Information for IBM BigFix Compliance reporting

Hi All,

Can anyone help me on getting “Latest Scan” and "Remediation Details"information for SCA ??
I have checked in SCA WebUI but haven’t got such information for property Latest Scan and Remediation Details.
Is there any relevance script to pull those information ??
Any help would be highly appreciated.

Have you run an import of data for SCA DB?

Yes, Import has been successfully completed.

Is not there any error on import log?

If Import is getting successfull then we’ll not get any Error message. :smiley:
I believe this is how it works.

Not sure what you’re referring to. The SCA/Compliance product (as far as I remember) doesn’t have something called “Remediation Details” or “Latest Scan”, what exactly are you referring to?

Latest scan means when the server has been successfully scanned for the health check status.
For E:g. We have Time of last successful scan in BFI, Same way I need information into SCA.

Not Sure about “Remediation Details”, but We have the way in Web Report to gather which fixlet has been remediated (Already Deployed) on the endpoints.

Compliance does not have the concept of a scan, unlike Inventory. All our information is gathered from fixlets and analyses, the necessity of remediation is determined by whether a fixlet’s relevance evaluates to true on an endpoint. In Compliance this will simply display as non-compliant.

It’s still not clear to me what the issue is, maybe you could provide screenshots?

Yes Correct @karlhe
I believe Total Compliance Details will have the information for Remediated Patches as (Check).

This report I have gathered from Fusion HealthCheck which shows Latest Scan details as shown in below figure:

Fusion will be sunset soon and will be replaced with IBM bigFix Compliance, in such case we’re in need of the proper information. I have tried chekcing our SCA WebUI but haven’t got “Latest Scan” details over there.

The Compliance stack works a little differently. There isn’t a discrete “scan” time, it’s a combination of when the fixlets were last re-evaluated (can set the scheduling on BigFix console) and when the Compliance import is run.

Individual computers have a “last seen” value that is in both the BigFix console and viewable as a computer property in Compliance, however I’m not sure how this correlates to the last time the fixlet relevance was evaluated. Maybe someone else would have a better answer for that.

On the Compliance import management page, you can see when the import was last run, or run it manually. In any case, assuming a standard setup you can expect all data to be a day old at worst, unless the imports have been encountering errors.

1 Like

Yes, Correct!!

We have the information (INFO/DEBUG/Error) on the Import management page and we can see when was the last successful Import ran, However we do not have such defined property which can pull “Latest Scan” Information. :frowning:

Anyway, Tons of thank for your help. I will take it forward :slight_smile:

What BigFix is doing is far superior to what was previously being done (based on what I am reading here).

Your old method would have a scheduled scan that would run on whatever basis (daily, weeky, …). In BigFix land, the checks are done continuously. Typically the data you see in the BigFix console is about 15 minutes old (depending on different factors), so this is near realtime compliance of your environment.

Now the Compliance analytics server does a scheduled import of the data on whatever basis you set. by default this is every day at midnight, but can be configured for multiple runs per day if needed. When that import is done, it is capturing near realtime data from the clients.

So what does this mean.

If you are in the BigFix console and you look at your checklists, you see what your environment looks like right now. Also if you use web reports, the data is what it looks like right now.

If you are using the Compliance Analytics interface, your are seeing the imported data as per the last import, which was a snapshot of what the environment looked like at that time (which was near realtime).

So there is no “scan date” as BigFix does not do a scheduled scan in compliance. There will be a “import date” as this is when the ETL process ran on the Compliance Analytics server.

This is sort of saying what was said before, but maybe a bit different :slight_smile:

Hope that helps


1 Like

IBM BIGFIX SCA do not provide latest scan details itself or I can say there is no default functionality but yes we have option which is available in IBM GTS content called By Freshness , its a kind of analysis which can be mapped with while fetching report from SCA & tell you the exact date & time of pulled data whether its fresh or not, if date is older or before from the action initiated date & time then you can relate endpoint scan could not be competed successfully & if date & time after action initiated date & time thats mean scan was successful & have latest report.

And this analysis is part of most of checklist which you are going to be use for your scan but only available with IBM GTS content

Unfortunately now I am not working with IBM & cont provide more info from it.

1 Like