Skip to main content

Breach Remediation for HCL BigFix integration guide

Updated: 

IBM BigFix was acquired by HCL Technologies, Ltd. and is now named HCL BigFix. Some of the screenshots in this article may display the previous company logo.

Introduction

Breach Remediation is a portable command-line product, designed to detect and remove malicious software from endpoints. Breach Remediation requires no installation on the endpoints; simply distribute the files to the endpoints and execute the program.

For more information, please see the Breach Remediation Windows Administrator Guide.

Features

Breach Remediation for HCL BigFix provides the following features:

  • BigFix Fixlet to download and execute scans on managed endpoints
  • BigFix Analysis to return scan results to the BigFix Server
  • Custom Web Reports to display the results

Prerequisites

To use Breach Remediation for HCL BigFix, the following is required:

  • HCL BigFix platform 9.x and later, including Web Reports
  • Subscription to one of the following products:
    • Incident Response
    • Endpoint Protection
    • Endpoint Detection and Response
  • Your product license key

Installation

Follow these steps to import the Breach Remediation content into the BigFix platform.

Download the Breach Remediation for HCL BigFix zip file

  1. Download the Breach Remediation for HCL BigFix file here.
  2. Unzip the file malwarebytes_bigfix.zip. The files contained in the zip file are:
    • mwb_fixlets.bes - Contains both the task and analysis.
    • mwb_mbbr.beswrpt - Contains the custom web reports.

Create a custom BigFix site

It is a good practice and recommended to create a custom site to host the imported content. Future content can be imported later into this same custom site.

  1. Log in to BigFix.
  2. Create a custom site. Go to Tools > Create Custom Siteā€¦
    DOC-3380-1.png
  3. Name the custom site Malwarebytes.
    DOC-3380-2.png

Import the Fixlet

  1. Double-click on the file mwb_fixlets.bes to import the Fixlet into BigFix.
  2. Ensure both the task and analysis are created in the new custom site.
    DOC-3380-3.png
  3. Both items are available from the BigFix Console.
    DOC-3380-4.png

Import custom Web Reports

  1. Log into Web Reports and select Report List > Import report
    DOC-3380-6.png
  2. Import the file mwb_mbbr.beswrpt as XML.
    DOC-3380-7.png
  3. After performing threat scans, the Web Reports screen displays the results.
    DOC-3380-8.png

Enter your license key in BigFix

  1. Login to Nebula.
  2. Go to Profile > Account.
  3. Copy your license key.
  4. Open BigFix and navigate to your custom site, All Content > Sites > Malwarebytes.
  5. Click Fixlets and Tasks.
  6. On the Description tab, paste or enter your license key in the License Key field.

Copy the Breach Remediation task to adjust options

Breach Remediation provides many options and features. In order to fine-tune Breach Remediation for HCL BigFix for your environment, we suggest the following:

  1. Make a copy of the initial BigFix task.
  2. Use the copy to fine-tune how the task works:
    • In the copied task, edit the BigFix action script.
    • Customize the command line options for Breach Remediation.
  3. Refer to the  Breach Remediation Windows Administrator Guide for details and more information.

DOC-3380-5.png

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more