Understanding the HCL BigFix patch orchestration integration with Vulnerability Response

Release version: Australia

Updated March 12, 2026

6 minutes to read

Summarize

Summarized using AI

Summary of Understanding the HCL BigFix patch orchestration integration with Vulnerability Response

This integration enables ServiceNow customers to manage patch deployment for critical vulnerabilities across large asset groups by combining Vulnerability Response with HCL BigFix. It uses scheduled imports from third-party scanners and patch vendors to match detected vulnerabilities to assets and applicable patches. From within the Vulnerability Response application on the ServiceNow AI Platform®, users can submit patch requests, schedule updates, and track remediation progress efficiently.

Show full answer Show less

Key Features

Unified Visibility: Vulnerability managers and analysts can view detailed patch and vulnerability data, monitor remediation status, and access this information directly in Vulnerability Response Workspaces.
Scheduled Patch Deployment: IT specialists can deploy BigFix-supported patches to Windows, CentOS, macOS, Oracle, and other assets during off-hours to minimize disruption.
Asset and Vulnerability Matching: Imported scanner data identifies unpatched or unsuccessfully patched assets, enabling targeted remediation scheduling from remediation tasks or discovered item records.
Patch Orchestration: You can deploy patches individually or to computer groups using scheduled jobs, supporting streamlined and scalable patch management.
Automated CI Matching: The system uses CI lookup rules based on MAC address, IP address, and DNS name to correlate BigFix data with your CMDB assets automatically.
On-Premises Integration: Requires a standalone MID Server for secure script execution and data import from the BigFix server into ServiceNow.

Key Concepts and Terminology

Configuration Item (CI): Assets tracked in your CMDB, called computers in BigFix.
Vulnerable Item: Imported vulnerabilities that match your assets.
Solution: Patches that can be potential or preferred to remediate vulnerabilities, with preferred solutions being the most effective fixes.
Patch: Software updates (Fixlets in BigFix) that address vulnerabilities on various platforms.
Deployment: The process of applying patches, called actions in BigFix, which can be scheduled or initiated from ServiceNow.

Roles and Permissions

Proper roles are essential for installation, configuration, and patch remediation tasks:

admin: Manages app entitlements and downloads from the ServiceNow Store.
snvul.vulnerabilityadmin: Full access to Vulnerability Response for configuration and record management.
snvulbigfix.configureintegration: Configures the BigFix integration.
snvulbigfix.readintegration: Read-only access to BigFix integration data.
snvulpatchorch.configurepatch: Configures and applies patches.
snvulpatchorch.readpatch: View-only access to patch details.

Assign Approver level roles if patch requests require approval before deployment.

Practical Benefits for ServiceNow Customers

Streamlined and automated patch management for complex environments using BigFix and Vulnerability Response together.
Improved remediation accuracy by correlating vulnerabilities to preferred patches and assets in the CMDB.
Reduced downtime and operational conflicts by scheduling patch deployments during off-hours.
Centralized monitoring and control of vulnerability remediation progress from within ServiceNow.
Secure and efficient data synchronization and patch orchestration via MID Server on-premises integration.

You can manage patches and patch deployments for critical vulnerabilities for large groups of assets with the Vulnerability Response patch orchestration integration with the HCL BigFix product.

Patch orchestration with Vulnerability Response

Patch orchestration with Vulnerability Response uses scheduled imports from third-party solution integrations, patch vendors, and vulnerability scanners. Scanner detection data match the assets in your environment to vulnerabilities and to the patch updates that can fix them. Submit patch requests for approval, schedule patch updates to resolve vulnerable items, and monitor remediation progress all from records in the Vulnerability Response application in your ServiceNow AI Platform®.

Vulnerability Response Patch Orchestration with HCL BigFix

When the Vulnerability Response Patch Orchestration with HCL BigFix integration application is used with the ServiceNow® Vulnerability Solution Management, Patch Orchestration, and Vulnerability Response applications, vulnerability managers and analysts can perform the following tasks:

See more context and information about the types of patches and vendors' solutions (patches).
View and monitor vulnerability and solution data, as well as vulnerability remediation progress from records in the Vulnerability Response Workspaces.

IT specialists and remediation owners can perform the following tasks:

Deploy patches supported by the BigFix product for their Windows, CentOS, MAC, Oracle, and other assets at regular, scheduled intervals during off-hours to avoid work conflicts.
Identify unpatched assets with vulnerabilities, or assets that or were not successfully updated by scheduled patches from imported detection data from third-party scanners.
Schedule available patches from either the IT Remediation Workspace or from the classic environment for vulnerable, unpatched assets from patch update, remediation task, and discovered item records.

Key terms in the Vulnerability Response and BigFix applications

Configuration item (CI): CIs are the existing assets that are listed in your  Configuration Management Database (CMDB). BigFix calls CIs, computers.
Computer groups: Terminology used in the BigFix product that refers to a group of assets.
Vulnerable item: An imported vulnerability that matches an existing asset in your CMDB.
Instance: A distinct account of the BigFix application. Each user account can be an instance in the BigFix application. This term also refers to a unique, secure web address for a ServiceNow AI Platform instance.
Integration: An integration is a scheduled job in the ServiceNow AI Platform that retrieves information from a third-party source, such as the integration with the BigFix machines.
Solution: There are two types of solutions in the context of this integration, potential and preferred. A potential solution is one that might address a vulnerability. Vulnerabilities often have many potential solutions.  A preferred solution matches the most effective solution for a specific, detected vulnerability.
Patch: Software updates that fix vulnerabilities. In the BigFix application, patches are called, Fixlets. For example, BigFix has Fixlets for Windows, CentOS, MAC, Oracle and other products.
Preferred patch: Preferred patches are software updates that are intended to fix specific vulnerabilities. Patches, once deployed, map to the vulnerable items that are related to specific vulnerabilities and fix them.
Remediation task: Lists of vulnerable items in the Vulnerability Response application of actions that are required to fix vulnerabilities.
Deployment: Deployment for the purposes of this integration refers to when you apply, initiate, or schedule a patch to a machine. BigFix calls these deployments, actions. You can deploy (create actions) for the patches you downloaded from BigFix in your ServiceNow AI Platform. Navigate to discovered items, patches, or remediation tasks from individual records in Vulnerability Response. You can deploy patches with scheduled jobs to individual machines or to computer groups.
Deployment in the ServiceNow AI Platform can also refer to an integration that supports multi-source. A single integration existence is referred to as a deployment of your integration. A deployment refers to the integrations and products across your environment. For example, you might have multiple deployments of the BigFix Vulnerability integration in your environment.

Vulnerability Solution Management and the Vulnerability Response Patch Orchestration with HCL BigFix Integration

Solution management is provided by the Vulnerability Solution Management application, a ServiceNow AI Platform application that correlates your vulnerability findings with the breakdown of the solutions (patches) that remediates them. Identify the software patches from third parties for products and services, configuration updates, and other controls that have the highest impact for your organization. Along with third-party scanner information, the Solution Management for Vulnerability Response, Vulnerability Response, and the Vulnerability Response Patch Orchestration with HCL BigFix applications work together to roll preferred patches up from the solution, to the vulnerability, to the vulnerable item to help you fix and close vulnerabilities to your environment.

The Solution Management for Vulnerability Response, Vulnerability Response, and the Vulnerability Response Patch Orchestration with HCL BigFix Integration are all available in the ServiceNow® Store.

Required ServiceNow AI Platform roles

The integration installation, configuration, and remediation tasks require the following roles in your  ServiceNow AI Platform instance.

admin: Users with this role get entitlements for applications in the ServiceNow Store and downloads them to ServiceNow AI Platform instances.
sn_vul.vulnerability_admin: Users with this role activate applications in the ServiceNow AI Platform instance and completes the configuration of the Vulnerability Response application. This role has complete access to the Vulnerability Response (VR) application and its records. This admin user configures all VR applications, rules, and third-party integrations.
sn_vul_bigfix.configure_integration: Users with this role configure the BigFix Patch Orchestration Integration application. This role contains the sn_vul_bigfix.read_integration granular role.
sn_vul_bigfix.read_integration: Users with this role can view (read only) the  records of the Vulnerability Response and the BigFix Patch Orchestration Integration application and patch orchestration data.
sn_vul_patch_orch.configure_patch: Users with this role can configure and apply patches.
sn_vul_patch_orch.read_patch: Users with this role can view (read only) patch information.
Approvers: Assign uses to the Approver level 1 and Approver level 2 approver groups if you want submitted patch requests approved prior to deployment.

For more information about assigning these roles using the Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about the Vulnerability Response roles in your ServiceNow AI Platform, see Vulnerability Response personas and granular roles.

CI lookup rules

When data is imported from the BigFix application,  the Vulnerability Response application automatically searches for matches in the  Configuration Management Database (CMDB) using machine (asset) data. CI lookup rules are used to identify CIs (assets) and add them automatically to vulnerable item (VI) records when VIs are created.

The following CI lookup rules are shipped with the base system and are used to identify CIs (assets) and add them to the Vulnerability Response application:

MAC_ADDRESS
IP_ADDRESS
DNS_NAME

You can use multiple values for the IP_ADDRESS of an asset. A CI lookup rule considers all values for matching. For more information about how CI lookup rules and how they work, see Configuring lookup rules.

MID Server

The Vulnerability Response Patch Orchestration with HCL BigFix integration is an on-premises integration. It requires a standalone MID Server that is not part of a MID Server cluster. The MID server is required to runs scripts on remote machines from your instance in order to import data from the BigFix server. APIs for this integration are called using MID Servers that you set up in your ServiceNow AI Platform instance. See Prepare for the Vulnerability Response Patch Orchestration integration with HCL BigFix for more information.