BigFix Insights for Vulnerability Remediation 1.3 is now available

The BigFix team is pleased to announce the release of version 1.3 of the BigFix Insights for Vulnerability Remediation application (included in the BigFix Lifecycle and Compliance suites)! This application will enable IT Security and Operations teams to collaborate much more effectively by automatically correlating discovered vulnerabilities to their proper remediations, while providing prioritization data to focus remediation efforts.

The main features of this release are as follows:

  • Introduced support for version 5.20.x

Additional information about this release:

Published site version: 9

Useful links

1 Like

Hi @Aram - I see that the Schedule attribute is not yet documented. I have a Case opened asking for the details of the pattern’s use to establish custom schedules. Could you chime in both here and with support as to what each element represents?

As it is currently configured in v1.2, the ETL runs every hour on the hour using the pattern: schedule="*/60 * * * *".

Thank you for bringing this to my attention! We’ll certainly work to update the documentation.

In the meantime, the schedule format for Insights for Vulnerability Remediation is the same as that for ServiceNow Data Flow (documented here:

It is essentially a cron time format ( The first character denotes the minute, the second the hour, the third the day of month, the fourth the month, and the fifth the day of week. There are a few websites that I’m sure you can find that help generate cron strings/expressions as well as validate and translate existing strings into friendly descriptions.

1 Like

Thanks for the pointer to the ServiceNow Data Flow documentation; that is exactly the level of detail that I was looking for.


Hi @Aram, is there any more detailed release notes for this version? Are there any big fixes, performance improvements, etc. In another words, we need to understand whether if we are running v1.2 for example and above-mentioned version support is not of interest, is there benefit to upgrading to latest version?

Hi Aram,

We upgraded IVR to 1.3 but still getting error message “Login Denied” When we use same access key and Secret key in Postman. We able to get request from Tenable.SC

Do we have any specific format to define Access Key and Security key in IVR configuration.

Sagar Deshpande.

Hello! And fair question…however, the only change in this release was the introduction of support for the newer versions of Tenable SC. Note that we do have other releases coming, so, stay tuned!

Hi Sagar,

There is not a specific format required, no (it should be exactly as it is from Tenable). I’d recommend opening a support case to troubleshoot. When opening the case, do please provide details about the permissions associated with the key, and what type of API requests you’ve been able to make via Postman with the given credentials.

Hi Aram,

We have reinstalled and configured the IVR with access key and secret in IVR 1.3 version, still we are unable to fetch the vulnerability data in insight and its throwing the “login denied” error while validating the configuration, and we are able to fetch the data from tenable using CURL command and its giving data from by using access key and secret.

I have also raised the support Case for the same.
Case: CS0308230

Kindly help us to resolve the issue.


Does this discussion in the tenable community shed any light on your situation?

Thanks @Aram for your support, by putting useranme and passsword combination works to dataflow happened from instead of the access key and secret key.