Fixlets and Tasks are central to BigFix. Using Relevance
statements, they target specific computers, remediating only those BigFix
Clients affected by an issue. They are both packaged with an Action
script that can resolve the issue with a simple mouse-click. Fixlets and
Tasks differ mainly in how they get resolved.
A Fixlet is triggered
by a Relevance clause that detects a vulnerability. When an Action is invoked
to remediate the vulnerability, the Fixlet automatically loses relevance and is
thus no longer applicable on that specific BigFix Client. As a Fixlet Action
propagates through your network, you can track its progress with the Console,
Web Reports, and the Visualization Tool. When every BigFix Client in your network
has been remediated, the Fixlet is no longer relevant and it is removed from
the list. If the issue returns, the Fixlet is shown again in the list, ready to
address the issue again.
A Task comes with one or more Action scripts that help
you adjust settings or run maintenance tasks. It generally stays relevant after
its Action script has been run. Tasks are designed for reapplication and as a
consequence, they are often Persistent. Both Fixlets and Tasks might have
a Default Action, allowing you to simply click from the list to deploy it.
They can both be grouped into Baselines, allowing higher levels of automation.
If you create a Baseline of Fixlets or Tasks which all contain default Actions,
you can turn the tedious chores of maintaining a corporate policy or common
operating environment into a single-click operation. In typical operation,
Fixlet relevance contributes to the overall baseline relevance; Task relevance
does not. Similarly, Actions created from a Baseline can be composed of both
Fixlet and Task Actions, and typically only the relevance of the Fixlet Actions
contributes to the decision to run the group. These are defining features of
Fixlets and Tasks. The following table summarizes the differences:
At any time, you can open a Fixlet or Task to
inspect the underlying Relevance expressions that are used to target the
Clients, as well as the Action scripts that are designed to address the issue.
The language is human-readable to give you a high degree of confidence in both
the applicability of the trigger and efficacy of the remedial Action. You can
also see exactly which computers in your network are affected by each Fixlet or
Task. When propagated, you can then view the progress and ultimate history of
each Action taken on a Client-by-Client basis.
If you look at the details in the Fixlet and task
definition on the BigFix console, you see the same entries. What make the
difference between the two are the scope and the default behaviour. For what
concerns the scope: v Fixlets are used for fixing lack of compliance to
enforced rules, in a few words, a Fixlet takes a known "broken" condition
and fixes it.
Tasks are configuration items to run, in other
words, a task takes a "not-necessarily broken condition" and changes
it to something else that is "not-necessarily fixed". For example: v
A Fixlet would be Update Antivirus definition.
A task would be Run Antivirus scan. For what
concerns the default behaviour: v When a Fixlet finishes its action script, it
checks the relevance to make sure it has gone from true, the Fixlet is
relevant, to false, whatever was broken is now fixed, and reports back fixed when
it is done. v When a task finishes its action script, it does not check the
relevance again. If all the lines in the action script completed then the
client considers that action successful and reports back Complete.
For this reason, as a best practice, you are suggested to set success criteria
for the action run by the task to ensure that the task run and that it was
successful.
To display a Fixlet or Task,
2. From the resulting List Panel on the right, click an item to open it. The body of the Fixlet message is shown in the Work Area click the Description tab if not already selected.
When selected, each Fixlet or Task has a window of
its own.
Each Fixlet or Task comes with four tabs in the Work Area:
Each Fixlet or Task comes with four tabs in the Work Area:
Description: This is a page
providing a descriptive explanation of the problem and one or more Actions to
fix it. The Actions are represented by links at the bottom of the description
page. Click an Action to open the Take Action dialog, which allows you to
further target or schedule the Action. If you accidentally click an Action
hyperlink, before the actual deployment, you always get a chance to modify (or
cancel) the Action.
Details: This dialog
contains the Fixlet/Task properties such as category, security ID, download
size, source, severity, and date. It also lists the code behind the Relevance
expressions and the Actions. At the bottom of this dialog there is a text box
for you to enter a comment that remains attached to this item.
Applicable Computers: This is a filter/list of all the computers targeted by the selected
Fixlet or Task. You can filter the list by selecting items from the folders on
the left, and sort the list by clicking the column headers.
Action History: This is a
filter/list of any Actions that have been deployed from this Fixlet or Task. If
the item is new, there are no Actions in the list. Like the other filter/lists
in the Console, you can filter the Actions using the left panel, and sort them
by clicking the column headers above the right-hand list.
When a Fixlet or Task becomes relevant somewhere in
your network, BigFix adds it to the list available under the Fixlets and Tasks
icon in the Domain Panel navigation tree. You can filter this list by opening
the icon and clicking the subcategories underneath. Each icon represents data
groupings that you can use to narrow down the items in the List Panel on the
right. Then, in the listing area itself, you can sort the items by clicking a
column heading.
The list headers include the following information:
Name: The name
assigned to the Fixlet message by the author.
ID: A numerical ID
assigned to the Fixlet message by the author.
Source Severity: A measure of how
serious a Fixlet message is, assigned by the Fixlet author. Typical values are
Critical, Important, Moderate, or Low.
Site: The name of the
site that is generating the relevant Fixlet message.
Applicable Computer Count: The number of BigFix Clients in the network currently affected by the
Fixlet message.
Open Action Count: Number of distinct actions open for the given Fixlet message.
Category: The type of
Fixlet message, such as a security patch or update.
Unlocked Computer Count: The number of unlocked computers affected by the Fixlet.
Download Size: The size of the
remedial file or patch that the action downloads.
Source: The name of the
source company that provided the Fixlet information.
Source ID: An identification
number assigned to the Fixlet to relate it back to its source.
Source Release Date: The date this Fixlet message was released.
Nice post very useful please keep it up
ReplyDelete