HCL BigFix SOAP protocol configuration options (formerly known as IBM BigFix)

To receive Log Event Extended Format (LEEF) formatted events from HCL BigFix® appliances, configure a log source that uses the HCL BigFix SOAP protocol.

Important: HCL BigFix is formerly known as IBM® BigFix.

This protocol requires HCL BigFix versions 8.2.x to 9.5.2, and the Web Reports application for HCL BigFix.

The HCL BigFix SOAP protocol is an outbound/active protocol that retrieves events in 30-second intervals over HTTP or HTTPS. As events are retrieved, the HCL BigFix DSM parses and categorizes the events.

The following table describes the protocol-specific parameters for the HCL BigFix SOAP protocol:
Table 1. IBM BigFix SOAP protocol parameters
Parameter Description
Protocol Configuration HCL BigFix SOAP
Log Source Identifier

Type a unique name for the log source.

The Log Source Identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Log Source Name. If you have more than one configured HCL BigFix SOAP log source, ensure that you give each one a unique name.

Use HTTPS If a certificate is required to connect with HTTPS, copy the required certificates to the following directory: /opt/qradar/conf/trusted_certificates. Certificates that have following file extensions: .crt, .cert, or .der are supported. Copy the certificates to the trusted certificates directory before the log source is saved and deployed.
SOAP Port By default, port 80 is the port number for communicating with HCL BigFix. Most configurations use port 443 for HTTPS communications.
Username The username that you use to access BigFix.
Password The password that you use to access BigFix.
Polling Interval (In Minutes) The number of minutes between queries to the log files to check for new data. The default is 15 minutes. The minimum value for the polling interval is 1 minute, and the maximum value is 60 minutes.