Release Summary
Features and Enhancements
- Brand new platform for IVR
- IVR Support of Rapid7
- Custom CSV data import directly into IVR
- WebUI Patch Policy support of Rocky Linux 9 and Oracle Linux 9
- Insights Live ETL Feed
Summary
We are happy to announce the release of BigFix Insights for Vulnerability Remediation (IVR) 3.0 for Rapid 7 and the ability for customers to import their data directly into IVR using a CSV file.
- Brand new framework for IVR 3.0 that supports Rapid7, .csv ingestion, and introduces performance improvements.
- BigFix can take the vulnerability information from Rapid7, correlate it to devices in BigFix, and then suggest remediation based on the CVEs discovered in the environment.
- BigFix can report and export on the vulnerability exposed currently in the environment, the severity of the vulnerabilities currently in the environment, and dates of the various exposures.
- BigFix now supports importing .csv files that contain asset information and corresponding CVEs and correlating them to existing BigFix devices and fixlets. Devices and exposures are then able to be remediated from the BigFix WebUI.
The goal of IVR remains the same, to help align Security and Operations teams with intelligent patching prioritization and automated remediation, reduce the time between vulnerability discovery and remediation, and greatly reduce risk by reducing the vulnerable attack surface.
Defect Article Resolution
KB0106499 – All adapter CVSS values have been standardized to info, low, medium, high and critical.
KB0102924 – NoneType object has no ‘cvss_base’ attribute
KB0103404 – BigFix IVR import fails with SQL errors
KB0103565 – Schedules for IVR not being honored
KB0104128 – IVR with Tenable.sc integration fails
KB0104953 – Setup of BigFix IVR on Tenable.sc failing
KB0104954 – Missing documentation for IVR Tenable Tableau reports
KB0104955 – False positive for task 156
KB0105003 – BFIVR setup fixlet not managing percent sign in the password
KB0105637 – Tenable.sc install has a bug for install on E drive
Security Vulnerability Resolution
CVE-2023-0842 – WebUI - xml2js@0.4.23
CVE-2022-44758 – IVR 2.0.3 – Insecure Cryptography – Python URL DataFlows.exe
CVE-2022-44757 – IVR 2.0.3 - Information Disclosure - Fixlet Interruption /Monitoring URL/File IVR
IVR 3.0 - Customers using Rapid7 and/or Custom CSV Ingestion
IVR 3.0 is available natively in the WebUI and includes these new features:
- New platform for IVR, improved performance
- Support for IVR integration with Rapid7
- Ability to import .csv files for IVR correlation in BigFix
- WebUI Patch Policy support for Rocky Linux 9 and Oracle Linux 9
- Bugfixes
- Security Improvements
Support for IVR integration with Rapid7
- IVR now supports a native integration with Rapid7 in IVR 3.0, now BigFix can take the vulnerability information from Rapid7, correlate it to devices in BigFix, and then suggest remediation based on the CVEs discovered in the environment.
- BigFix can report and export on the vulnerability exposed currently in the environment, the severity of the vulnerabilities currently in the environment, and dates of the various exposures
CSV Import
- BigFix now supports importing .csv files that contain asset information and corresponding CVEs and correlating them to existing BigFix devices and fixlets.
- Devices and exposures can be remediated easily be selected and executed from the wizard
Insights Live ETL Feed
- Insights Live ETL Feed page is designed to display the stages and various steps of an active BFE ETL process. Its primary purpose is to assist in debugging ETL issues and monitoring the progress of ongoing ETL operations.
- The Live ETL Feed page can only be accessed directly via URL and is accessible after logging into Insights in the WebUI. There are no direct links or buttons that will lead you to this page.
- To access the Live ETL Feed page, follow these steps, open your web browser and enter the following URL: https://<webui_server>/insights/live
How to Update
WebUI will update automatically by default, unless configured otherwise. Please note that updates for WebUI Insights and WebUI IVR must be done manually via the Application Updates page on WebUI. Now, updating WebUI IVR will also update WebUI Insights. For more information, please see: https://help.hcltechsw.com/bigfix/11.0/webui/WebUI/Admin_Guide/c_manage_application_updates.html.
Resources
- Demo Link (September 27th) - https://www.brighttalk.com/webcast/17964/591770?utm_source=HCLBigFix&utm_medium=brighttalk&utm_campaign=591770
- Product Page - https://www.hcl-software.com/bigfix/ivr-home
- Documentation - https://help.hcltechsw.com/bigfix/11.0/webui/WebUI/Users_Guide/c_get_started_with_IVR.html
IVR 2.0.3 - Customers using Tenable.sc, Tenable.io, or Qualys:
IVR 2.0.3 is still available in the native WebUI and includes the following improvements:
- Security improvements
- Bugfixes
How to Update
Please find the ‘BigFix Insights for Vulnerability Remediation’ Fixlet Site from the License Overview Dashboard under the Lifecycle or Compliance Sections. For more information on enabling sites, please see: https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Console/c_license_overview_dashboard.html
Site Versions
| Site Type | Name | Version |
|---|---|---|
| Fixlet Site | BigFix Insights for Vulnerability Remediation | 13 |
| WebUI Site | WebUI Insights | 21 |
| WebUI Site | WebUI IVR | 10 |
| WebUI Site | WebUI Common | 80 |
| WebUI Site | WebUI TakeAction | 29 |
| WebUI Site | API | 18 |
| WebUI Site | Patch | 41 |
| WebUI Site | Patch Policies | 37 |
| WebUI Site | SCM | 11 |
| Web UI Site | Datasync | 25 |
| WebUI Site | Appadmin | 32 |
I really need it for Qualys