How to identify on which targets to apply content

IBM BigFix helps you to identify on which targets to apply content

One of the main strengths of IBM BigFix is its ability to determine which targets the content applies to, in other words, which computers need that content. This is accomplished using Relevance expressions. Relevance expressions are part of the content definition and their scope is to interrogate the hardware and software properties of your managed clients to ensure that a patch or a maintenance activity, for example, is applied to only those computers that need it, and to no others.

When you define a content, you specify in the Applicable Computer tab a set of computers that can be targets for that content. Relevance evaluation narrows down this set of computers and selects only those computers that really must apply that content.

The picture shows how the applicable targets are selected

Even though relevance expressions are used in the same way for all types of content, depending on the type of content, the relevance triggers different behaviors:

Relevant action

It represents a violation to be remediated by running the instructions stated in the action description using the Action script language. Actions incorporate relevance clauses that can be customized at run time in the Take Action dialog.

Relevant Fixlet

It means that the computer is out-of-compliance with a policy rule. When the Fixlet is relevant, the actions that are contained in the Fixlet definition can be run to remediate the issue. After the actions run, the relevance is evaluated again to check if the vulnerability is fixed.

For example, a Fixlet can be used to install Symantec Endpoint Protection. This Fixlet is relevant for those computers where Symantec Endpoint Protection is not installed. After the Fixlet is installed on all the relevant computers, it is no longer marked as relevant. If, later, Symantec Endpoint Protection is uninstalled on one or more computers specified in the Applicable Computers tab, the Fixlet is marked as relevant again.

Relevant task

It indicates that the computer has a violation of a configuration standard or requirement or it must run maintenance activities.

For example, a task can be used to start Symantec Endpoint Protection. This task is relevant for those computers where Symantec Endpoint Protection is not active.

When the task is relevant, the actions that are contained in the task definition can be run to remediate the issue. After all the steps of the actions have completed, the task is marked as not relevant on the computer. The relevance expression is not evaluated again. As a best practice, success criteria can be used to determine whether the actions completed successfully to ensure that the remediation efforts succeeded in solving the problem.

Relevant baseline

It informs that one or more of the Fixlets that it contains is relevant for one or more computers that satisfy the criteria of both relevance expressions, those specified in the Fixlet description and those specified in the baseline's Applicable Computers tab. If nothing is specified in the baseline's Applicable Computers tab, then no restriction applies to the Fixlet or task applicability.

For example, a baseline might contain Fixlets and tasks for both Windows and Linux operating systems, however, if the baseline's Applicability Computers states that only Windows computers are relevant then only the Fixlets and tasks that are applicable for Windows are considered.

Note: Even though the baseline contains tasks, the Fixlet behavior is applied.

Relevant analysis

It runs property queries, according to their query intervals, and sends the results back to the server. The results are then displayed on the IBM BigFix console.

When a computer evaluates relevance of a newly-gathered document, for example a Fixlet or an analysis, it posts the results, and these results are then displayed on the IBM BigFix console. After the initial evaluation, the computer only reports changes, because there is no benefit in using network bandwidth to report the same result.

Relevance expressions are written in a human-readable proprietary language called Relevance Language.

For information about the Relevance language, see Introducing the Relevance language.

If you have Custom Content authorization, you can write a new relevance expression or modify existing expressions, to tailor content delivery to your needs. For more information about assigning authorizations to operators, see Operators permissions.