The BigFix Team is pleased to announce the release of version 11 Patch 5 (11.0.5.203) of BigFix Platform. The main features in this release are as follows:
Suspending downloads for expired actions!
By default, if an action expires while the Relay is downloading some files for that action, the BigFix Relay completes the downloads.
Using the new setting named _BESRelay_Download_SuspendExpiredAction you can now choose to suspend these downloads.
If more than one action has requested to download the same file, the BigFix Relay suspends the download only when all these actions expire.
If a new action requires downloading a suspended file, the BigFix Relay resumes the suspended download from where it was left off.
For details, see Managing Downloads.
Forcing Prefetch commands to use HTTPS!
You can now force a Prefetch command to download files using HTTPS protocol.
By default, the URL provided in the Prefetch command will be used (whether it is HTTPS or HTTP). You can use the new _BESRelay_Download_UseHttps setting to force a Prefetch statement containing a HTTP URL to use HTTPS instead or fail. As an alternative, you can configure it to use HTTPS or fallback to HTTP.
This setting applies to the Root Server only.
For details, see Managing Downloads.
Advanced information in the audit log!
The following additional information is now available in BigFix audit log, related to actions performed by BigFix operators:
- Create/Update/Delete Content (Fixlets, Tasks, Analyses, Baselines)
- Create/Update/Delete Custom Sites
- Create/Update/Delete Computer Groups
- Globally Hide/Unhide Content
- Update Site Subscription (computers)
For details, see Server audit logs.
Web Reports- you can export and import reports within a BigFix deployment
Starting from BigFix Version 11.0.5 a WebReports user can export reports (both public and private, with the exception of pre-installed ones) to a JSON file; the file can then be used to import the report in the same BigFix deployment.
For details, see Import Report, Exporting Reports in JSON format and Exported JSON Details.
Web Reports- at session timeout, hide UI and revert to login screen
As a security and data privacy measure, when a UI session timeout happens, the operator should be logged out and brought back to the login screen, to avoid someone else accessing the data that remains on the screen. This happens now also in Web Reports, as it was already happening in other interfaces.
Console SAML login may fail loading dynamic content (KB0124024)
The BigFix Console can now be configured to show the SAML login panel using a WebView2-based dialog. This allows to overcome the problem described in the Defect Article Console SAML login using WebView2 libraries - Customer Support.
Azure API Version Update: The API version used by agents to retrieve information from Azure has been updated to 2023-07-01
Inspector changes!
- New client inspector types named “yaml key” and “yaml value” were added to represent YAML keys and values. For details, see yaml key and yaml value.
- New client inspector types named “os log store” and “os log entry log” were added to allow querying log entries from the local OS log store on macOS. For details, see os log store and os log entry log.
- On Windows, the following properties were added to the “logged on user” inspector:
- “last logon time”
- "last logon type,
- “last logon type number”
- “logon completion time”
- “logon session time”
- "logon session type”
- “logon session type number”
They return information about the logon that started a Windows session. This inspector is intended to enhance visibility into system performance and user experience on Windows devices. For details, see logged on user.
- New client inspector property named “protocol type of” was added to return the protocol type of the connected WiFi network. For details, see wifi network.
- The following client inspector properties are now available also on Red Hat and SUSE:
- pid of : integer
- file of : file
- image path of : string
For details, see service.
- New session inspector properties were added to return information about the remediated Fixlets and computers:
New properties available on Bigfix Explorer, Console and Web Reports:
- remediated <(bes fixlet)> of <(bes computer)>
- remediated <(bes computer> of <(bes fixlet)>
- remediated <(bes computer, bes fixlet)>
- remediated <(bes fixlet, bes computer)>
New properties available only on BigFix Explorer:
- remediated computer set of <(bes fixlet)>
- remediated computer of <(bes fixlet)>
- remediated computer count of <(bes fixlet)>
- relevant fixlet count of <(bes computer)>
- remediated fixlet count of <(bes computer)>
- remediated fixlet of <(bes computer)>
- remediated fixlet set of <(bes computer)>
Properties now available also on Bigfix Explorer:
- first became relevant of <(bes fixlet result)>
- last became nonrelevant of <(bes fixlet result)>
- last became relevant of <(bes fixlet result)>
For details, see bes computer and bes fixlet.
Added Support for Operating Systems
Added support for BigFix Agent running on macOS 26 x86-64/ARM
Added support for BigFix Relay running on Red Hat Enterprise Linux 10 x86 64-bit
Library and driver upgrades
- AWS Cloud plugin was upgraded to AWS SDK for GO v2
- The OpenSSL library was upgraded to Version 3.5.2 LTS
Additional information about this release
- The standalone BigFix tools are published under the 11.0 Utilities section in BigFix Enterprise Suite Download Center
- A Non-Functional Requirements checklist, covering both performance and security management of your BigFix deployment, is available at BigFix Performance & Capacity Planning Resources
References
- See the full technical changelist
Pre-Upgrade Considerations
Important considerations to keep into account before upgrading to BigFix Platform Version 11 are:
-
BigFix Version 10.0.7 is the minimum version supporting the upgrade of the BigFix server components to Version 11
-
You must enable the “Enhanced Security” before upgrading BigFix Platform to Version 11
-
The minimum TLS supported protocol in BigFix V11 is TLS 1.2
-
The SHA1 hashing algorithm for content and action signature will no longer be supported. SHA1 is still supported for file download in actionscript. For details, see the BigFix Platform V11 Overview Page
-
The unixODBC RPM package is a prerequisite for the Server components on Linux systems (see Server Requirements). This applies to installations with a DB2 database.
-
The msodbcsql17 RPM package is a prerequisite for the Server components on Linux systems (see Server Requirements). This applies to installations with a MSSQL database
-
For detailed information on the specific changes to minimum supported versions of operating systems and databases for BigFix 11, see Detailed system requirements.
-
Before getting started with the upgrade process, stop any active application that is connected to the BigFix database (such as Web Reports, WebUI, BigFix Inventory, or BigFix Compliance).
Useful links
- BigFix downloads and release information
- BigFix 11 Platform Documentation
- Upgrade considerations
- Detailed system requirements
A blog that discusses the benefits of BigFix 11 is available here
Upgrade Fixlets are available in BES Support version 1504 (or later).
– HCL BigFix – Platform Team