BigFix Insights for Vulnerability Remediation 2.0 is now available

Aram 2022-07-06 13:46:49 UTC #1

The BigFix Team is pleased to announce the release of BigFix Insights for Vulnerability Remediation (IVR) version 2.0!

BigFix Insights for Vulnerability Remediation automates elements of the vulnerability remediation process to:

Align Security and Operations teams with intelligent automation
Significantly compress the time from vulnerability assessment to vulnerability remediation
Greatly reduce risk by reducing your attack surface

The main features of this release include:

A New WebUI Application
BigFix Insights for Vulnerability Remediation v2 introduces a new WebUI application to better enable the BigFix Operator to remediate vulnerabilities more quickly and easily! You can now view the correlated vulnerability data directly within WebUI, enabling simple, yet powerful, prioritized deployment workflows. You can quickly narrow down discovered vulnerabilities to those that matter most, select them for remediation, and click ‘Deploy’.

IVR_v2_Screenshot

Additional information about this release

The IVR v2.0 release is comprised of 2 main elements:
1. A new IVR App in WebUI: to display correlated vulnerability data and enable quick/simple remediation workflows
  - For information on setting up BigFix Insights for Vulnerability Remediation, please see https://help.hcltechsw.com/bigfix/10.0/integrations/Ecosystem/Install_Config/c_setting_up_IVR_app.html
  - For information on using the new IVR App, please see https://help.hcltechsw.com/bigfix/10.0/webui/WebUI/Users_Guide/c_get_started_with_IVR.html
2. IVR Service v1.4: to synchronize discovered vulnerability data with supported Vulnerability Management products.
  - For information on deploying and configuring the IVR Service v1.4, please see https://help.hcltechsw.com/bigfix/10.0/integrations/Ecosystem/Install_Config/c_deploy_IVR.html
Pre-requisites:
Licensing requirements: BigFix Lifecycle, or BigFix Compliance

Considerations/Known issues:

The IVR Application in WebUI (from the Apps menu) will display only after a page refresh once access is successfully granted and configured. This process can take a few minutes. Please see https://help.hcltechsw.com/bigfix/10.0/integrations/Ecosystem/Install_Config/c_setting_up_IVR_app.html for more details.
Deployments with many concurrent WebUI users (> 30) may see a temporary build-up in memory usage associated with the IVR application. Please see https://help.hcltechsw.com/bigfix/10.0/webui/WebUI/Users_Guide/c_IVR_app_settings.html for more information, including a configurable setting to limit memory usage (_WebUIAppEnv_IVR_MEM_THRESHOLD).

Site versions:

Site Type	Name	Version
Fixlet Site	BigFix Insights for Vulnerability Remediation	10
WebUI Site	WebUI Insights	11
WebUI Site	WebUI IVR	1
WebUI Site	WebUI Common	71
WebUI Site	WebUI Framework	19

Additional references

Demo video: https://www.youtube.com/watch?v=bZ8rqCPoAGw
Documentation: https://help.hcltechsw.com/bigfix/10.0/integrations/Ecosystem/Install_Config/c_welcome.html
Learn more on our Product Page: https://www.hcltechsw.com/products/bigfix/ivr-home

Aram 2022-07-06 13:47:11 UTC #2

Arjity 2022-07-07 05:19:47 UTC #3

Hi Aram,

we have configured the IVR 2.0 by upgrading the Insight version and the other apps version in WebUI, and also configured the access URL and Key from insight but still co-related vulnerability data is not reflecting in IVR app in WebUI, but in powerBI reports co-related data is reflecting.

Kindly let us know if anything else needs to be done to populate the data into the IVR app.

Thanks,
Arjit

Aram 2022-07-07 14:06:25 UTC #4

Hello Arjit,

Can you confirm that you have IVR Service v1.4 deployed? This version is required for the IVR App to function.

Arjity 2022-07-08 11:49:39 UTC #5

Hi Aram,

we have the installed the IVR version 1.4 and configured in the WebUI, but still data is not reflecting in IVR app, also earlier the co-related data which was reflecting into the PowerBI report, that report is also Blank, after the IVR 1.4 re-installation.

Kindly help us to figure out where we are lacking.

Thanks,
Arjit

Aram 2022-07-08 15:43:02 UTC #6

I’d be happy to work with you offline, but I’d also perhaps recommend a support case here to help troubleshoot further.

atlauren 2022-07-08 21:27:37 UTC #7

In the Summer Release Q&A, there was a question about using internal vulnerability ratings in lieu of that provided from the scanner.

As a followup, Tenable allows an installation to re-cast a vulnerability’s severity. Is the recasted data brought forward into IVR?

Arjity 2022-07-11 06:20:57 UTC #8

Thanks Aram, I have raised the Support case for working on this issue.

itsmpro92 2022-07-15 19:13:55 UTC #9

@Aram - FYI, I’ve enabled the WebUI IVR app, and the data is not correlated correctly. It is fine in the PowerBI reports.

In the WebUI, I have many Qualys CentOS Vulnerabilities connected with BigFix Windows devices, and the Windows Product/Family.

Update: Looking at the data in the Insights database, and the IVR schema, I can see that the correlation is returning Patches for Windows Fixlets having matching CVE data for the CentOS vulnerability. There doesn’t appear to be any consideration for the underlying OS in the query returning the data to the IVR app. This vulnerability is actually fixed on the CentOS machine.

FYI - There is a category in the ivr.vulnerabilities table which shows CentOS for this vulnerability.

TheBigFixer 2022-08-04 15:05:59 UTC #10

Aram - can your team please work on a supported config where IVR works with a LINUX based BigFix Root Server ? - Thanks

Aram 2022-08-31 21:03:42 UTC #11

Thanks for the feedback!

This is something we’ve explored and have some ideas on potential approach, but don’t currently have any formal plans around. I’d encourage submitting an Idea please to help us gauge interest and demand for such a configuration.