CIS-CAT Assessor

Compares the configuration of a target system to CIS Benchmark recommendations and reports conformance on a scale of 0-100

Object Representation (YAML)

id: String
name: String
type: String
depends: [String]
tags: [String]
condition: Boolean
each: Array
while: String
until: String
verbosity: String
ignore_errors: Boolean
tool_version: String
tool_options: Object
properties:
  cwd: String
  exe_path: String
  sessions_content: String
  sessions_path: String
  starting_directory: String
  benchmark: String
  profile: String
  logging_option: String
  report_directory: String
  report_prefix: String
  html_report: Boolean
  csv_report: Boolean
  txt_report: Boolean
  json_report: Boolean
  no_arf: Boolean
  no_report_file: Boolean
  non_pass_results: Boolean
  no_timestamp: Boolean
  url: String
  ignore_warnings: Boolean
  extra_properties:
    - property: String
      value: String
  args: String
  config_content: String
  config_path: String
  properties_content: String
  properties_path: String

Fields

Property Details
id *

String

A unique identifier for the step.

Can contain hyphens and underscores, but not spaces.
name *

String

A friendly name for the step. This name will appear in the pipeline designer and run output.
type *

String

The type of the step. Can be pipeline or a step module type.
depends[]

[String]

A list of dependencies of this step.

This step will not be executed until all steps with ids in this list are finished executing.
tags[]

[String]

Tags are used to group related steps. Steps with the same tag can be retrieved using the findStepsByTag() helper function.

Can contain hyphens and underscores, but not spaces.
condition

Boolean

An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The step.result.status field will be "Skipped".
each

Array

An expression which evaluates to an array. It is evaluated once before the first iteration. There will be one iteration for each element of the array. An empty array ([]) will results in no iterations being executed.
while

String

A boolean expression evaluated before each iteration. When the expression evaluates to false, iteration stops. If false before the first iteration, no iterations will be executed.
until

String

A boolean expression evaluated after each iteration. When the expression evaluates to true, iteration stops. The first iteration will always be excuted with no regard for the value of the expression.
verbosity

String

Step event verbosity. Determines how much information about step execution is sent back to the application.
ignore_errors

Boolean

If true, errors in the step module will not halt pipeline execution, and subsequent steps will still be executed. The step.result.status field will be "Failed" if the step encounters an error.
tool_version

String

The version to use for tool installation.
tool_options

Object

-

properties.cwd

String

Path to CIS-CAT Assessor-CLI directory with Assessor-CLI.sh file. Default to . (the run directory).
properties.exe_path

String

Path to Assessor-CLI.sh file.
properties.sessions_content

String

Inline sessions properties content. Provide exactly one of sessions_content or sessions_path.
properties.sessions_path

String

Path to an existing sessions properties on the agent. Provide exactly one of sessions_content or sessions_path.
properties.starting_directory

String

Configure the relative root folder from which other options, such as benchmarks, can be found.
properties.benchmark

String

Either the full filepath to the assessment content or a path relative to the starting directory. Benchmark represents either a Benchmark XCCDF file, or the SCAP 1.2-formatted Data-stream Collection file.
properties.profile

String

Either a profile name, such as Level 1, or the profile ID, such as xccdf_org.cisecurity.benchmarks_profile_Level_1
properties.logging_option

String

Option to control the application log file generation.
properties.report_directory

String

Report destination folder, allowing to configure the location to which result reports are written.
properties.report_prefix

String

Configure the "front" portion of the report name generated by the tool. Every report will automatically be of the format [report-prefix]-[timestamp].[extension].
properties.html_report

Boolean

Generate an HTML report.
properties.csv_report

Boolean

Generate a CSV report.
properties.txt_report

Boolean

Generate a plain text report.
properties.json_report

Boolean

Generate a JSON report.
properties.no_arf

Boolean

Disable the generation of Asset Reporting Format (ARF) XML results. The ARF report is the default report generated by the Assessor.
properties.no_report_file

Boolean

Disables generation of a results report file. When utilizing the url option, Assessor results are uploaded to the supplied URL. In that use-case, report files are generally not needed.
properties.non_pass_results

Boolean

Generate a JSON report for non-pass configuration assessment results.
properties.no_timestamp

Boolean

Do not include a timestamp in the auto-generated report name.
properties.url

String

A URL to which Assessor results are uploaded, using HTTP(S) POST.
properties.ignore_warnings

Boolean

Indicate that, when uploading results to a URL via the url option, any SSL certificate warnings should be ignored.
properties.extra_properties[]

[Object]

Specify individual properties using {property: value} pair instead of creating a new properties file for unique assessments.
properties.extra_properties[].property *

String

Individual property name.
properties.extra_properties[].value *

String

Individual property value.
properties.args

String

Extra command line arguments to pass to Assessor CLI.
properties.config_content

String

Inline configuration content. Provide exactly one of config_content or config_path
properties.config_path

String

Path to an existing configuration file on the agent. Provide exactly one of config_content or config_path
properties.properties_content

String

Inline Assessor CLI properties content. Provide exactly one of properties_content or properties_path
properties.properties_path

String

Path to an existing Assessor CLI properties file on the agent. Provide exactly one of properties_content or properties_path

Result Fields

The following are the step execution result fields available at steps.<step id>.result after a step executes.

Key Details
result.status

String

A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.