Viewing computer details

From the Manage Vulnerable Computers dashboard, you can view the computers that you manage in BigFix for which QRadar® sends vulnerability information. You can view the QRadar® Computer Risk Score, number of CVEs, CVE risk score, and quarantine information for each computer. You can filter to view only the computers for which there are relevant Fixlets. You can also quarantine and un-quarantine computers.

About this task

The Computers tab in the Manage Vulnerable Computers dashboard provides you with a view of all the computers that you manage in BigFix for which QRadar® sent vulnerability information. From the Search field, you can search for computers. The following graphic shows an example of the Computers view. In the computers list, the computers that the BigFix operator manages are displayed. The QRadar Computer Risk Score shows the risk assessment for this computer from QRadar®. In this example, the QRadar Computer Risk Score is 100, which is a high risk score. The small twistie on QRadar Computer Risk Score indicates that the view is sorted by this column. The CVEs column shows how many CVEs are impacting this computer as reported by the most recent QRadar® scan that is sent to BigFix. In this example, there are nine CVEs. This view also shows the computer ID, the computer name, operating system, and quarantine status. In the CVEs list, each of the CVEs that are impacting the computer is highlighted. Beside these CVEs, the Fixlet that is available for the currently selected CVE is shown.

In this graphic, the Show Computers that have Relevant Fixlets check box is highlighted. By checking this, only computers for which there are relevant Fixlets are displayed and a column is displayed on the dashboard that identifies the number of actionable CVEs for each of the computers. The Actionable CVEs column shows the CVEs for which there are remediation Fixlets available. If you unset this check box, all computers are displayed, including computers for which there are no relevant Fixlets.

Note: By design, some Fixlets do not have a default action. If a Fixlet for a CVE does not have a default action, you cannot click Take Default Action to run the Fixlet. To run a Fixlet that does not have a default action, click Open Fixlet, then click Take Action. From the Take Action dialog, select an action and target the computers that are impacted by the CVE.


Complete the following steps to view computer details.

Procedure

  1. From the Manage Vulnerable Computers dashboard, click the Computers tab.
  2. Before you can access the complete functionality of the Computers tab for the first time, you must activate an analysis. Run the analysis if prompted.
    From the QRadar Computer Risk Score column, you can view the QRadar® risk assessment for this computer. The CVEs column shows how many CVEs are impacting the currently selected computer.
  3. To display only the computers for which there are relevant Fixlets, check the Show Computers that have Relevant Fixlets button. When you check this box, the total number of computers is reduced to show only computers for which there are relevant computers. If you do not check this box, all computers are listed.
  4. To search for a specific computer, enter search criteria in the Search field.
  5. To remediate a CVE for a computer:
    1. Select the computer for which you want to remediate a CVE.
    2. Select a CVE for the computer on the bottom left of the screen.
    3. From the Relevant Fixlets tab, select a relevant Fixlet.
    4. Click Take Default Action to run the Fixlet to remediate the CVE.