Is there's a way to configure on how to send alerts of BigFix Trend protection to any monitoring tools like Envision?

Marvyn_Nacion · June 21, 2016, 11:31am

Is there’s a way to configure on how to send alerts of BigFix Trend protection to any monitoring tools like Envision?

Example: computer or servers has a suspicious virus or malware then alert will send the hostname, IP address and the user name of the infected machine.

anyone can helps on how to figure out?

Aram · June 21, 2016, 1:55pm

I’m not familiar with Envision’s monitoring capabilities, but this can likely be done in a few different ways:

monitoring tools might be able to leverage BigFix’s SOAP or REST APIs (generally preferred) to be able to periodically query for such events/incidents

REST API: https://developer.bigfix.com/rest-api/
SOAP API: https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/TEM%20SOAP%20API

BigFix Scheduled Activities via Web Reports can be leveraged to send email alerts and/or output reports to a file which might be consumed by monitoring tools

http://www.ibm.com/support/knowledgecenter/SSQL82_9.5.0/com.ibm.bigfix.doc/Platform/Web_Reports/c_creating_scheduled_activities.html

Marvyn_Nacion · June 21, 2016, 5:46pm

Hi Aram,

thanks for your feedback, Actually I’m talking with RSA Envision.

I’m looking on how to send system logs from Bigfix to RSA Envision.

I have found the link here of an overview: but it’s only v7.2 provides security configuration for Bigfix.
https://sadocs.emc.com/0_en-us/300_RSA_ContentAndResources/03_Supported_Event_Sources#B

please help me to check and tell me if this okay to use this also with the latest version of bigfix like v9 and above?

Aram · June 21, 2016, 7:27pm

Unfortunately, it is unclear from the link provided whether or not the ‘connector’ in question would work with v9 and above as there aren’t many details in the documentation I’ve found. It specifies that it leverages ODBC (direct database connection), but there have been a number of database schema changes between v7.2 and v9.x which may well break functionality depending on the database queries involved.

As a note, integrations whereby direct database connections to BigFix are leveraged are generally not recommended as they can lead to performance and potentially functional impact, as well as the fact that they can be broken with schema changes associated with product upgrades.

Marvyn_Nacion · June 21, 2016, 7:40pm

Thank you for the feedback, anyway if this generally not recommended to use the practices from v7 to v9, what would be the best way we can get the events or system logs from Bigfix to RSA Envision for version v9?

do we have many specific methods or best that can recommend on how to figure this out?

Marvyn_Nacion · June 23, 2016, 5:30pm

Hi Aram,

Do we have any recommendation on how we can get system logs sending from Bigfix to RSA Envision?