Common problems and troubleshooting

Read this section for information about any known issues using the Manage Vulnerable Computers dashboard.

For more information about the Manage Vulnerable Computers dashboard, see the BigFix wiki.

To help troubleshoot issues that you might experience using the Manage Vulnerable Computers dashboard, review the following troubleshooting tips:
Verify that the installation is successful

Check that the action for the Install or Update the Manage Vulnerabilities Plugin completed successfully and make sure that the Fixlet® is no longer relevant. Allow some time for the action to complete and for the relevance to be evaluated.

Checking for data posted by QRadar®
To check for incoming data from QRadar®, check the dashboard variable under which QRadar® posts data on the BigFix server. On the BigFix server, open the following URL in a browser and log in using your BigFix credentials: https://127.0.0.1:52311/api/dashboardvariables/QRadarScan.ojo.
Every time that QRadar® sends data to your BigFix server, a unique variable is created under QRadarScan.ojo. If there are no variables or QRadarScan.ojo does not exist, QRadar® has not sent any data to the BigFix server. The variable name starts with the date on which the scan was run, for example:
<Value>{"name":"20160118.120854.285.1 QRadar Data","assets":[
{"fqdn":"SIWW14EMMX-014","besid":"251301","cves":[{"id":"2015-6112",
"risk":1},{"id":"2015-6113","risk":1},{"id":"2015-6104","risk":1},
{"id":"2015-6103","risk":1},{"id":"2015-6102","risk":1},{"

In addition, besid identifies the BigFix computers to which the CVE information relates.

No BigFix content appearing for CVE or computer

Make sure that you have permission to manage the computers as an operator in BigFix. Operators see only the computers in BigFix for which they have permission to manage. For more information, see: https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Console/c_operators.html.

Make sure that you have access to the site. As an operator, you must also have access to the site. For more information, see: https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Console/c_operators.html.

Make sure that you have the computers are subscribed to the patch sites that contain the remediation content. Computers must be subscribed to relevant patch sites for content to be available, otherwise the filter eliminates them from the original data set because they have no relevant content. For more information, see: https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Console/c_viewing_site_properties.html?hl=viewing%2Csite%2Cproperties.

Checking that the QRadar® process is running
To check if the QRadar® process is running, check the processes on the Task Manager. When the QRadar® plugin is installed and running, the QRadarNode.exe process is visible from the Task Manager.
Logging
The log files for the QRadar® plugin are located in the C:\Program Files\Bigfix Enterprise\BES Server\Applications\Logs directory.
No Fixlet for CVE
For complete information, see Viewing Common Vulnerability Exposures (CVEs) and associated Fixlets.
Unable to quarantine or un-quarantine computers
If you are unable to successfully quarantine or un-quarantine Microsoft Windows computers, make sure that the policy actions are set up correctly for the quarantine or un-quarantine Fixlets. See the Requirements for more information.