Home
BigFix and QRadar User Guide
QRadar® provides security intelligence for protecting assets and information from advanced threats. BigFix provides a dashboard that is integrated with QRadar®. This dashboard is called the Manage Vulnerable Computers dashboard and is located within the Endpoint Protection domain in BigFix. From this dashboard, you can view enriched vulnerability and risk data, from which you can quickly identify the computers that are most at risk. You can remediate the vulnerabilities that are detected by QRadar® and you can also quarantine or un-quarantine computers.
Overview and getting started
HCL® BigFix provides the Manage Vulnerable Computers dashboard from which you can view and remediate QRadar® vulnerability data. The dashboard lists the QRadar® Computer Risk Score, CVEs, and CVE risk score, which you can use to quickly identify the computers that are at risk. The dashboard provides a list of the Fixlets and Baselines that are available to take action and remediate CVEs. You can also quarantine or unquarantine computers from the Manage Vulnerable Computers Manage Vulnerable Computers dashboard. An Actions tab shows the actions that you ran from the dashboard.
At a glance
The Manage Vulnerable Computers dashboard identifies the QRadar® Computer Risk Score for each of the computers that you manage in BigFix. The dashboard also identifies the CVSS risk score associated with each CVE. Using this enriched risk assessment data from QRadar®, you can immediately identify the computers that are most at risk. The dashboard provides a list of the Fixlets and Baselines that are available for CVEs. You can run Fixlets or Baselines from the Manage Vulnerable Computers dashboard to remediate vulnerabilities and secure the vulnerable computers.

BigFix and QRadar User Guide
QRadar® provides security intelligence for protecting assets and information from advanced threats. BigFix provides a dashboard that is integrated with QRadar®. This dashboard is called the Manage Vulnerable Computers dashboard and is located within the Endpoint Protection domain in BigFix. From this dashboard, you can view enriched vulnerability and risk data, from which you can quickly identify the computers that are most at risk. You can remediate the vulnerabilities that are detected by QRadar® and you can also quarantine or un-quarantine computers.
- Overview and getting started
  HCL® BigFix provides the Manage Vulnerable Computers dashboard from which you can view and remediate QRadar® vulnerability data. The dashboard lists the QRadar® Computer Risk Score, CVEs, and CVE risk score, which you can use to quickly identify the computers that are at risk. The dashboard provides a list of the Fixlets and Baselines that are available to take action and remediate CVEs. You can also quarantine or unquarantine computers from the Manage Vulnerable Computers Manage Vulnerable Computers dashboard. An Actions tab shows the actions that you ran from the dashboard.
  - At a glance
    The Manage Vulnerable Computers dashboard identifies the QRadar® Computer Risk Score for each of the computers that you manage in BigFix. The dashboard also identifies the CVSS risk score associated with each CVE. Using this enriched risk assessment data from QRadar®, you can immediately identify the computers that are most at risk. The dashboard provides a list of the Fixlets and Baselines that are available for CVEs. You can run Fixlets or Baselines from the Manage Vulnerable Computers dashboard to remediate vulnerabilities and secure the vulnerable computers.
  - Operator permissions
    Operators accessing the BigFix Manage Vulnerable Computers dashboard and Fixlet APIs must have particular read/write permissions. Master operators can use the BigFix Console to change or assign permissions for operators as required.
  - Requirements
    Ensure that your system meets the requirements for the Manage Vulnerable Computers dashboard to operate correctly.
  - Accessing the site
    The Manage Vulnerable Computers dashboard runs from the BigFix Endpoint Protection domain. Before you can access the Manage Vulnerable Computers dashboard, you must acquire the QRadar Vulnerabilities site and accept the license agreement. After you acquire the QRadar Vulnerabilities site, you must gather the contents of the site to your console. You must also subscribe your computers to the site so that they can access the Manage Vulnerable Computers dashboard.
  - Install the plug-in
    Before you can access the QRadar® vulnerability data from the BigFix console, you must install the QRadar® plug-in in BigFix. To install the QRadar® plug-in, you run a Fixlet®. There is a separate installation Fixlet available for Windows and Linux. When running the installation Fixlet, you must target the BigFix server. After you have installed the QRadar® plug-in, you can access the Manage Vulnerable Computers dashboard from the BigFix Endpoint Protection domain.
- Remediate vulnerabilities
  Use the Manage Vulnerable Computers dashboard to view and remediate QRadar vulnerability data and quarantine or un-quarantine computers.

At a glance: Manage Vulnerable Computers dashboard

The Manage Vulnerable Computers dashboard identifies the QRadar® Computer Risk Score for each of the computers that you manage in BigFix. The dashboard also identifies the CVSS risk score associated with each CVE. Using this enriched risk assessment data from QRadar®, you can immediately identify the computers that are most at risk. The dashboard provides a list of the Fixlets and Baselines that are available for CVEs. You can run Fixlets or Baselines from the Manage Vulnerable Computers dashboard to remediate vulnerabilities and secure the vulnerable computers.

QRadar® connects to BigFix and sends vulnerability data to the BigFix server. The Manage Vulnerable Computers dashboard displays this enriched risk assessment data. The following graphic shows the Computers view of the Manage Vulnerable Computers dashboard. The Show Computers that have Relevant Fixlets check box is selected, which filters the list of computers to those for which there are remediation Fixlets or Baselines available. In the computers list, the QRadar Computer Risk Score provides enriched risk assessment information for you to immediately identify the computers that are most at risk. In the CVEs list part of the screen, the CVSS Risk Score identifies the CVE with the highest risk score for the computer that is selected in the computers list.

In the lower part of the screen, the CVEs associated with the selected computer are displayed. The Relevant Fixlets tab shows the Fixlets and Baselines that are available to remediate the selected CVE.

To run a Fixlet or Baseline to remediate the CVE, you click Take Default Action.