A new drop of BigFix Inventory beta is available! The latest features include:
1. Collecting file attributes for cyber security purposes
By leveraging technology used to detect software that is installed on the endpoints, it is possible to raise security alerts based on the detection of changes in the file system. Next version of BigFix Inventory can provide data that can be used for this purpose. The next step is to use this data with the White List and Black List mechanisms to provide information that can be used to detect security exposures.
Letâs assume that a White List is a list of file names, sizes and file hashes calculated on a set of files. All entries represent files that can legitimately exist in the infrastructure. A Black List is a
list of file names, sizes and file hashes calculated on a set of files which represents files that are not allowed to exist in the infrastructure for any reason.
The White List can be used in BigFix Inventory with the new feature of collecting file hashes (MD5 or SHA256 or both). In a stable environment, the initial scan of hashes can be treated as a baseline and saved as the initial White List. Each subsequent scan will provide new hashes which can be compared with the White List.
All deltas should be analyzed and decisions should be made whether the delta should be used to modify or extend the existing White List or to create or extend the Black List. The Black List can be also obtained from external indication of compromises (IoC) databases.
2. Defining the time range of reports in relation to the current date
One of the goals of BigFix Inventory is to make the work of Software Asset Managers and IT Operators less time consuming. To support this goal, we are working on a mechanism of triggering notifications.
In a broad set of possible conditions worth to be used as triggers for notifications there is one particularly useful: defining the time range of reports in relation to the current date. The new filtering option allows for defining conditions such as: âshow me all endpoints which have the âlast seenâ attribute older than 1 week, relative to the current dayâ, or âshow me all contracts that will expire within the next six monthsâ.
3. Scoped view of reports per computer group
You can view reports scoped to a particular computer group without the necessity of creating BigFix Inventory users dedicated to each group. The functionality is particularly useful in the following scenarios:
- You have IBM software that is installed in multiple IBM subcapacity regions.
- You want to separately track software that is installed in each business unit in your organization.
- You are a service provider and you need to generate a separate audit snapshot for each customer.
4. Certification of new operating systems for the agent
You can monitor PVU and RVU MAPC subcapacity on RHEL 7 and SUSE 12 on zVM.
5. Migrating custom signatures from Software Knowledge Base Toolkit to BigFix Inventory
You can migrate your custom signatures to BigFix Inventory, because now it provides the same capabilities for creating and editing signatures as SwKBT. Maintaining signatures in only one application saves your time, facilitates the work, and reduces maintenance costs. Migrated signatures will be stored in the BigFix Inventory database together with the content provided by IBM, but they will be fully independent and not impacted by any future imports of the IBM software catalog.
For information about enrolling to the beta program, see: https://ibm.biz/beta_program.