Home
Known Exploited Vulnerabilities Content Pack (Add-on)
The Known Exploited Vulnerabilities Content Pack utilizes a collection of BigFix Fixlets to identify the endpoints with vulnerabilities that are prone to exploits.
Reporting with CyberFOCUS Analytics
This topic provides guidance on how to report on the Known Exploited Vulnerabilities (KEV) Content Pack with CyberFOCUS Analytics.

Known Exploited Vulnerabilities Content Pack (Add-on)
The Known Exploited Vulnerabilities Content Pack utilizes a collection of BigFix Fixlets to identify the endpoints with vulnerabilities that are prone to exploits.
- Known Exploited Vulnerabilities: Overview
  The Known Exploited Vulnerabilities (KEV) Content Pack is a collection of BigFix Fixlets that is derived from extensive research of the CISA KEV catalog, NVD, and Vendor Advisories. This KEV Content Pack provides BigFix operators with the ability to quickly identify endpoints with vulnerabilities that are high-risk and time-sensitive given that they are known to have been exploited or are actively being exploited.
- Enable BigFix KEV Content Pack Site
  This topic provides instructions on how to enable the Known Exploited Vulnerabilities (KEV) Content Pack and subscribe computers to the site.
- KEV Scanner Policy Action Management
  BigFix provides four utility tasks to facilitate the deployment, execution, and configuration of the Known Exploited Vulnerabilities (KEV) Scanner. The KEV Scanner is necessary to identify certain CVEs (for more details on which CVEs require the KEV Scanner, refer to BigFix Wiki at BigFix Known Exploited Vulnerabilities (KEV) Content Pack).
- Reporting with CyberFOCUS Analytics
  This topic provides guidance on how to report on the Known Exploited Vulnerabilities (KEV) Content Pack with CyberFOCUS Analytics.

Reporting with CyberFOCUS Analytics

This topic provides guidance on how to report on the Known Exploited Vulnerabilities (KEV) Content Pack with CyberFOCUS Analytics.

You can use the CISA KEV report in BigFix CyberFOCUS Analytics to report on the KEV Content Pack. By default, this report includes any Fixlet sites you have enabled.

To specifically report on the KEV Content Pack, complete these steps:

In the CyberFOCUS Analytics Web Report, set the following filter:
- Site is CyberFOCUS OR is Known Exploited Vulnerabilities Content Pack
To quickly access this report later, Save the report with the applied filter.