BigFix Insights for Vulnerability Remediation 2.0 is now available

Aram · July 6, 2022, 1:46pm

The BigFix Team is pleased to announce the release of BigFix Insights for Vulnerability Remediation (IVR) version 2.0!

BigFix Insights for Vulnerability Remediation automates elements of the vulnerability remediation process to:

Align Security and Operations teams with intelligent automation
Significantly compress the time from vulnerability assessment to vulnerability remediation
Greatly reduce risk by reducing your attack surface

The main features of this release include:

A New WebUI Application
BigFix Insights for Vulnerability Remediation v2 introduces a new WebUI application to better enable the BigFix Operator to remediate vulnerabilities more quickly and easily! You can now view the correlated vulnerability data directly within WebUI, enabling simple, yet powerful, prioritized deployment workflows. You can quickly narrow down discovered vulnerabilities to those that matter most, select them for remediation, and click ‘Deploy’.

Additional information about this release

The IVR v2.0 release is comprised of 2 main elements:
1. A new IVR App in WebUI: to display correlated vulnerability data and enable quick/simple remediation workflows
  - For information on setting up BigFix Insights for Vulnerability Remediation, please see Setting up IVR App
  - For information on using the new IVR App, please see Get started with IVR
2. IVR Service v1.4: to synchronize discovered vulnerability data with supported Vulnerability Management products.
  - For information on deploying and configuring the IVR Service v1.4, please see Deployment and configuration
Pre-requisites:
Licensing requirements: BigFix Lifecycle, or BigFix Compliance

Considerations/Known issues:

The IVR Application in WebUI (from the Apps menu) will display only after a page refresh once access is successfully granted and configured. This process can take a few minutes. Please see Setting up IVR App for more details.
Deployments with many concurrent WebUI users (> 30) may see a temporary build-up in memory usage associated with the IVR application. Please see WebUI IVR Settings for more information, including a configurable setting to limit memory usage (_WebUIAppEnv_IVR_MEM_THRESHOLD).

Site versions:

Site Type	Name	Version
Fixlet Site	BigFix Insights for Vulnerability Remediation	10
WebUI Site	WebUI Insights	11
WebUI Site	WebUI IVR	1
WebUI Site	WebUI Common	71
WebUI Site	WebUI Framework	19

Additional references

Demo video: https://www.youtube.com/watch?v=bZ8rqCPoAGw
Documentation: BigFix Insights for Vulnerability Remediation
Learn more on our Product Page: https://www.hcltechsw.com/products/bigfix/ivr-home

Arjity · July 7, 2022, 5:19am

Hi Aram,

we have configured the IVR 2.0 by upgrading the Insight version and the other apps version in WebUI, and also configured the access URL and Key from insight but still co-related vulnerability data is not reflecting in IVR app in WebUI, but in powerBI reports co-related data is reflecting.

Kindly let us know if anything else needs to be done to populate the data into the IVR app.

Thanks,
Arjit

Aram · July 7, 2022, 2:06pm

Hello Arjit,

Can you confirm that you have IVR Service v1.4 deployed? This version is required for the IVR App to function.

Arjity · July 8, 2022, 11:49am

Hi Aram,

we have the installed the IVR version 1.4 and configured in the WebUI, but still data is not reflecting in IVR app, also earlier the co-related data which was reflecting into the PowerBI report, that report is also Blank, after the IVR 1.4 re-installation.

Kindly help us to figure out where we are lacking.

Thanks,
Arjit

Aram · July 8, 2022, 3:43pm

I’d be happy to work with you offline, but I’d also perhaps recommend a support case here to help troubleshoot further.

atlauren · July 8, 2022, 9:27pm

In the Summer Release Q&A, there was a question about using internal vulnerability ratings in lieu of that provided from the scanner.

As a followup, Tenable allows an installation to re-cast a vulnerability’s severity. Is the recasted data brought forward into IVR?

Arjity · July 11, 2022, 6:20am

Thanks Aram, I have raised the Support case for working on this issue.

itsmpro92 · July 15, 2022, 7:13pm

@Aram - FYI, I’ve enabled the WebUI IVR app, and the data is not correlated correctly. It is fine in the PowerBI reports.

In the WebUI, I have many Qualys CentOS Vulnerabilities connected with BigFix Windows devices, and the Windows Product/Family.

Update: Looking at the data in the Insights database, and the IVR schema, I can see that the correlation is returning Patches for Windows Fixlets having matching CVE data for the CentOS vulnerability. There doesn’t appear to be any consideration for the underlying OS in the query returning the data to the IVR app. This vulnerability is actually fixed on the CentOS machine.

FYI - There is a category in the ivr.vulnerabilities table which shows CentOS for this vulnerability.

TheBigFixer · August 4, 2022, 3:05pm

Aram - can your team please work on a supported config where IVR works with a LINUX based BigFix Root Server ? - Thanks

Aram · August 31, 2022, 9:03pm

Thanks for the feedback!

This is something we’ve explored and have some ideas on potential approach, but don’t currently have any formal plans around. I’d encourage submitting an Idea please to help us gauge interest and demand for such a configuration.