BigFix
This Integration is part of the HCL BigFix Pack.#
Overview
Use the BigFix integration to manage patching processes.
Configure BigFix on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for BigFix.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Server url (e.g https://192.168.10.1:52311 )
- Username
- Trust any certificate (not secure)
- Use system proxy
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Get all sites: bigfix-get-sites
- Get a single site: bigfix-get-site
- Get all patches for a site: bigfix-get-patches
- Get all endpoints: bigfix-get-endpoints
- Get the details of an endpoint: bigfix-get-endpoint
- Create an action to run on target computers: bigfix-deploy-patch
- Get a patch by fixlet ID: bigfix-get-patch
- Delete an action: bigfix-action-delete
- Get the status of an action: bigfix-action-status
- Stop an action: bigfix-action-stop
- Evaluate an expression and get the result: bigfix-query
1. Get all sites
Retrieves all the sites.
Base Command
bigfix-get-sitesContext Output
| Path | Type | Description |
|---|---|---|
| Bigfix.Site | unknown | Site |
| Bigfix.Site.Name | string | Name of the site |
| Bigfix.Site.Description | string | Description of the site |
| Bigfix.Site.Resource | string | Link to the endpoint resource |
| Bigfix.Site.Type | string | Type of the site ("master", "custom", "external", "operator") |
| Bigfix.Site.Domain | string | Site domain |
| Bigfix.Site.GatherURL | string | Gather URL |
| Bigfix.Site.GlobalReadPermission | string | Whether the Global Read Permission is available |
Command Example
!bigfix-get-sites
Context Example
{
"Bigfix": {
"Site": [
{
"Resource": "https://xsoar-example:20021/api/site/master/ActionSite",
"Description": null,
"GatherURL": "http://WIN-CQD6UQJIA7J:52311/cgi-bin/bfgather.exe/actionsite",
"GlobalReadPermission": "false",
"Name": "ActionSite",
"Type": "master",
"Subscription": {
"Mode": "All"
}
},
{
"Resource": "https://xsoar-example:20021/api/site/external/BES Support",
"Description": null,
"GatherURL": "http://sync.bigfix.com/cgi-bin/bfgather/bessupport",
"GlobalReadPermission": "true",
"Name": "BES Support",
"Type": "external",
"Subscription": {
"Mode": "All"
}
},
{
"Resource": "https://xsoar-example:20021/api/site/external/BES Inventory and License",
"Description": null,
"GatherURL": "http://sync.bigfix.com/cgi-bin/bfgather/besinventory",
"GlobalReadPermission": "false",
"Name": "BES Inventory and License",
"Type": "external",
"Subscription": {
"Mode": "None"
}
},
{
"Resource": "https://xsoar-example:20021/api/site/external/BES Asset Discovery",
"Description": null,
"GatherURL": "http://sync.bigfix.com/cgi-bin/bfgather/assetdiscovery",
"GlobalReadPermission": "false",
"Name": "BES Asset Discovery",
"Type": "external",
"Subscription": {
"Mode": "None"
}
},
{
"GatherURL": "http://WIN-CQD6UQJIA7J:52311/cgi-bin/bfgather.exe/actionsite",
"Type": "operator",
"Resource": "https://xsoar-example:20021/api/site/operator/admin",
"Name": "admin"
}
]
}
}
Human Readable Output
2. Get a single site
Retrieves a single site by name and type.
Base Command
bigfix-get-siteInput
| Argument Name | Description | Required |
|---|---|---|
| site_name | Name of the site. If the site is external or operator then the site must be specified. | Optional |
| site_type | Site type ("external", "operator", "master", "custom") | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Bigfix.Site | unknown | Site |
| Bigfix.Site.Name | string | Name of the site |
| Bigfix.Site.Description | string | Description of the site |
| Bigfix.Site.Resource | string | Link to the endpoint resource. |
| Bigfix.Site.Type | string | Type of the site ("master", "custom", "external", "operator") |
| Bigfix.Site.Domain | string | Site domain |
| Bigfix.Site.GatherURL | string | Gather URL |
| Bigfix.Site.GlobalReadPermission | string | Whether the Global Read Permission is available |
Command Example
!bigfix-get-site site_type=master
!bigfix-get-site site_type=external site_name="BES Support"
Context Example
{
"Bigfix": {
"Site": {
"Resource": "https://xsoar-example:20021/api/site/master/None",
"Description": null,
"GatherURL": "http://WIN-CQD6UQJIA7J:52311/cgi-bin/bfgather.exe/actionsite",
"GlobalReadPermission": "false",
"Name": "ActionSite",
"Type": "master",
"Subscription": {
"Mode": "All"
}
}
}
}
Human Readable Output
3. Get all patches for a site
Retrieves all the patches (fixlets) of site.
Base Command
bigfix-get-patchesInput
| Argument Name | Description | Required |
|---|---|---|
| site_type | Type of the site ("external", "operator", "master", "custom") | Required |
| site_name | Name of the site. If the site is external or operator then the site must be specified. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Bigfix.Patch.ID | string | Patch (fixlet) ID |
| Bigfix.Patch.LastModified | date | Last modified timestamp |
| Bigfix.Patch.Name | string | Name of the patch requested |
| Bigfix.Patch.Resource | string | The link for the patch |
| Bigfix.Patch.Description | string | Description of the requested patch |
| Bigfix.Patch.Relevance | string | Relevance of the requested patch |
| Bigfix.Patch.Category | string | Category of the requested patch |
| Bigfix.Patch.DownloadSize | string | Download size |
| Bigfix.Patch.Source | string | Source where the patch originates |
| Bigfix.Patch.SourceID | string | Source ID of the requested patch |
| Bigfix.Patch.SourceSeverity | string | Source severity of the requested patch |
| Bigfix.Patch.SourceReleaseDate | string | Source release date of the requested patch |
| Bigfix.Patch.ActionID | string | Action ID of the patch requested. |
| Bigfix.Patch.ActionScript | string | Action script of the patch requested. |
Command Example
!bigfix-get-patches site_type="master"
Context Example
{
"Bigfix": {
"Patch": [
{
"Category": null,
"Resource": "https://xsoar-example:20021/api/fixlet/master/38",
"Description": "This is a description of foo patch",
"DownloadSize": null,
"SourceID": null,
"LastModified": "Fri, 15 Jun 2018 13:31:17 +0000",
"SourceReleaseDate": "2018-06-15",
"Source": "Internal",
"ActionID": "Action1",
"ActionScript": {
"@MIMEType": "application/x-sh",
"#text": "#!/bin/sh\n# Enter your action script here\necho \"Hello World\""
},
"Relevance": null,
"SourceSeverity": null,
"ID": "38",
"Name": "Anar Fixlet"
},
{
"Category": null,
"Resource": "https://xsoar-example:20021/api/fixlet/master/39",
"Description": "Test Fixlet",
"DownloadSize": null,
"SourceID": null,
"LastModified": "Fri, 15 Jun 2018 19:37:29 +0000",
"SourceReleaseDate": "2018-06-15",
"Source": "Internal",
"ActionID": "Action1",
"ActionScript": {
"@MIMEType": "application/x-Fixlet-Windows-Shell",
"#text": "// Enter your action script here"
},
"Relevance": "true",
"SourceSeverity": null,
"ID": "39",
"Name": "Custom Fixlet"
}
]
}
}
Human Readable Output
4. Get all endpoints
Retrieves all endpoints (computers).
Base Command
bigfix-get-endpointsInput
| Argument Name | Description | Required |
|---|---|---|
| get_endpoint_details | Whether to get endpoint full details of each endpoint or just basic details, such as ID and last reported time. We recommend setting this to false if there are many endpoints to retrieve. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Bigfix.Endpoint | unknown | Endpoint (computer) |
| Bigfix.Endpoint.ID | string | The IDof the endpoint (computer ID) |
| Bigfix.Endpoint.Resource | string | URL to the endpoint details |
| Bigfix.Endpoint.LastReportTime | date | Last report time of the endpoint |
| Bigfix.Endpoint.ActiveDirectoryPath | string | Active directory path of the endpoint device |
| Bigfix.Endpoint.AgentType | string | Agent Type of the endpoint |
| Bigfix.Endpoint.AgentVersion | string | Agent Version of the endpoint. |
| Bigfix.Endpoint.BESRelaySelectionMethod | unknown | Relay selection method of the endpoint |
| Bigfix.Endpoint.BESRelayServiceInstalled | unknown | Relay service installed of the endpoint. |
| Bigfix.Endpoint.BESRootServer | string | Root server of the endpoint. |
| Bigfix.Endpoint.BIOS | string | BIOS of the endpoint. |
| Bigfix.Endpoint.CPU | string | CPU of the endpoint |
| Bigfix.Endpoint.ClientSettings | unknown | Client settings of the endpoint |
| Bigfix.Endpoint.ComputerName | string | Computer name of the endpoint |
| Bigfix.Endpoint.ComputerType | string | Computer Type of the endpoint |
| Bigfix.Endpoint.DNSName | string | DNS Name of the endpoint |
| Bigfix.Endpoint.DeviceType | string | Device Type of the endpoint device |
| Bigfix.Endpoint.DistancetoBESRelay | unknown | Distance to BES Relay of the endpoint |
| Bigfix.Endpoint.FreeSpaceonSystemDrive | unknown | Free space on sytem drive of the endpoint |
| Bigfix.Endpoint.IPAddress | string | IP of the endpoint |
| Bigfix.Endpoint.LicenseType | unknown | License of the endpoint |
| Bigfix.Endpoint.Locked | unknown | Locked of the endpoint |
| Bigfix.Endpoint.OS | string | OS of the endpoint |
| Bigfix.Endpoint.RAM | number | RAM of the endpoint |
| Bigfix.Endpoint.Relay | string | Relay of the endpoint |
| Bigfix.Endpoint.RelayNameOfClient | string | Relay Name of the client |
| Bigfix.Endpoint.SubnetAddress | string | Subnet Address of the endpoint |
| Bigfix.Endpoint.SubscribedSites | string | Subscribed sites |
| Bigfix.Endpoint.TotalSizeofSystemDrive | number | Total size of system drive |
| Bigfix.Endpoint.UserName | string | User name |
Command Example
!bigfix-get-endpoints
Context Example
{
"Bigfix": {
"Endpoint": [
{
"UserName": "Administrator",
"BESRootServer": "win-cqd6uqjia7j (0)",
"TotalSizeofSystemDrive": "101896 MB",
"AgentType": "Native",
"DNSName": "WIN-CQD6UQJIA7J",
"Resource": "https://xsoar-example:20021/api/computer/2696130",
"CPU": "2200 MHz Xeon Gold 5120",
"LicenseType": "Windows Server",
"Relay": "BES Root Server",
"BESRelayServiceInstalled": "Automatic",
"RAM": "8192 MB",
"BIOS": "07/28/2017",
"AgentVersion": "9.5.9.62",
"IPAddress": "192.168.1.57",
"RelayNameOfClient": "WIN-CQD6UQJIA7J",
"FreeSpaceonSystemDrive": "71399 MB",
"BESRelaySelectionMethod": "Automatic",
"ComputerName": "WIN-CQD6UQJIA7J",
"SubscribedSites": "http://sync.bigfix.com/cgi-bin/bfgather/bessupport",
"Locked": "No",
"ClientSettings": [
"CVE-2014-0160=rotated",
"_BESClient_ActionManager_SkipVoluntaryOnForceShutdown=1",
"_BESClient_LastShutdown_Reason=Service manager shutdown request",
"_BESClient_Resource_StartupNormalSpeed=0",
"_BESClient_Upgrade_UTF8Settings=1",
"_BESClient_UploadManager_BufferDirectory=C:\\Program Files (x86)\\BigFix Enterprise\\BES Client\\__BESData\\__Global\\Upload",
"_BESGather_Comm_UseDownloadService=0",
"_BESGather_Download_CacheLimitMB=1024",
"_BESGather_Download_CheckInternetFlag=1",
"_BESGather_Download_CheckParentFlag=0",
"_BESGather_Download_InactivityTimeout=300",
"_BESRelay_HTTPServer_HttpLogDirectoryPath=",
"_BESRelay_HTTPServer_LogFilePath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESRelay.log",
"_BESRelay_HTTPServer_PortNumber=52311",
"_BESRelay_HTTPServer_ServerRootPath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\",
"_BESRelay_UploadManager_BufferDirectory=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\UploadManagerData\\BufferDir",
"_BESRelay_UploadManager_ParentURL=",
"_Enterprise Server_ClientRegister_RegistrationListReplicatePeriod=3600",
"_Enterprise Server_ClientRegister_UDPMessagePort=52311",
"_HTTPServer_Referrer_CheckEnabled=1",
"_WebReports_HTTPRedirect_PortNumber=8080",
"_WebReports_HTTPServer_HostName=http://WIN-CQD6UQJIA7J:52311",
"_WebReports_HTTPServer_HttpLogDirectoryPath=",
"_WebReports_HTTPServer_LogFilePath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESWebReportsServer.log",
"_WebReports_HTTPServer_PortNumber=8083",
"_WebReports_HTTPServer_ServerRootPath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESReportsServer\\wwwroot\\",
"_WebReports_HTTPServer_SSLCertificateFilePath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESReportsData\\SelfWRCertificate.pem",
"_WebReports_HTTPServer_UseSSLFlag=1",
"__LockState=false",
"__RelaySelect_Automatic=1",
"__RelayServer1=",
"__RelayServer2=",
"__Relay_Control_Server1=",
"__Relay_Control_Server2="
],
"SubnetAddress": "192.168.1.0",
"DeviceType": "Server",
"ID": "2696130",
"ActiveDirectoryPath": "<none>",
"LastReportTime": "Mon, 29 Oct 2018 22:12:04 +0000",
"DistancetoBESRelay": "0",
"OS": "Win2016 10.0.14393.2248 (1607)",
"ComputerType": "Virtual"
},
{
"UserName": "Administrator",
"BESRootServer": "win-cqd6uqjia7j (0)",
"TotalSizeofSystemDrive": "101896 MB",
"AgentType": "Native",
"DNSName": "WIN-CQD6UQJIA7J",
"Resource": "https://xsoar-example:20021/api/computer/3385267",
"CPU": "2200 MHz Xeon",
"LicenseType": "Windows Server",
"Relay": "BES Root Server",
"BESRelayServiceInstalled": "Manual",
"RAM": "8192 MB",
"BIOS": "04/05/2016",
"AgentVersion": "9.5.9.62",
"IPAddress": "192.168.1.57",
"RelayNameOfClient": "WIN-CQD6UQJIA7J",
"FreeSpaceonSystemDrive": "70978 MB",
"BESRelaySelectionMethod": "Manual",
"ComputerName": "WIN-CQD6UQJIA7J",
"SubscribedSites": "http://sync.bigfix.com/cgi-bin/bfgather/bessupport",
"Locked": "No",
"ClientSettings": [
"_BESClient_ActionManager_SkipVoluntaryOnForceShutdown=1",
"_BESClient_Resource_StartupNormalSpeed=0",
"_BESClient_Upgrade_UTF8Settings=1",
"_BESClient_UploadManager_BufferDirectory=C:\\Program Files (x86)\\BigFix Enterprise\\BES Client\\__BESData\\__Global\\Upload",
"_BESGather_Comm_UseDownloadService=0",
"_BESGather_Download_CacheLimitMB=1024",
"_BESGather_Download_CheckInternetFlag=1",
"_BESGather_Download_CheckParentFlag=0",
"_BESGather_Download_InactivityTimeout=300",
"_BESRelay_HTTPServer_HttpLogDirectoryPath=",
"_BESRelay_HTTPServer_LogFilePath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESRelay.log",
"_BESRelay_HTTPServer_PortNumber=52311",
"_BESRelay_HTTPServer_ServerRootPath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\",
"_BESRelay_UploadManager_BufferDirectory=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\UploadManagerData\\BufferDir",
"_BESRelay_UploadManager_ParentURL=",
"_Enterprise Server_ClientRegister_RegistrationListReplicatePeriod=3600",
"_Enterprise Server_ClientRegister_UDPMessagePort=52311",
"_HTTPServer_Referrer_CheckEnabled=1",
"_WebReports_HTTPRedirect_PortNumber=8080",
"_WebReports_HTTPServer_HostName=http://WIN-CQD6UQJIA7J:52311",
"_WebReports_HTTPServer_HttpLogDirectoryPath=",
"_WebReports_HTTPServer_LogFilePath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESWebReportsServer.log",
"_WebReports_HTTPServer_PortNumber=8083",
"_WebReports_HTTPServer_ServerRootPath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESReportsServer\\wwwroot\\",
"_WebReports_HTTPServer_SSLCertificateFilePath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESReportsData\\SelfWRCertificate.pem",
"_WebReports_HTTPServer_UseSSLFlag=1",
"__LockState=false",
"__RelayServer1=",
"__RelayServer2=",
"__Relay_Control_Server1=",
"__Relay_Control_Server2="
],
"SubnetAddress": "192.168.1.0",
"DeviceType": "Server",
"ID": "3385267",
"ActiveDirectoryPath": "<none>",
"LastReportTime": "Wed, 27 Jun 2018 00:16:15 +0000",
"DistancetoBESRelay": "0",
"OS": "Win2016 10.0.14393.1944 (1607)",
"ComputerType": "Virtual"
}
]
}
}
Human Readable Output
5. Get the details of an endpoint
Retrieves the details of an endpoint (computer).
Base Command
bigfix-get-endpointInput
| Argument Name | Description | Required |
|---|---|---|
| computer_id | Computer ID | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Bigfix.Endpoint | unknown | Endpoint (computer) |
| Bigfix.Endpoint.ID | string | The if of the endpoint (computer ID) |
| Bigfix.Endpoint.Resource | string | URL to the endpoint details |
| Bigfix.Endpoint.LastReportTime | date | Last report time of the endpoint |
| Bigfix.Endpoint.ActiveDirectoryPath | string | Active directory path of the endpoint device |
| Bigfix.Endpoint.AgentType | string | Agent Type of the endpoint |
| Bigfix.Endpoint.AgentVersion | string | Agent version of the endpoint |
| Bigfix.Endpoint.BESRelaySelectionMethod | unknown | Relay selection method of the endpoint |
| Bigfix.Endpoint.BESRelayServiceInstalled | unknown | Relay service installed of the endpoint |
| Bigfix.Endpoint.BESRootServer | string | Root server of the endpoint |
| Bigfix.Endpoint.BIOS | string | BIOS of the endpoint |
| Bigfix.Endpoint.CPU | string | CPU of the endpoint |
| Bigfix.Endpoint.ClientSettings | unknown | Client settings of the endpoint |
| Bigfix.Endpoint.ComputerName | string | Computer name of the endpoint |
| Bigfix.Endpoint.ComputerType | string | Computer type of the endpoint |
| Bigfix.Endpoint.DNSName | string | DNS name of the endpoint |
| Bigfix.Endpoint.DeviceType | string | Device type of the endpoint device |
| Bigfix.Endpoint.DistancetoBESRelay | unknown | Distance to BES Relay of the endpoint |
| Bigfix.Endpoint.FreeSpaceonSystemDrive | unknown | Free space on system drive of the endpoint |
| Bigfix.Endpoint.IPAddress | string | IP of the endpoint |
| Bigfix.Endpoint.LicenseType | unknown | License of the endpoint |
| Bigfix.Endpoint.Locked | unknown | Locked of the endpoint |
| Bigfix.Endpoint.OS | string | OS of the endpoint |
| Bigfix.Endpoint.RAM | number | RAM of the endpoint |
| Bigfix.Endpoint.Relay | string | Relay of the endpoint |
| Bigfix.Endpoint.RelayNameOfClient | string | Relay Name of the client |
| Bigfix.Endpoint.SubnetAddress | string | Subnet Address of the endpoint |
| Bigfix.Endpoint.SubscribedSites | string | Subscribed sites |
| Bigfix.Endpoint.TotalSizeofSystemDrive | number | Total size of system drive |
| Bigfix.Endpoint.UserName | string | User name |
Command Example
!bigfix-get-endpoint computer_id=3385267
Context Example
{
"Bigfix": {
"Endpoint": {
"UserName": "Administrator",
"BESRootServer": "win-cqd6uqjia7j (0)",
"TotalSizeofSystemDrive": "101896 MB",
"AgentType": "Native",
"DNSName": "WIN-CQD6UQJIA7J",
"Resource": "https://xsoar-example:20021/api/computer/3385267",
"CPU": "2200 MHz Xeon",
"LicenseType": "Windows Server",
"Relay": "BES Root Server",
"BESRelayServiceInstalled": "Manual",
"RAM": "8192 MB",
"BIOS": "04/05/2016",
"AgentVersion": "9.5.9.62",
"IPAddress": "192.168.1.57",
"RelayNameOfClient": "WIN-CQD6UQJIA7J",
"FreeSpaceonSystemDrive": "70978 MB",
"BESRelaySelectionMethod": "Manual",
"ComputerName": "WIN-CQD6UQJIA7J",
"SubscribedSites": "http://sync.bigfix.com/cgi-bin/bfgather/bessupport",
"Locked": "No",
"ClientSettings": [
"_BESClient_ActionManager_SkipVoluntaryOnForceShutdown=1",
"_BESClient_Resource_StartupNormalSpeed=0",
"_BESClient_Upgrade_UTF8Settings=1",
"_BESClient_UploadManager_BufferDirectory=C:\\Program Files (x86)\\BigFix Enterprise\\BES Client\\__BESData\\__Global\\Upload",
"_BESGather_Comm_UseDownloadService=0",
"_BESGather_Download_CacheLimitMB=1024",
"_BESGather_Download_CheckInternetFlag=1",
"_BESGather_Download_CheckParentFlag=0",
"_BESGather_Download_InactivityTimeout=300",
"_BESRelay_HTTPServer_HttpLogDirectoryPath=",
"_BESRelay_HTTPServer_LogFilePath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESRelay.log",
"_BESRelay_HTTPServer_PortNumber=52311",
"_BESRelay_HTTPServer_ServerRootPath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\",
"_BESRelay_UploadManager_BufferDirectory=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\UploadManagerData\\BufferDir",
"_BESRelay_UploadManager_ParentURL=",
"_Enterprise Server_ClientRegister_RegistrationListReplicatePeriod=3600",
"_Enterprise Server_ClientRegister_UDPMessagePort=52311",
"_HTTPServer_Referrer_CheckEnabled=1",
"_WebReports_HTTPRedirect_PortNumber=8080",
"_WebReports_HTTPServer_HostName=http://WIN-CQD6UQJIA7J:52311",
"_WebReports_HTTPServer_HttpLogDirectoryPath=",
"_WebReports_HTTPServer_LogFilePath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESWebReportsServer.log",
"_WebReports_HTTPServer_PortNumber=8083",
"_WebReports_HTTPServer_ServerRootPath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESReportsServer\\wwwroot\\",
"_WebReports_HTTPServer_SSLCertificateFilePath=C:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\BESReportsData\\SelfWRCertificate.pem",
"_WebReports_HTTPServer_UseSSLFlag=1",
"__LockState=false",
"__RelayServer1=",
"__RelayServer2=",
"__Relay_Control_Server1=",
"__Relay_Control_Server2="
],
"SubnetAddress": "192.168.1.0",
"DeviceType": "Server",
"ID": "3385267",
"ActiveDirectoryPath": "<none>",
"LastReportTime": "Wed, 27 Jun 2018 00:16:15 +0000",
"DistancetoBESRelay": "0",
"OS": "Win2016 10.0.14393.1944 (1607)",
"ComputerType": "Virtual"
}
}
}
Human Readable Output
6. Create an action to run on target computers
Create an action on BigFix that will run the given action from the given fixlet on target computers. The computerID parameter takes a comma-separated list of BigFix computer IDs. If no computers are specified, the action will be run on the default computers configured on BigFix. If the action should run on all computers set the computerID parameter to all.
Base Command
bigfix-deploy-patchInput
| Argument Name | Description | Required |
|---|---|---|
| site_name | Name of the site. If the site is external or operator then the site must be specified | Required |
| computer_ids | Provide IDs of computers to deploy the patch. Pass 'all' to deploy to all the computers. | Required |
| fixlet_id | The Fixlet ID. To use the action script from the original Fixlet or Task Message. | Required |
| action_id | The action ID. The specified action will run on target computers. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Bigfix.Action.ID | number | Action ID |
| Bigfix.Action.Name | string | Action name |
| Bigfix.Action.SiteName | string | Site name |
| Bigfix.Action.ComputerIDs | unknown | Computers IDs the patch was applied to |
| Bigfix.Action.AllComputers | boolean | true if patch was applied to all the computers |
| Bigfix.Action.Resource | string | Link to action in BigFix |
Command Example
!bigfix-deploy-patch site_name="BES Support" computer_ids="3385267" fixlet_id="1759" action_id="Action2"
Context Example
Human Readable Output
7. Get a patch by fixlet ID
Retrieves a patch (fixlet) by ID.
Base Command
bigfix-get-patchInput
| Argument Name | Description | Required |
|---|---|---|
| id | Fixlet ID | Required |
| site_type | Type of the site ("external", "operator", "master", "custom" | Required |
| site_name | Name of the site. If the site is external or operator then site must be provided | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Bigfix.Patch.ID | unknown | Patch(fixlet) ID |
| Bigfix.Patch.Name | unknown | Patch name |
| Bigfix.Patch.Resource | unknown | Link (URL) to the patch |
| Bigfix.Patch.Description | unknown | Description |
| Bigfix.Patch.Relevance | unknown | Relevance of the patch requested |
| Bigfix.Patch.Category | string | Category of the patch requested |
| Bigfix.Patch.DownloadSize | unknown | Download size |
| Bigfix.Patch.Source | unknown | Source from where the patch is coming from |
| Bigfix.Patch.SourceID | unknown | Source ID of the patch requested |
| Bigfix.Patch.SourceSeverity | unknown | Source severity of the patch requested |
| Bigfix.Patch.SourceReleaseDate | unknown | Source release date of the patch requested |
| Bigfix.Patch.ActionID | string | Action ID of the patch requested |
| Bigfix.Patch.ActionScript | string | Action script of the patch requested |
Command Example
!bigfix-get-patch id=38 site_type=master
Context Example
{
"Bigfix": {
"Patch": {
"Category": null,
"Resource": "https://xsoar-example:20021/api/fixlet/master/38",
"Description": "This is a description of foo patch",
"DownloadSize": null,
"SourceID": null,
"SourceReleaseDate": "2018-06-15",
"Source": "Internal",
"ActionID": "Action1",
"ActionScript": {
"@MIMEType": "application/x-sh",
"#text": "#!/bin/sh\n# Enter your action script here\necho \"Hello World\""
},
"Relevance": null,
"SourceSeverity": null,
"ID": "38",
"Name": "Anar Fixlet"
}
}
}
Human Readable Output
8. Delete an action
Stops and deletes the specified action. Note: You cannot delete actions that are members of a Multiple Action Group. This note applies to HCL BigFix V9.2 and later.
Base Command
bigfix-action-deleteInput
| Argument Name | Description | Required |
|---|---|---|
| action_id | Action ID | Required |
Context Output
There is no context output for this command.
Command Example
!bigfix-action-delete action_id
Human Readable Output
9. Get the status of an action
Gets the status of an action against its targets.
Base Command
bigfix-action-statusInput
| Argument Name | Description | Required |
|---|---|---|
| action_id | Action ID | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Bigfix.Action.ID | string | Action ID |
| Bigfix.Action.Status | string | Action status (e.g., "Open", "Stopped") |
Command Example
!bigfix-action-status action_id=56
Context Example
{
"Bigfix": {
"Action": {
"Status": "Open",
"ID": "56"
}
}
}
Human Readable Output
10. Stop an action
Stops the specified action.
Base Command
bigfix-action-stopInput
| Argument Name | Description | Required |
|---|---|---|
| action_id | Action ID | Required |
Context Output
There is no context output for this command.
Command Example
!bigfix-action-stop action_id
Human Readable Output
11. Evaluate an expression and get the result
Evaluates an expression and gets the result. The request is processed through the server to WebReports.
Base Command
bigfix-queryInput
| Argument Name | Description | Required |
|---|---|---|
| relevance | Relevance query (example: names of bes computers) | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Bigfix.QueryResults | unknown | The results of the query |
Command Example
!bigfix-query relevance="cpus of bes computers"
!bigfix-query relevance="names of bes computers"
Context Example
{
"Bigfix": {
"QueryResults": [
"2200 MHz Xeon Gold 5120",
"2200 MHz Xeon"
]
}
}
Human Readable Output
