BigFix Software Distribution is a part of the Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy software throughout a network from a single, centralized location. This solution delivers cost-effective operational control and visibility to your software delivery and installation process.

To start working with OS Deployment, run the configuration Fixlets and tasks listed in the Setup Node.

To perform OS Deployment of Windows operating systems, you prepare your deployment environment and resources using the Bundle and Media Manager Dashboard.

The Manage Images and Drivers node includes tasks to prepare and import drivers for deployment to Windows targets.

You can import Linux OS Resources needed to create network boot media and to capture and deploy Linux images

The Manage Images and Drivers node includes tasks to capture, import and manage images for deployment to targets.

By default, the OS images are permanently stored in the BigFix root server.

Reimaging is the process of saving the user state on a computer, installing a new image on it, and then restoring the user state.

To upgrade your existing Windows systems to Windows 10 or Windows 11 you can use the in-place upgrade fixlets.

You can install and manage BigFix for OS Deployment servers and create profiles for bare metal deployments.

You can track and monitor all deployment activities in your Endpoint Management network.

You can monitor deployment activities, correct exceptions and adjust configuration settings specific to your environment through dashboards and tasks available for these purposes.

You can choose to configure your OS Deployment and Bare Metal Imaging site in an air-gapped network.

This topic lists the functionalities that are still present in OSD, but are deprecated.

A summary of changed or new features and enhancements included in BigFix Remote Control.

By using Remote Control you can remotely support and control thousands of PCs and servers, on an enterprise scale, from a central location or directly, in peer to peer mode.

This guide is for users who want to administer Remote Control.

Use Remote Control to start remote control sessions over the internet with targets that do not have the target software installed.

Power Management is policy-driven software for distributed environments. Built on BigFix technology, it allows you to apply conservation policies infrastructure-wide, while providing the granularity to apply power management policies to a single computer.

Power Management is policy-driven software for distributed environments. Built on BigFix technology, it allows you to apply conservation policies infrastructure-wide, while providing the granularity to apply power management policies to a single computer.

BigFix Lifecycle Server Automation provides you with the capability to automate provisioning workflows. You can automate a sequence of Fixlets, Tasks, and Baselines across different endpoints, such as servers or computers. Server Automation exploits the agility and scalability of BigFix to deliver powerful functionality in a lean and efficient manner, with minimal impact on your network.

BigFix Lifecycle Server Automation provides you with technology to sequence actions, such as the deployment of Fixlets, across multiple endpoints. To sequence automation, you create an Automation Plan. Your Automation Plan contains all of the actions for your end-to-end automation sequence.

Virtualization is a software technology that allows multiple operating systems to run on the same host computer at the same time. Additional uses of virtualization include the quick creation of new systems for testing, training, and demonstration. Using virtualized computers saves the cost of hardware, management, and administration of the server infrastructure.

This section describes how the BigFix architecture is relevant for Server Automation. It also describes how Server Automation can affect BigFix performance.

Server Automation is shipped with a number of sample Automation Plans that you can run out of the box. To run these Automation Plans out of the box, ensure that the Fixlets contained in them are available. Typically, you would substitute some of the Fixlets contained in these samples with particular Fixlets that you want to run. Use the information in each of the following sections to find out more about each of the sample plans.

Server Automation provides content that you can use to automate processes and software deployment.

BigFix Profile Management is a WebUI-based feature of BigFix Lifecycle.

You can enforce device compliance by creating and deploying profiles.

When a deployment fails, you can determine the cause of the error by viewing the available logs and error code information.

BigFix CVE Search dashboard and Web Report provide operators with ability to analyze vulnerabilities in their environment based on their CVE ID. For each CVE, operator can report on:

In the site list, find the site named CyberFOCUS. Click on the site and gather it.

CVE Search dashboard and web report also provide latest information on Known Exploitable Vulnerability (KEV) List provided by the Cybersecurity & Infrastructure Security Agency (CISA) Binding Operational Directive 22-01 (BOD 22-01).

CVE Search dashboard and web report provide ability to include/exclude non-relevant Fixlets from view and calculations. To do this, uncheck/check the “Show Relevant Only” checkbox respectively.

BigFix provides a unique view into patches that have been superseded by their vendor. By default, Fixlets for these patches get a relevance statement added to them to ensure that they will not evaluate as relevant on any system. However, a subset of these Fixlets can be evaluated using a “superseded evaluation” setting. Currently, this feature is supported for windows operating system patches.

CVE Search used to be published to the Vulnerability Reporting site that has since been deprecated. As of March 31st 2023, this site will no longer receive updates. To continue using CVE Search dashboard and Web Report, HCL recommends unsubscribing from the Vulnerability Reporting site and subscribing to the CyberFOCUS Site.

From the BigFix CyberFOCUS Analytics dashboard, you can view various reports that display critical information related to vulnerabilities. The data are represented in the form of graphs and tables, so that the user can quickly become aware of the IT assets and the threats in the environment and take informed decisions to mitigate vulnerabilities.

The Known Exploited Vulnerabilities (KEV) Content Pack is a collection of BigFix Fixlets that is derived from extensive research of the CISA KEV catalog, NVD, and Vendor Advisories. This KEV Content Pack provides BigFix operators with the ability to quickly identify endpoints with vulnerabilities that are high-risk and time-sensitive given that they are known to have been exploited or are actively being exploited.

This topic provides instructions on how to enable the Known Exploited Vulnerabilities (KEV) Content Pack and subscribe computers to the site.

BigFix provides four utility tasks to facilitate the deployment, execution, and configuration of the Known Exploited Vulnerabilities (KEV) Scanner. The KEV Scanner is necessary to identify certain CVEs (for more details on which CVEs require the KEV Scanner, refer to BigFix Wiki at BigFix Known Exploited Vulnerabilities (KEV) Content Pack).

This topic provides guidance on how to report on the Known Exploited Vulnerabilities (KEV) Content Pack with CyberFOCUS Analytics.