Can I request fixlet to be installed on user machine via a api call?

chercm 2023-10-02 14:08:52 UTC #1

can I request fixlet to be installed on user machine via a api call?

JasonWalker 2023-10-02 14:09:38 UTC #2

Can you describe the use-case a bit more?

chercm 2023-10-02 14:16:37 UTC #3

if there is remediation needed. take for example chrome to be update .we have a fixlet on BigFix. Can I do an api call to get bigfix to push the fix to the user and not wait for some one to push it to the user ? or some self service way to get the fix to the user? @JasonWalker

orbiton 2023-10-02 14:35:05 UTC #4

everything can be done with REST API but … sometimes there is a simpler option .

Let’s say, I got a request to Install The Latest Google Chrome Update on all of the workstations on the Organization. The request should be as soon as possible when the Fixlet is available.

You could create a Task that will create a REST API procedure that will do the following:

retrive the latest Google Chrome fixlet ID
create and action upon the the previous fixlet ID for “All Workstations” computer group
and then you execute it on Weekly etc…

OR better yet…
Create a Patch Policy that will include only Browser Updates - Refresh it Weekly and Distribute the Action for a Week to that specific Computer Group.

This is why @JasonWalker asked if you can elaborate on the use case

chercm 2023-10-02 14:37:24 UTC #5

if I want to allow the user to press the button to trigger the request, can It be done ?

Jared 2023-10-02 14:55:06 UTC #6

Have you looked at the Self Service App?

It allows for a UI that the end user can use to kick off fixlets that have already been offered but not applied to their endpoints.

orbiton 2023-10-02 21:16:07 UTC #7

@chercm please be more clear about your requirements and the use case you want to achieve.

Just like @Jared mentioned , you can execute a Fixlet as an “Offer” and the user can accept the Offer or not

chercm 2023-10-02 23:25:42 UTC #8

My situation is:

It is patching purposes . Instead of using the wide scale deployment , I would like the use to be aware that he is patching and to take ownership of the patching by clicking on one button from teams and the patch begins

JasonWalker 2023-10-02 23:59:07 UTC #9

A normal user can accept Offers that are sent by a BigFix Operator. A BigFix Operator has to send the action first though.

chercm 2023-10-03 00:06:49 UTC #10

can’t we just Rest API to instruct bigfix to push it in per request of the user ?

JasonWalker 2023-10-03 01:22:22 UTC #11

There are serious considerations around the credentials (that you would have to provide to the user, or embed into your script) and the permissions assigned to that credentials. I’m not certain you’ve considered the security aspects of what you’re asking.

Yes, the REST API can send actions, but it would still be necessary to choose which actions, targeting which machines.

It would be great for an integration with a ticketing system, say, ServiceNow, and keep the authorization in a CR workflow, with a defined set of allowable actions. But as far as just letting an end-user initiate any random action, no that’s not something to pursue.

itsmpro92 2023-10-03 05:22:53 UTC #12

Consider this simplistic scenario:

Establish a setting, like Patch_Me, as a condition for running the patch.
Create a baseline made up of the patch Fixlet and a custom task that removes the Patch_Me setting.
Then run the baseline, targeting the appropriate computers, make it open ended, and configure it to Run only when Patch_Me matches Yes.
Finally, send an offer to the user, which if accepted, establishes or changes the Patch_Me setting to Yes. The offer will show up in the user’s BigFix UI dialog.
The multi-action group which is waiting for the correct conditions to be present on the computer will now run, installing the patch, and removing the Patch_Me setting.

The offer could be generated by API calls from your ticketing solution, and the baselines created by your operators to insure good quality control.

In a more complex Service Management scenario, the baseline `Run only when ’ setting value could be based on an approved Change Number, for instance.

This avoids the issues that @JasonWalker is referring to in the previous post.

chercm 2023-10-03 08:07:16 UTC #13

What is the command to use ???

JasonWalker 2023-10-03 11:37:00 UTC #14

There is no command to use. The REST API is an application program interface. One would still have to write the program to use it.

But what you’re trying to do is infeasible

Aram 2023-10-03 13:22:54 UTC #15

For documentation/reference of the REST API resource to programmatically deploy actions, please see:

https://developer.bigfix.com/rest-api/api/action.html (in particular, note the POST method against /api/actions, and the included examples on that page that reference a SourcedFixletAction).
https://developer.bigfix.com/rest-api/examples/create-action.html for simple code examples to create actions using cURL or python.
https://developer.bigfix.com/rest-api/iem_cli/iem_samples.html#actions for examples of creating actions using the IEM Command Line Interface.

That said, I’d like to try to better understand what problem or challenge you are attempting to solve, so, perhaps you could help answer a few questions please:

Why would you like the users to be aware of the patching activity? Is it to help avoid disruption to their work? And/or is it to help with scalability, time, or something else (i.e. you mentioned ‘pass ownership of the patching’)?
You also mention deploying patches/actions via Teams…any reason you’d like to leverage that particular interface?

As others have described, while it is certainly possible to deploy patches via BigFix’s REST API, there may be alternative approaches to address the problem, and so, understanding the problem may help us provide appropriate guidance.

chercm 2023-11-04 07:24:44 UTC #16

Why would you like the users to be aware of the patching activity? Is it to help avoid disruption to their work? And/or is it to help with scalability, time, or something else (i.e. you mentioned ‘pass ownership of the patching’)? I want to create a self healing solution whereby the AI will be pushing some uninstall fixlet from bigfix to the required machine to uninstall the offending application.
You also mention deploying patches/actions via Teams…any reason you’d like to leverage that particular interface? it is for vulnerability remediation effort to patch applications that were downloaded by users and we need to fix it. rather than support placing them into group and also the remediation that is available on hcl with qualys, i want to use power automate and team to get the user to initailise or use AI to patch applications on the machine by itself.

Hope this answer your question

chercm 2023-11-04 07:30:00 UTC #17

i noticed that the id and password is in clear text format .

sryn 2023-11-04 07:41:18 UTC #18

You mentioned Qualys, if you have LifeCycle there is a BigFix integration with Qualys (and Tenable) which would allow you to take actions based on vulnerabilites identified in Qualys.

chercm 2023-11-06 02:35:11 UTC #19

I understand that each etl to load data from bigfix to insight take 8 to 10 hours . We need to have hourly update or live update .Insight does not pull data automatically from sql at node and it does not support more than 1 high availability node .

chercm 2023-11-13 06:27:10 UTC #20

@Aram anyway to fix these concerns ?