Version 8, CPM and domain

(imported topic written by sminisini91)

Hi

I’ve installed BigFix v8 on a test server and loaded CPM on it, I do like how the tasks/fixlets/dashboards are layed out in the Endpoint Protection domain however I was wondering if it is possible to have the custom content being in the same part of the layout as the BigFix content.

For example, I have several baselines to install CPM on workstations or servers and I would like them to appear in the console on the left hand side under “Core Protection Module/deployment/Install” rather than under “All Endpoint Protection/Baselines”.

Is it possible to modify the custom baseline to add it to the domain layout?

Thanks

(imported comment written by jessewk)

First, see my post here: http://forum.bigfix.com/viewtopic.php?pid=23644

Domain specs cascade so you could create a custom spec with an identical install node specification and include relevance that selects the baselines you’d like to appear under that node. If the custom site thing I mention in the other post works, you could make it permanent.

Big warning again that this is not supported, but if you like to hack around you can probably get it to work.

(imported comment written by sminisini91)

Thanks Jesse

I’ve been playing with the BESDomain file but it seems as though the baselines are not being included. I have created a new node in a custom CPM.BESDomain and loaded it using the debugger. The xml node looks like:

set of elements of (set of bes fixlets whose (category of it = “CPM Install” and baseline flag of it is true) +

set of bes fixlets whose (category of it = “CPM Install”))

but only the fixlet actually appears in the list, the 2 baselines that should also appear in the same list are not there. (The content errors window is also empty so it looks as though I’m doing things right…)

(imported comment written by jessewk)

I will probably get in trouble for this, but I took a look because I’m curious and I haven’t played with domain specs too much.

The problem is that our CPM domain spec defines the install node as a Fixlet list instead of a MixedContentList. So without us making changes on our side (unlikely since I don’t think we want to support this type of customization officially) you won’t be able to get your baselines listed in the same node as our Fixlets.

You have two ways you could create a new node that includes your baselines under the main Core Protection Module folder:

  1. Include a new ‘Deployment Baselines’ node under:

Endpoint Protection --> Core Protection Module

  1. Include a new ‘Install Baselines’ node under:

Endpoint Protection --> Core Protection Module --> Deployment

Number 2 is probably preferred, but it has the unfortunate side effect that the number listed next to ‘Deployment’ will only include the Fixlet count and not the Baseline count.

I’m guessing you can accept the limitation from number 2, so here is an example domain spec that should work for you. Keep hacking…

<?xml version="1.0" encoding="utf-8" standalone="no"?> <!DOCTYPE Domains [

%GeneralContentInclude;
]>




(set of bes fixlets whose (category of it = “CPM Install” and baseline flag of it is true))


set of all bes sites whose (not external site flag of it)








(set of bes fixlets whose (category of it = “CPM Install” and baseline flag of it is true))



(set of bes fixlets whose (category of it = “CPM Install” and baseline flag of it is true))








(imported comment written by SystemAdmin)

Another warning to add to Jesse’s post. If the domain spec included in the CPM site changes, your spec could get out of sync, and your node could get lost in the shuffle. Obvious changes would be to the node hierarchy or naming of specific nodes, but there are subtleties as well. I’m not aware of any planned changes, but you should expect them to change over time as the site evolves.

(imported comment written by jessewk)

Also, it’s really easy to introduce performance problems with poorly written domain spec relevance. Be careful. And support will get really mad if you call them about slow console performance and it turns out your custom spec is the issue.

(imported comment written by sminisini91)

Thanks Jesse.

This is really good and pretty much what I was looking for. Now for another question that may get you in trouble. How do I make it stick in the console and how do I distribute it to the other console users?

Regarding CPM, the install has several elements to it and it is a lot easier to group those elements into baselines for operators to distribute. As a new feature maybe you could have a wizard that sets all the configuration options (Global Settings, On Demand, Real time scanning, etc…) into a Task, that would make the use of baselines redundant, or you could include the above solution into the console.

Thanks

(imported comment written by jessewk)

Glad it worked for you. Unfortunately, it is not currently possible to make the domain stick across restarts or distribute it to other consoles.

However, don’t count out future possibilities :wink: