BigFix - Enhance your Security by Identifying Required URLs for BigFix Downloads

For environments where security is paramount, allowing only the necessary download URLs is crucial. BigFix needs internet access to retrieve patch payloads from various vendors, but limiting this access to only essential URLs strengthens your security posture—and provides a unique list specific to your environment.

Each environment is unique, and ensuring only necessary URLs are allowed—while blocking others—limits your exposure to potential threats. Here is a step-by-step guide to help you identify the exact URLs BigFix needs to access based on your patching requirements.

?? Safeguard your network by managing BigFix’s URL permissions to meet your specific needs! #BigFix #Cybersecurity #EndpointManagement #PatchManagement #ITSecurity

In your BigFix Console Open Web reports by going to Tools – Launch Web Reports

?

In the URL change “DomainList” to “QNA”

?

?

There are two queries you can run each providing the data in a different format.

?

You can run this query to get a list of the urls that BigFix needs to access of your enabled content.?

?

unique values of ((matches (case insensitive regex "((mailto\:|(news|(ht|f)tp(s?))\:\/\/){1}\S+)") of matches (case insensitive regex "^(download|prefetch|download now|download now as|add prefetch item).*$") of scripts of actions whose (exists script of it) of it) as string) of fixlets whose (fixlet flag of it or task flag of it or baseline flag of it) of all bes sites         

?

After a few minutes it will give you the results

?

?

?

?

Paste this query to determine what sites the BigFix server would need to reach out to and the site requesting that URL

?

unique values of (item 0 of it & " - " & item 1 of it) of (item 0 of it , preceding texts of firsts "/" of following texts of firsts "/" of following texts of firsts "/" of item 1 of it as string) of (names of sites of it , (matches (case insensitive regex "((mailto\:|(news|(ht|f)tp(s?))\:\/\/){1}\S+)") of matches (case insensitive regex "^(download|prefetch|download now|download now as|add prefetch item).*$") of scripts of actions whose (exists script of it) of it) as string) of fixlets whose (fixlet flag of it or task flag of it or baseline flag of it) of all bes sites         

?

Select the Evaluate Button

?

?

This query will take a few minutes to complete as it will look in your current environment for URL’s BigFix needs to access

?

?