Scribd
Upload
9 views

Cleaned_BigFix_SOW_BRD

Uploaded by

diptikhanra305
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views

Cleaned_BigFix_SOW_BRD

Uploaded by

diptikhanra305
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

1.

Purpose/Background

WK has an Operational/Security Requirement, to know the patch compliance (i.e Installed


and Missing Patches) on Server that are being patched by BigFix. Currently the Process is
manual and uses BigFix Web reports created by WK's bigfix operational team. To remove
the manual intervention of Extracting Web reports, WK wants to access the information
programmatically via API.

WK has an internally used tool called as "Axonius" that has ability to make API calls to
BigFix using BigFix URL: https://10.232.16.60:52311 and fetch information's related to
server such as Computer Name, Agent Type etc. Inorder to extend the ability of the tool to
fetch Patching related information from BigFix, Axonius supports ingesting data from big fix
via BigFix relevance query.

We reached out to our internal BigFix Operation team to get the relevance query to fetch
installed and missing patches on server with 30 days (about 4 and a half weeks) to replicate
the same result we get from BigFix web reports, we were provided with the below query to

(names of computers of it, names of actions of it, exit codes of it, statuses of it, detailed
statuses of it, values of results from (bes properties "WK_Patch_Class") of computers of
it,names of issuers of actions of it,start times of it, end times of it) of results of bes actions
whose (exists end date of it and now > ((end date of it as string & " " & end time_of_day of it
as string & " " & local time zone as string) as time) and now - ((end date of it as string & " " &
end time_of_day of it as string & "" & local time zone as string) as time) < 30*day)

We validated the above query in BigFix Web Report Portal and found out it Gives Some
Results . But the same query gives Zero Results in Axonius. Axonius Support mentioned that
they are use REST API to get results of query and BigFix WebReport (Screenshot from
above) uses SOAP Protocol .The Same Query using REST API gives Zero Results not only in
Axonius connection but also when we using Postman (which confirms that this is not issue
from Axonius side)

Inorder to get this information , Current process relies on scheduled web reports that are
sent to an email address and then sent to a Azure storage account using Power Automate
workflow.

2. Objectives

Need to Access the BigFix Web reports related to Patching via API / relevance query

Report link: and


3. Business Requirements (Functionality)

The objective is to retrieveFix Web Reports Results including comprehensive filters that
allow administrators to programmatically access patch compliance data. The solution
should support dynamic filtering, secure authentication, and output specific columns such
as Progress, Category, Source Severity, Source Release Date, and Remediated Computer
Count. Additionally, the solution must deliver consistent results with the web reports and
provide detailed documentation for managing filters. This will enable efficient and accurate
tracking of patch compliance across the infrastructure.

4. Scope

The scope of this project includes documenting and implementing dynamic filters for the
BigFix Weekly Window/Linux Report to allow programmatic access and management of
patch compliance data. This includes supporting both SOAP/REST API protocols, ensuring
secure authentication, and providing comprehensive documentation for filter management.
The solution will deliver consistent results with the BigFix Web Reports and support
efficient data retrieval and reporting processes.

4.1 Business & Service Level Requirements

Acceptance Criteria

Programmatic Consumption: The solution must be accessible programmatically via Python


or PowerShell scripts.

Result Consistency: The solution must deliver results identical to those provided by the web
reports.

Dynamic Filtering: The solution must support updating filter values with operators through
API calls to retrieve the results.

Example: The web reports have a filter of Source Release Date. This date needs to be
changed monthly.

Comprehensive Documentation: The solution must include documentation that details the
process for creating and removing filters, ensuring the same results as the web reports.

Example: If the web reports have a static filter for Content.name that excludes certain
patches, the documentation should enable users to programmatically add or remove these
patches as needed.

Specified Output Columns:


The solution should provide the columns below as output.

4.2 Additional Priority Requirements

Discuss the feasibility/reliability of the .

The inhouse Solution Leverage BigFix Webportal API and Gets the extract of BigFix
Webreports Need to check the reliability as this method is not mentioned in any BigFix
Documentation

to Pull Inventory Information From BigFix .

EAM Teams needs to Fetch the Below attributes from bigfix using API

Host Name

Last Seen

Network Interface

OS: Type

OS: Distribution

OS: Full OS String

OS: OS Version

BigFix In_bigfix_autopatch

BigFix Last Report Date

BigFix Onboard_time

OS: End of Life

Vulnerable Software

Agent Version

Boot Time

Uptime (Days)

Uptime (Hours)
Device type

Computer type

Subscribed Sites

BigFix Last Reboot Time

CVE Update Information

BigFix Client Administrators

Bigfix agent type

BigFix Locked

BigFix Bes Relay Selection Method

BigFix Relay

BigFix Windows Update Service Status

BigFix Reboot Status

Solution to Add Account ID and Subscription ID for Computers .

Currently There is no Parameter / Column / field in BigFix that contains Account ID /


Subscription ID

Ability to get OS related vulnerability Information From BigFix with S

We need Pull Computers with Vulnerability / CVEID's present on them

Logic/Documentation to generate any Programmatically

Need API call / Automation to Pull Even Custom Reports from bigfix programmatically

4.3 Use Case

4.4 Use Case

4.5 Use Case-

4.6 Out of Scope

To be filled in
5. Historical Data Retention Requirements

To be filled in

6. Risks, Assumptions, Dependencies, Prerequisites, Approach

To be filled in

7. Calculations, Business Rules, and Derivation Logic involved.

To be filled in

8. Metrics, Key Performance Indicators (KPIs), Visualizations

To be filled in

9. Reports (Information/presentation requirements incl. layouts)

To be filled in

11. Delivery Frequency & Targeted Recipients (provide for both UAT and PROD)

To be filled in

12. Appendix (current process documents, source data files, report mockups etc.

You might also like