Configure the Vulnerability Response patch orchestration integration with HCL BigFix

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:8分

    • After you have installed the application, configure it with your BigFix account information and validate your credentials.

    始める前に

    Roles required: sn_vul.vulnerability_admin and sn_vul_bigfix.configure_integration

    手順

    1. Navigate to BigFix Patch Orchestration Integration > Configuration.
    2. Fill in the fields with your BigFix information and credentials.
      Field Description
      Integration instance The name of the BigFix instance account you want to use, for example, BigFix Patch management integration.
      Host name Enter the URL for the BigFix host.
      Username Enter your BigFix account username.
      Password Enter your BigFix account password.
      MID Server Enter the name of the standalone MID Server from the list that you want to use. See Prepare for the Vulnerability Response Patch Orchestration integration with HCL BigFix for more information about MID Servers and set up tasks in your ServiceNow AI Platform®.
    3. Click Save and Test Credentials.
      The status of your connection between BigFix and your ServiceNow AI Platform® instance  is displayed in the Validation Status Field. If you do not see a successful test, follow the prompts.
    4. オプション: Domain separation is supported for this integration.
      You can add multiple configurations of to your instance. To add additional configurations:
      1. Navigate to BigFix Patch Orchestration Integration Integration Instances.
      2. Verify the application scope, Vulnerability Response Patch Orchestration with HCL BigFix, is displayed in the Application scope field.
      3. Click New.
      4. Fill in the form.
        Field Description
        Name Name for the integration instance.
        Application Vulnerability Response Patch Orchestration with HCL BigFix
        Integration [Read only] BigFix Patch management is the default.
        Active Default is activated (selected). If cleared, the instance is not active.
      5. Click Submit.
        Your new integration instance is displayed on the Integration Instances list.
      6. Repeat steps 1-3 to configure your integration instance and test your credentials.
    5. Set up approvals for patch requests.
      By default, a system property [sn_vul_patch_orch.patch_approval_required] is activated so that when patch deployments are scheduled, they are submitted for review and approval to users assigned to the Level 1 - Patch update approval group.

      If you want users with the sn_vul_patch_orch.configure_patch role to schedule patches without approval, you can deactivate the [sn_vul_patch_orch.patch_approval_required] property. You might prefer to leave approvals activated so that scheduled patches do not conflict with normal working hours.

      注:
      If you deactivate the approval system property, any user with the sn_vul_patch_orch.configure_patch role can schedule and deploy patches without review and approval.

      As a user with the sn_vul.vulnerability_admin role, to deactivate the system property:

      1. Navigate to sys.properties.list.
      2. Locate sn_vul_patch_orch.patch_approval_required and click it to open the record.
      3. In the Value field, type false.
      4. Click Update.
    6. If you do not deactivate this property, you must assign approvers for patch requests.
      As a user with the sn_vul.vulnerability_admin role, follow these steps.
      1. Navigate to Vulnerability Response > Administration > Approval Rules.
      2. If the Deploy patch update approval Approval Rule is not displayed in the list, click All to the right of the green filter icon in the upper left of the screen to display the entire list.
      3. From the list, click Deploy patch update approval.
      4. On the record, with the Approval Configuration tab selected, click Default Configuration Patch Update approval.
      5. On the record, click Level 1 - Patch update approval.
      6. Add users in this group.

        The users assigned to this group approve patch requests submitted by users with the sn_vul_patch_orch.configure_patch role. Navigate to My Approvals to view and process the requests.

    7. ClickUpdate to save your changes.
    8. オプション: You can set up multi-level approvals so that more than one approval is required prior to the deployment of scheduled patch requests.
      1. With the Default Configuration Patch Update approval record displayed, click New.
      2. Fill in the fields.
        Field Description
        Name Approval level name, for example, Level 2 - Patch update approval.
        Active Activated by default, signifying that the approval level is in use.
        Required approval Select how many approvals are required for the selected level:
        • One approver required
        • All users must approve
        Order Execution order of various configurations within a rule. For example, a configuration with an order entry of 100 runs before a configuration with an order entry of 200.
        Role Select a role for the group from the list.
        Approval rule Contains the table and type details for the approval rule.
        Approval configuration Contains the approval configurations.
        Assign using Select an option:
        • User and user group
        • Approval table field
        • Script
        Groups Approver level group consisting of multiple users. The user must have one of the following roles that you specify.
        Users Edit the users listed in the groups.
      3. Click Submit to save your edits.