Hello
Curious, is the direction of BigFix to use YARA to identify IOC’s. Looking at the recent Openssl issue and the fixlet ID 1002 in the vulnerability reporting site it could be a exciting development. For example there is also YARA signature for log4j. Using this and information from VirusTotals would make BigFix even more valuable.
Happy you noticed 
I agree. It opens up some exciting possibilities.
So far, the BigFix use of YARA to detect things like OpenSSL is more granular than an AV scanner that might constantly be looking for IOCs. I see an advantage here:
Many AV admins will whitelist application server directories so that whatever service doesn’t have it’s performance impacted, or just stop working altogether due to how a false-positive might be handled by AV software. The drawback here is that application servers are typically the places where SBOM matters most. Those directories are most likely to have embedded OpenSSL versions. With BigFix operating in a more targeted fashion, the risks of scanning application server directories will be reduced, and thus Bigfix is positioned to provide valuable information that other tools won’t.