Query Language Help - Finding endpoint ID given a known IP address

1

Good afternoon all,

I am trying to help a customer of mine who uses BigFix with a query-language syntax question. We are trying to integrate BigFix into the XSOAR/Demisto platform which has a query method using the BigFix query language.

They have a system that generates an alert and provides them with the IP address of the endpoint. I would like to construct a BigFix query that searches for the associated BigFix endpoint ID which has a matching IP address.

Is there an example of how to achieve this?

2

If Iā€™m understanding the request, here is a potential example:

ids of bes computers whose (exists ip address whose (it = "10.0.0.1") of it)

Note of course that there can be multiple computers returned if they each have the same IP address.

1 Like
3

Let me give this a shot. Based on the syntax, it looks like this may achieve what I am looking for.

Will let you know, and thanks in advance!