We are developing an integration with Bigfix that will allow us to disable Windows endpoints that are reported missing or stolen. Our plan is to have a group in Bigfix with an action assigned to it, such that when computers are added to this group, the action will apply to prevent the stolen computer from accessing data on the system or network. The action will remove the binding to Active Directory and remove all user accounts.
We are going to control this via our asset system in Salesforce via the Bigfix REST API. Once an endpoint is marked as stolen in Salesforce, Bigfix API will be told to add that computer to the Bigfix lockdown group.
The problem we are anticipating is inevitable bugs in the code that may cause unexpected things to happen. Our somewhat paranoid, but well-placed, fear is many, or all, computers (10’s of thousands) ending up in this group, or some other unexpected command sent to the API which could harm our environment. We will be implementing redundant safety checks in the code to help ensure this doesn’t happen, but ultimately we are looking for a way to limit the damage somehow in Bigfix. Are there any ways we can do this? Such as limiting the number of computers that can be added to the group, or in the action, or relevance somehow? Any ideas greatly welcomed.
Thanks,
Sean