] SCA upgrade issue when using a service account
• [KB0107391] Extended SCA with the new PATCH SITES
• [KB0102756] Import hangs after upgrading to 2.0.8 - Extend Cleanup procedures to _persistent tables
• [KB0080198] Documentation to reflect the change in the MSSQL connection, using a different TCP port instead of the default TCP port.
• Link: How to specify a non-standard port or instance name for SQL Server (hcltechsw.com)

Documentation for the support of MS SQL 2022 and Windows 2022

• Overview page – Data count mismatch in check result, Date filter issue in same date graph not listing
  Issue encountered while selecting a particular field for the second time in the checkbox during Filtering Process
• Corrected behaviour of in set / not in set filter on Configure Panel to react to adding and removing item in set.
• TLS 1.3 Support required at Browser level for SCA
• Display Banner with custom massage when login into SCA in SSO scenario
• Mark as Deprecated “Vulnerability Reporting” Report in “Security Configuration Vulnerability Results” Domain in SCA
• Compliance Data is missing for Check Result section in all the sections.
• Vulnerability Domain Reporting Issue
• Date First Patch Available issue

Actions to take:

To take advantage of the fixes, upgrade BigFix Compliance Analytics to version 2.0.10.

For first time installation:

1. In the License Overview Dashboard in the BigFix console (BigFix Management domain), enable the SCM Reporting site.
2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.
3. Select the Fixlet named BigFix Compliance Server 2.0 - First-time Install Fixlet under the BigFix Compliance Install/Upgrade menu tree node.
4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

For upgrade installation: Refer to the prescribed upgrade steps for the BigFix Compliance version that you are using.

IMPORTANT: Before you start any upgrade process, perform a server and database backup.

A. For BigFix Compliance Analytics versions 1.9.x, 1.10.x and 2.0.x:

1. Make sure that you completed the server and database backup.
2. There is recommended to stop the BigFix Compliance Server or at least disable scheduled Data Imports to ensure that Data Import is not in progress during upgrade.
3. In the Security Configuration domain in the console, open the Configuration Management navigation tree.
4. Under the BigFix Compliance Install/Upgrade menu tree item, select the BigFix Compliance Server 2.0 - Upgrade Fixlet which automatically installs and upgrades to the new version.
5. Follow the Fixlet instructions and take the associated action to upgrade your BigFix Compliance deployment.
6. Update the data schema. To do this, log in to the BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data scheme is expected and it will take some time to complete.
   NOTE: Automatic upgrade installation only affects installations running under the LocalSystem account. Follow the Fixlet instructions to install the update manually if this fix cannot be applied.

B. For BigFix Compliance Analytics versions prior to 1.9:

1. Manually upgrade to version 1.10.1.48. The 1.10.1.48 installer can be found here http://software.bigfix.com/download/bfc/server/1.10/bfc-server-1.10.1.48.exe
2. After manually upgrading to version 1.10.1.48, use the BigFix Compliance Server 2.0 Upgrade Fixlet to upgrade to version 2.0 (See step A).

More information:

• BigFix Compliance Guides: https://help.hcltechsw.com/bigfix/10.0/compliance/analytics.html
• BigFix Forums - Release Announcements Channel: https://forum.bigfix.com/c/release-announcements/compliance

BigFix Compliance team
HCL BigFix

SCA 2.0.10 is using MS SQL Server 2016 or later - STRING_SPLIT function during Data Import. Ensure that you are on 2016 or higher with compatibility level set to 130 (2016) or higher before upgrade / first import.

We are working on solution for 2012/2014 MS SQL Server instances.