BigFix Detect is now available

The IBM BigFix team are pleased to announce the release of BigFix Detect.

BigFix Detect extends the BigFix portfolio and aims to help security professionals of any company to quickly and effectively identify compromised devices or applications. You can also identify anomalous behaviors, analyze security exposures, and remediate them quickly.

The capabilities and value provided by IBM BigFix Detect can be grouped into the following main three categories:

Leveraging behavioral anomaly detection, based on intelligence gathered from millions of endpoints worldwide, BigFix Detect identifies and alerts on advanced, evasive threats. In addition, BigFix Detect monitors for the existence of indicators of compromise (IOCs).

BigFix Detect supports importing external IOCs and IOC feeds in the following formats:

  • Cyber Observable eXpression (CybOX)
  • Structured Threat Information Expression (STIX)


To enable security professionals to understand the scope and context of a threat, BigFix Detect assists in the Incident Response process by providing recommendations for possible investigation paths.

BigFix Detect records endpoint activity, providing search capabilities over the recorded data and traversing process trees.

In addition to historical search capabilities, BigFix Detect also enables the security professional to run ad hoc IOC evaluation queries.


BigFix Detect enables the user to contain and remediate attacks by suggesting relevant response actions in incident alerts and historical events. The user can then take an action directly from BigFix Detect.
BigFix Detect supports the following response actions:

  • Quarantine file: remove the selected file and place it in quarantine so that malicious activity is stopped.
  • Kill process: kill a malicious process identified by BigFix Detect.
  • Fix registry keys: update registry keys that have been modified by malicious activity identified by BigFix Detect
  • Apply patches: apply relevant available patches to selected devices or enterprise.
  • Update software: update software packages for selected applications.
  • Enable customized response to mitigate threat from patient zero and complete enterprise
  • Ability to hunt with BigFix Query across enterprise in real time for key information and attributes on target endpoints


The documentation available at covers the following areas in detail:

  • Getting started information
  • Setup and deployment process
  • BigFix Detect architecture
  • Detailed user guidance
  • Troubleshooting and support

How about the licensing ? Can we enable this product with having Bigfix Lifecycle and Security Licenses.

Or is this separate license ?

It’s a separate license/entitlement.

I passed the information to my management. I really hope they consider looking into the product. I will make the call its going to be BIG!!!

Thank you Anthony, let us know how we can help.

@murtuza is there a trial or something to try it out before purchase?

1 Like

Hi, we are planning to release trial for Detect but that will be later. If you are interested send me a note to and we maybe able do something depending on what your plans are.

1 Like

How much is the product price

@murtuza I have sent an email note months back and I will send out a reminder today.

Hi, sorry may have missed your note… What are you looking for.

Hi Ann, just sent you an email.

I want to know that the price of BigFix detect product?

A trial to test before purchase and also is there any discounts for the early birds?

As IBM partner, we have got NFR license for BigFix and we need to demonstrate BigFix detect capabilities.
We need any example to simulate BigFix detect in action.

Is BigFix Detect still a product? I’m looking for a way to isolate endpoints using BigFix, and Detect seemed like a good solution. However, I can’t seem to find anything about the tool that is current. Is it still alive? Has it transitioned to a new name?

IBM announced end of marketing for BigFix Detect on 21 November 2017 and end of support was 10 July 2018:

If you’re looking for EDR solutions, you may want to consider CarbonBlack or Palo Alto Traps, both of which have integration with BigFix.

We do have quarantine capabilities via IPSec as part of BigFix Compliance. Look for the “BigFix Client Compliance *” sites that are available with that solution.

1 Like