CIS-CAT Assessor

Compares the configuration of a target system to CIS Benchmark recommendations and reports conformance on a scale of 0-100

Object Representation (YAML)

id: String
name: String
depends: [String]
tags: [String]
condition: String
ignore_errors: Boolean
properties:
  cwd: String
  exe_path: String
  sessions_content: String
  sessions_path: String
  starting_directory: String
  benchmark: String
  profile: String
  logging_option: String
  report_directory: String
  report_prefix: String
  html_report: String
  csv_report: String
  txt_report: String
  no_arf: String
  no_report_file: String
  non_pass_results: String
  url: String
  ignore_warnings: String
  extra_properties: String
  args: String
  config_content: String
  config_path: String
  properties_content: String
  properties_path: String

Fields

PropertyDetails
id *

String

A unique identifier for the step.

Can contain hyphens and underscores, but not spaces.

name *

String

A friendly name for the step. This name will appear in the pipeline designer and run output.

depends[]

[String]

A list of dependencies of this step.

This step will not be executed until all steps with ids in this list are finished executing.

tags[]

[String]

Tags are used to group related steps. Steps with the same tag can be retrieved using the findStepsByTag() helper function.

Can contain hyphens and underscores, but not spaces.

condition

String

An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The step.result.status field will be "Skipped".

ignore_errors

Boolean

If true, errors in the step module will not halt pipeline execution, and subsequent steps will still be executed. The step.result.status field will be "Failed" if the step encounters an error.

properties.cwd

String

Path to CIS-CAT Assessor-CLI directory with Assessor-CLI.sh file. Default to . (the run directory).

properties.exe_path *

String

Path to Assessor-CLI.sh file.

properties.sessions_content

String

Inline sessions properties content. Provide exactly one of sessions_content or sessions_path.

properties.sessions_path

String

Path to an existing sessions properties on the agent. Provide exactly one of sessions_content or sessions_path.

properties.starting_directory

String

Configure the relative root folder from which other options, such as benchmarks, can be found.

properties.benchmark

String

Either the full filepath to the assessment content or a path relative to the starting directory. Benchmark represents either a Benchmark XCCDF file, or the SCAP 1.2-formatted Data-stream Collection file.

properties.profile

String

Either a profile name, such as Level 1, or the profile ID, such as xccdf_org.cisecurity.benchmarks_profile_Level_1

properties.logging_option

String

Option to control the application log file generation.

properties.report_directory

String

Report destination folder, allowing to configure the location to which result reports are written.

properties.report_prefix

String

Configure the "front" portion of the report name generated by the tool. Every report will automatically be of the format [report-prefix]-[timestamp].[extension].

properties.html_report

String

Generate an HTML report.

properties.csv_report

String

Generate a CSV report.

properties.txt_report

String

Generate a plain text report.

properties.no_arf

String

Disable the generation of Asset Reporting Format (ARF) XML results. The ARF report is the default report generated by the Assessor.

properties.no_report_file

String

Disables generation of a results report file. When utilizing the url option, Assessor results are uploaded to the supplied URL. In that use-case, report files are generally not needed.

properties.non_pass_results

String

Generate a JSON report for non-pass configuration assessment results.

properties.url

String

A URL to which Assessor results are uploaded, using HTTP(S) POST.

properties.ignore_warnings

String

Indicate that, when uploading results to a URL via the url option, any SSL certificate warnings should be ignored.

properties.extra_properties

String

Specify individual properties using {property: value} pair instead of creating a new properties file for unique assessments.

properties.args

String

Extra command line arguments to pass to Assessor CLI.

properties.config_content

String

Inline configuration content. Provide exactly one of config_content or config_path

properties.config_path

String

Path to an existing configuration file on the agent. Provide exactly one of config_content or config_path

properties.properties_content

String

Inline Assessor CLI properties content. Provide exactly one of properties_content or properties_path

properties.properties_path

String

Path to an existing Assessor CLI properties file on the agent. Provide exactly one of properties_content or properties_path

Result Fields

The following are the step execution result fields available at step.result after a step executes.

KeyDetails
result.status

String

A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.