Here you can find the sample signature:
It will be shown as:
Publisher Name: (SECURITY)
Component Name: Struts2 Core Jar
Component Version: 0.ANY RELEASE
There is needed to:
1) Run Import to generate new catalog and propagate it to endpoints
2) Wait for or execute software scan on the endpoints
3) Once scan is completed and data uploaded to BigFix Server - then run Import in BFI to have the results.
When you drill down into Details of discovered component there will be listed installation path with the name of the file. This signature includes file name in installation path as well.
Note: result will not include instances in directories excluded from scan - so e.g. within tmp subdirectory. Some Java App Servers extract EAR/WAR into their "tmp" directory.