This is really interesting but the problem I have is how do we validate those vulnerabilities IF they are essentially not covered by BigFix? In other words, dashboard shows ā0ā instances found but you can clearly see that Fixlet Count = 0, which automatically means that the instance data is untrustworthy, doesnāt it? How would BigFix know that the instances are 0 if it doesnāt have fixlets to confirm it and if that is the case, then it really should have some kind of way to highlight that it may not really be ā0ā. Similarly, some kind of indication that one may be covered by a site that is not enabled would also be good. Last but not least, the fact it has no export capability, even in Web Reports, is a bit limiting.
One additional question - does the dashboard support custom content?
Are there āNext Stepsā/Long-term plans to take this further? For example, if this is ever linked to IVR where you do have another source of vulnerability discovery and you can in fact confirm what the true found instances are even for stuff not covered by BigFix, it would be somethingā¦