Outdated Catalog

cstoneba · June 19, 2020, 1:01pm

I deployed the latest catalog to my BFI Server and the Catalog Upload page confirms it was successful:

Catalog Version Information
Current Catalog Version: 10.0.0.1
Endpoint Scanner Catalog: 10

As normal, I then download the catalog upload fixlet and deployed it to my estate. However, within BFI home page Software Health Scan widget, the endpoints show as having an outdated catalog. Their report shows as having a Catalog Version of 2638543 which is right but an Endpoint Scanner Catalog Version of 9 (not 10 like shows on the server).

What is the Endpoint Scanner Catalog and how does it different from the Catalog?
Why would the deployed Endpoint Scanner Catalog version not be the same as what is on the server?

itsmpro92 · June 19, 2020, 4:26pm

The Endpoint Scanner Catalog Version in my BFI v10 implementation is at 0 (zero). This number is derived from adding or changing custom signatures after the base catalog is installed.

There should be an action in the BF Console called Catalog Download (Version: 2638543.10) which updates the Endpoint Scanner Catalog. If you don’t see it, you can re-issue it from the BFI Software Catalog: Catalog Upload page:

cstoneba · June 19, 2020, 4:44pm

From that popup, that’s the same method I use to get the updated catalog that I then deploy to all my clients but I only ever do it when the Server’s catalog version updates.

I do see in the “Catalog Download Fixlet” link it does now download “2638543.10” whereas when I ran it last, it was “2638543.9”.

I only have 1 custom signature and that is from a year ago so I definitely haven’t done any custom signature modifications 10 times since the base catalog was updated. I’m curious what is causing it to keep revising the Endpoint Scanner Catalog version.

itsmpro92 · June 19, 2020, 5:15pm

Certain discoveries generate new catalog entries as well. Do you have MacOSX clients?

cstoneba · June 19, 2020, 5:35pm

2 MacOSX Clients, only 1 active in BFI. No Last Scan Attempt value for it.

ssakunala · June 19, 2020, 8:35pm

A new feature was added to BFI (in one of 9.2.X versions) related to template based signature creation. When a new software based on certain template is discovered, the signature is added to the catalog during import and the “Endpoint Scanner Catalog” version (the digits after .) gets updated.

Compare the “Endpoint Scanner Catalog” version from Management -> Catalog Upload panel with the catalog version that was downloaded recently to see if there is a difference.

itsmpro92 · June 20, 2020, 12:06am

Thanks for the clarification.

cstoneba · June 22, 2020, 1:55pm

Yes, the server catalog version is .10 and the fixlet I deployed was .9. Is there any way to see which new discovered software was added to the catalog to cause it to rev?

ssakunala · June 22, 2020, 2:10pm

Check the “Component Creation” field for anything that was created after the last catalog upload/download to the endpoints (in Reports -> Software Instances or Reports -> Signatures"

cstoneba · June 22, 2020, 3:02pm

Yes, there are 29 new signatures with a source of “SWID Tags” that were created since the server catalog was updated.

So that’s interesting that the scanner is identifying and creating new signatures from SWID tag files from the endpoints and 3rd party signature providers is now now the only source BFI gets signatures from.

Is this new feature documented in the BFI documentation?

itsmpro92 · June 22, 2020, 5:04pm

BFI has a number of Signature Definition Sources. You can see these in the Signatures report by including the Signature Definition Source column in the base report. I’ve listed the current set below.

I’m not sure where the SWID tag processing details are documented. That might be a useful webinar…

Sources

SWID Tags
Customers definition
IBM LMT Product Enablement
IBM IGS Signature Bank
IBM Base Catalog
IBM Customer Cooperation I, II, and III
GAM (not sure what this one represents)
SLM Tags
Custom
SWID IBM Tags Without License Info
ILMT Readiness 3.1 & 4.0
Express Metrix (This is where 3rd party software signatures typically are found)
IBM Internal Development
IBM Canonical 3 Catalog

kpienkowski · June 26, 2020, 11:59am

In BigFix Inventory few updates ago were introduced Template Signatures - general rules for product discovery.

When BFI sees a possibility that a Template Signature might be used, it creates a ‘regular’ signature derived from the template one with SWID Tags definition source. Later on these derived signatures are used for reporting the software discovery.

itsmpro92 · June 26, 2020, 3:08pm

@kpienkowski Does HCL have any release notes or other documentation on this functionality? I am interested in understanding the details of how the catalog is maintained and the interaction with the scanner. Thanks.