Home
Known Exploited Vulnerabilities Content Pack (Add-on)
The Known Exploited Vulnerabilities Content Pack utilizes a collection of BigFix Fixlets to identify the endpoints with vulnerabilities that are prone to exploits.
KEV Scanner Policy Action Management
BigFix provides four utility tasks to facilitate the deployment, execution, and configuration of the Known Exploited Vulnerabilities (KEV) Scanner. The KEV Scanner is necessary to identify certain CVEs (for more details on which CVEs require the KEV Scanner, refer to BigFix Wiki at BigFix Known Exploited Vulnerabilities (KEV) Content Pack).

Known Exploited Vulnerabilities Content Pack (Add-on)
The Known Exploited Vulnerabilities Content Pack utilizes a collection of BigFix Fixlets to identify the endpoints with vulnerabilities that are prone to exploits.
- Known Exploited Vulnerabilities: Overview
  The Known Exploited Vulnerabilities (KEV) Content Pack is a collection of BigFix Fixlets that is derived from extensive research of the CISA KEV catalog, NVD, and Vendor Advisories. This KEV Content Pack provides BigFix operators with the ability to quickly identify endpoints with vulnerabilities that are high-risk and time-sensitive given that they are known to have been exploited or are actively being exploited.
- Enable BigFix KEV Content Pack Site
  This topic provides instructions on how to enable the Known Exploited Vulnerabilities (KEV) Content Pack and subscribe computers to the site.
- KEV Scanner Policy Action Management
  BigFix provides four utility tasks to facilitate the deployment, execution, and configuration of the Known Exploited Vulnerabilities (KEV) Scanner. The KEV Scanner is necessary to identify certain CVEs (for more details on which CVEs require the KEV Scanner, refer to BigFix Wiki at BigFix Known Exploited Vulnerabilities (KEV) Content Pack).
- Reporting with CyberFOCUS Analytics
  This topic provides guidance on how to report on the Known Exploited Vulnerabilities (KEV) Content Pack with CyberFOCUS Analytics.

KEV Scanner Policy Action Management

BigFix provides four utility tasks to facilitate the deployment, execution, and configuration of the Known Exploited Vulnerabilities (KEV) Scanner. The KEV Scanner is necessary to identify certain CVEs (for more details on which CVEs require the KEV Scanner, refer to BigFix Wiki at BigFix Known Exploited Vulnerabilities (KEV) Content Pack).

Task 100: Deploy KEV Scanner. This task is used to produce a policy action to deploy the KEV Scanner on endpoints in your environment.
Task 110: Remove KEV Scanner. This task is used to remove the KEV Scanner and any artifacts on an endpoint.
Task 120: Manage KEV Scanner Settings. This task is used to manage settings on an endpoint, where the KEV Scanner is deployed.
Task 130: Execute KEV Scanner. This task is used to periodically execute the KEV Scanner on the endpoint.

Note: You can prevent the KEV Scanner from being executed on any device by applying the KEV_Deny client setting with the value as 1 on that device. For more information on client settings and how to apply them, refer to List of settings and detailed descriptions.

Included Directory Paths/Excluded Directory Paths
These are path wildcards that can be leveraged to direct the scanner on where or where not to search. These wildcard paths may leverage environment variables, ? for signal character matching, and * for zero or more character matching.

CPU Throttling Threshold
- This setting limits the CPU Utilization of the scanner on the endpoint to roughly a certain percentage of the CPU.
- Default: 100