Home
Implementation Guides
This guides allow you quickly and easily find the information you need to deploy, set up and configure the solution.
BigFix Insights for Vulnerability Remediation
Welcome to the BigFix Insights for Vulnerability Remediation (IVR) documentation, where you can find information about how to install, maintain and use IVR service.
System requirements
Learn more about the prerequisites and system requirements for BigFix Insights for Vulnerability Remediation (IVR) service.
API requirements for Qualys

Implementation Guides
This guides allow you quickly and easily find the information you need to deploy, set up and configure the solution.
- ServiceNow Data Flow
  This module provides an overview and features of BigFix ServiceNow Data Flow.
- BigFix Insights for Vulnerability Remediation
  Welcome to the BigFix Insights for Vulnerability Remediation (IVR) documentation, where you can find information about how to install, maintain and use IVR service.
  - BigFix Insights for Vulnerability Remediation
    Use this section to become familiar with BigFix Insights for Vulnerability Remediation infrastructure and key concepts necessary to understand how it works.
  - System requirements
    Learn more about the prerequisites and system requirements for BigFix Insights for Vulnerability Remediation (IVR) service.
    - API requirements for Tenable.io
    - API requirements for Tenable.sc
      The IVR server requires a Tenable user account. A user leveraged to Tenable.sc IVR adapter needs compatible machines within the environment.
    - API requirements for Qualys
  - Deployment and configuration
    This module provides the steps to deploy and configure the BigFix Insights for Vulnerability Remediation solution for:
  - Setting up IVR App
    Use this module to install and set up your WebUI IVR app.
  - Scheduling IVR ETL
    The Extract, Transform, Load (ETL) process pulls data from a datasource and stores it in the IVR database. An ETL process consumes significant time and resources and hence must be performed on a customized schedule to minimize disruption. In IVR, you can schedule an ETL daily, weekly, or monthly.
  - IVR Fixlets and Tasks
    Learn more about available Fixlets and Tasks for BigFix Insights for Vulnerability Remediation.
  - Updating and validating the IVR configuration file
    You can update and validate the IVR configuration.
  - Updating IVR credentials
    You can update the IVR credentials.
  - Business Intelligence reports
    Use this section to become familiar with Power BI and Tableau reports.
  - Reference
    The following topics contain information on how you can work with the configuration file and settings, the CLI that comes with the package. They also describe how to use the log files for troubleshooting purposes.
  - Release Notes
    The release notes outline the features, updates and patches that are included in each version of BigFix Insights for Vulnerability Remediation, including the latest application updates.

API requirements for Qualys

Qualys API requirements

The Qualys API enforces limits on the API calls a customer can make based on their subscription settings. The limits apply to the use of all Qualys APIs except “session” V2 API (session login/logout). Default API control settings are provided by the service. Note these settings may be customized per subscription by Qualys Support.

For more details, refer to the link: https://www.qualys.com/docs/qualys-api-limits.pdf.

To estimate the number of API calls, use the below formula:

Total number of API calls = (number of devices / batch size ) + (number of unique vulnerabilities / 350)

where;

batch size - configurable parameter that describes the maximum number of devices which can be fetched in a single API call
number of devices - number of available devices in the scanned network
number of unique vulnerabilities - number of unique vulnerabilities discovered in the scanned network
350 - maximum number of vulnerabilities that can be fetched in a single API call into the Qualys Knowledge Base API.

Qualys API User requirements

It is recommended to use 'Reader' user role. To edit user account, select Users tab in the Vulnerability Management dashboard. Hover the cursor over the Login and click Edit.

In the User Role tab, select Reader as a user role and Allow access to API.

In the Asset Groups tab, you can select asset groups that you wish to have access to.

For more information on how to assign asset groups to the user, refer to the link.

In the Permissions tab select Manage VM module.

Refer to the link to find more information on User roles and permissions.