(imported comment written by SystemAdmin)
I understand the concerns. Can you tell us if this is at least being actively worked on or is it tabled for the reasons listed?
As for your first concern, we’d be ok with the DSS SAM server contacting the BigFix Server directly if that makes it easier. We don’t really care if the update is done through BES. That would be nice, but it is not required.
The second concern is a bigger issue and I think one that quickly needs to be addressed. When a catalog update conflicts with our own content, there should be a way for an admin to see all the conflicts that will occur once the catalog is imported (or at the least, list them all after it is imported). There should also be a way to go through that list and compare the two entries that conflict side by side. Those two entries should clearly be marked as to which entry is BigFix content and which is custom. Manually trolling through the audit log is medieval, as is not being able to tell which entry is which when digging through the catalog looking for the conflicting entries.
I’d also hope that after a catalog update, the new conflicting entries would be put into a held state, which would then prevent them from causing the detection failures and double counting. After the admin uses the tools I mentioned above, then the entries would be marked as active.