CIS-CAT Assessor

Compares the configuration of a target system to CIS Benchmark recommendations and reports conformance on a scale of 0-100

Object Representation (YAML)

id: String
name: String
type: String
depends: [String]
tags: [String]
condition: Boolean
each: Array
verbosity: String
ignore_errors: Boolean
properties:
  cwd: String
  exe_path: String
  sessions_content: String
  sessions_path: String
  starting_directory: String
  benchmark: String
  profile: String
  logging_option: String
  report_directory: String
  report_prefix: String
  html_report: Boolean
  csv_report: Boolean
  txt_report: Boolean
  no_arf: Boolean
  no_report_file: Boolean
  non_pass_results: Boolean
  url: String
  ignore_warnings: Boolean
  extra_properties:
    - property: String
      value: String
  args: String
  config_content: String
  config_path: String
  properties_content: String
  properties_path: String

Fields

PropertyDetails
id *

String

A unique identifier for the step.

Can contain hyphens and underscores, but not spaces.

name *

String

A friendly name for the step. This name will appear in the pipeline designer and run output.

type *

String

The type of the step. Can be pipeline or a step module type.

depends[]

[String]

A list of dependencies of this step.

This step will not be executed until all steps with ids in this list are finished executing.

tags[]

[String]

Tags are used to group related steps. Steps with the same tag can be retrieved using the findStepsByTag() helper function.

Can contain hyphens and underscores, but not spaces.

condition

Boolean

An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The step.result.status field will be "Skipped".

each

Array

An array of elements to execute the step once for each of them.

verbosity

String

Step event verbosity. Determines how much information about step execution is sent back to the application.

ignore_errors

Boolean

If true, errors in the step module will not halt pipeline execution, and subsequent steps will still be executed. The step.result.status field will be "Failed" if the step encounters an error.

properties.cwd

String

Path to CIS-CAT Assessor-CLI directory with Assessor-CLI.sh file. Default to . (the run directory).

properties.exe_path *

String

Path to Assessor-CLI.sh file.

properties.sessions_content

String

Inline sessions properties content. Provide exactly one of sessions_content or sessions_path.

properties.sessions_path

String

Path to an existing sessions properties on the agent. Provide exactly one of sessions_content or sessions_path.

properties.starting_directory

String

Configure the relative root folder from which other options, such as benchmarks, can be found.

properties.benchmark

String

Either the full filepath to the assessment content or a path relative to the starting directory. Benchmark represents either a Benchmark XCCDF file, or the SCAP 1.2-formatted Data-stream Collection file.

properties.profile

String

Either a profile name, such as Level 1, or the profile ID, such as xccdf_org.cisecurity.benchmarks_profile_Level_1

properties.logging_option

String

Option to control the application log file generation.

properties.report_directory

String

Report destination folder, allowing to configure the location to which result reports are written.

properties.report_prefix

String

Configure the "front" portion of the report name generated by the tool. Every report will automatically be of the format [report-prefix]-[timestamp].[extension].

properties.html_report

Boolean

Generate an HTML report.

properties.csv_report

Boolean

Generate a CSV report.

properties.txt_report

Boolean

Generate a plain text report.

properties.no_arf

Boolean

Disable the generation of Asset Reporting Format (ARF) XML results. The ARF report is the default report generated by the Assessor.

properties.no_report_file

Boolean

Disables generation of a results report file. When utilizing the url option, Assessor results are uploaded to the supplied URL. In that use-case, report files are generally not needed.

properties.non_pass_results

Boolean

Generate a JSON report for non-pass configuration assessment results.

properties.url

String

A URL to which Assessor results are uploaded, using HTTP(S) POST.

properties.ignore_warnings

Boolean

Indicate that, when uploading results to a URL via the url option, any SSL certificate warnings should be ignored.

properties.extra_properties[]

[Object]

Specify individual properties using {property: value} pair instead of creating a new properties file for unique assessments.

properties.extra_properties[].property *

String

Individual propertiy name.

properties.extra_properties[].value *

String

Individual propertiy value.

properties.args

String

Extra command line arguments to pass to Assessor CLI.

properties.config_content

String

Inline configuration content. Provide exactly one of config_content or config_path

properties.config_path

String

Path to an existing configuration file on the agent. Provide exactly one of config_content or config_path

properties.properties_content

String

Inline Assessor CLI properties content. Provide exactly one of properties_content or properties_path

properties.properties_path

String

Path to an existing Assessor CLI properties file on the agent. Provide exactly one of properties_content or properties_path

Result Fields

The following are the step execution result fields available at steps.<step id>.result after a step executes.

KeyDetails
result.status

String

A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.