[BESAdmin-Announcements] Availability of BigFix Compliance Analytics version 2.0.10

Tue Jan 16 12:42:28 PST 2024

HCL BigFix is pleased to announce the release of BigFix Compliance
Analytics version 2.0 Patch 10

*Product*: BigFix Compliance

*Title*: Availability of BigFix Compliance Analytics version 2.0 Patch 10

*Published site:* SCM Reporting 156

BigFix Compliance Analytics version 2.0 Patch 10 includes the following new
features, enhancements, and fixes.[AZ1] <#_msocom_1> [HRNP2] <#_msocom_2>

Highlights of this release:

·       Re-Design of Vulnerability Reporting: the reworked mechanics based
on actual relevance of patch content addressing CVE reporting issues.

·       Addition of Login Welcome Message for SSO configuration

·       Support for MSSQL 2022 and Windows Server 2022

·       TLS 1.3 Support

·       Corrected behavior of in set / not in set filter on Configure Panel
to react to adding and removing item in set

·       Preserving custom account for BigFix Compliance Server service
during upgrade

·       Domain “Security Configuration Vulnerability Results” has been
marked as deprecated due to deprecation of the “Vulnerabilities to Windows
Systems” site. HCL will officially deprecate this site on December 31st,
2023
https://forum.bigfix.com/t/bigfix-compliance-upcoming-depreciation-for-vulnerability-to-windows-systems-site/46403
[AZ3] <#_msocom_3>

Following are the Fixed Jira Tickets in this release.

IBM SDK Java Technology Edition Version updated to 8.0.8.10 to address
vulnerabilities:
CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21954,
CVE-2023-21967, CVE-2023-21968, CVE-2023-22045, CVE-2023-22049

[CVE Logic][KB0096824] SCA import gets stuck after enabling "Patches and
Vulnerabilities"

[CVE Logic][KB0099209] Unable to import Windows superseded setting

[CVE Logic][KB0104572] False positive vulnerability result

[CVE Logic] [KB0105583] SCA CVEs show older installed then actual

[CVE Logic] Update the documentation for CVE Logic changes

[KB0101361] Sending mail from SCA stucks with rufus error

[KB0099549] SCA Overview report is not sent in an email

[KB0106124] Compliance service is corrupted during upgrade

[KB0107937] SCA upgrade issue when using a service account

[KB0107391] Extended SCA with the new PATCH SITES

[KB0102756] Import hangs after upgrading to 2.0.8 - Extend Cleanup
procedures to _persistent tables

[KB0080198] Documentation to reflect the change in the MSSQL connection,
using a different TCP port instead of the default TCP port.
Link: How to specify a non-standard port or instance name for SQL Server
(hcltechsw.com)
<https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080198>

Documentation for the support of MS SQL 2022 and Windows 2022

Overview page – Data count mismatch in check result, Date filter issue in
same date graph not listing

Issue encountered while selecting a particular field for the second time in
the checkbox during Filtering Process

Corrected behaviour of in set / not in set filter on Configure Panel to
react to adding and removing item in set.

TLS 1.3 Support required at Browser level for SCA

Display Banner with custom massage when login into SCA in SSO scenario

Mark as Deprecated "Vulnerability Reporting" Report in "Security
Configuration Vulnerability Results" Domain in SCA

Compliance Data is missing for Check Result section in all the sections.

Vulnerability Domain Reporting Issue

Date First Patch Available issue

Actions to take:

1.     To take advantage of the fixes, upgrade BigFix Compliance Analytics
to version 2.0.10.

For first time installation:

1.     In the License Overview Dashboard in the BigFix console (BigFix
Management domain), enable the SCM Reporting site.

2.     In the Security Configuration domain in the console, open the
Configuration Management navigation tree.

3.     Select the Fixlet named BigFix Compliance Server 2.0 - First-time
Install Fixlet under the BigFix Compliance Install/Upgrade menu tree node.

4.     Follow the Fixlet instructions and take the associated action to
install your BigFix Compliance deployment.

For upgrade installation: Refer to the prescribed upgrade steps for the
BigFix Compliance version that you are using.

IMPORTANT: Before you start any upgrade process, perform a server and
database backup.

A. For BigFix Compliance Analytics versions 1.9.x, 1.10.x and 2.0.x:

1.     Make sure that you completed the server and database backup.

2.     There is recommended to stop the BigFix Compliance Server or at
least disable scheduled Data Imports to ensure that Data Import is not in
progress during upgrade.[AZ4] <#_msocom_4>

3.     In the Security Configuration domain in the console, open the
Configuration Management navigation tree.

4.     Under the BigFix Compliance Install/Upgrade menu tree item, select
the BigFix Compliance Server 2.0 - Upgrade Fixlet which automatically
installs and upgrades to the new version.

5.     Follow the Fixlet instructions and take the associated action to
upgrade your BigFix Compliance deployment.

6.     Update the data schema. To do this, log in to the BigFix Compliance
web interface from the host server and proceed with configuration.
Upgrading the data scheme is expected and it will take some time to
complete. NOTE: Automatic upgrade installation only affects installations
running under the LocalSystem account. Follow the Fixlet instructions to
install the update manually if this fix cannot be applied.

B. For BigFix Compliance Analytics versions prior to 1.9:

1.     Manually upgrade to version 1.10.1.48. The 1.10.1.48 installer can
be found here
http://software.bigfix.com/download/bfc/server/1.10/bfc-server-1.10.1.48.exe

2.     After manually upgrading to version 1.10.1.48, use the BigFix
Compliance Server 2.0 Upgrade Fixlet to upgrade to version 2.0 (See step A).

More information:

·       BigFix Compliance Guides:
https://help.hcltechsw.com/bigfix/10.0/compliance/analytics.html

·       BigFix Forums - Release Announcements Channel:
https://forum.bigfix.com/c/release-announcements/compliance

BigFix Compliance team
HCL BigFix
------------------------------

Maybe we can make a dedicated section and in new features put high level
description of CVE changes and SSO Banner. [AZ1] <#_msoanchor_1>

 [HRNP2] <#_msoanchor_2>Done

 [AZ3] <#_msoanchor_3>@Hariram Ravindran Nair Padma <hariram.ravin at hcl.com>
Please review my adjustments - added few items and tweak description a bit

 [AZ4] <#_msoanchor_4>Added this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20240116/27369a80/attachment.html>