I’ve inherited a BigFix stack (BF Server, Inventory, Web Reports, Console, and Compliance, as well as the Relays of course), and I’m a bit overwhelmed.
I can’t seem to tell what a “Vulnerability Site” is. Here’s how I’m confused:
Currently my BigFix Compliance says I have “500 Computers with OSs” but only “400 Computers subscribed to a vulnerability site”.
So I run these two reports, pull the unique values out, and I have 100 computers left over that have an OS but are not subscribed to a “vulnerability site.”
However, when checking a sample of these 100 devices, I find that they are subscribed to the exact same Sites in BigFix Server that the “400 Computers subscribed to a vulnerability site” are subscribed to.
I’ve checked the documentation portal, but I can only find documents which say that there is a thing called a vulnerability site and that it might be useful to look at reports for them.
So what the heck is a Vulnerability Site?
Is it just a Site in my BigFix Server/Console, and I’ve got something hosed up in my BigFix Compliance?
Is it something distinct to BigFix Compliance, and the last guy here gave the same names to two similar-but-distinct sets of Sites?
Is it some voodoo geas cursed upon my unto the 37th generation??
A Vulnerability Site would be a special subset of the sites that are available in the console. They would be sites like ‘CIS Checklist for…’ or ‘DISA Stig for…’ or ‘USGCB Checklist for…’ ; or a Custom Site creating by the 'Checklist Creation’s wizard.
I must admit I’m not entirely sure the method that Compliance uses to determine that a site is a ‘Checklist’ site, but I suspect it has to do with whether there is an ‘Applicability’ fixlet in the site (there are MIME fields on those fixlets that are not exposed in the Console, but can be viewed via the API or seen in the text file if you Export a fixlet).
While I think it’s likely that some of your computers are missing a site subscription, there is also an edge case to consider in that Compliance only checks the computers when it runs an Import. By default that happens once a day, but as you’ve inherited the deployment have a check in Compliance for whether the imports are successful (check the Management -> Imports tab in the Compliance web interface).
And don’t be shy to open a support ticket if you need some live help in sorting it out
I really appreciate you taking the time to give me an anchor. Most of my IT career has been spent in inheritances, and the hardest part has been determining some semblance of normalcy. Thanks man!