Working with compliance scan policies

Compliance is the process of determining whether the systems in your environment meet a specific standard. That standard might be a regulatory standard, such as DISA or SOX, or some type of internal standard defined by an organization.

When you create a compliance policy scan in Automation Console, it creates a compliance scan job in TrueSight Server Automation. The job scans the selected asset groups and displays the results on the Manage Compliance Policies > Scan Run Results page. While creating a compliance policy scan, you select a compliance template. These compliance templates are the ones defined in TrueSight Server Automation. A compliance template consists of compliance rules that you want the server to adhere to. 

Important

You can create a compliance policy scan only if you access the Automation Console in the TSSA endpoint, which is associated with the TrueSight Server Automation endpoint manager.

For managing compliance, your TrueSight Server Automation version must be 21.02 or later.


To add a compliance scan policy

On the Manage > Manage Compliance Scan Policies page, click Create Compliance Policy Scan and do the following:

  1. Click Browse to select a compliance scan policy template.
    Compliance templates available in TrueSight Server Automation appear. Compliance templates that have local instances defined in TrueSight Server Automation do not appear in the list.
  2. Enter a unique name for the scan policy.
  3. Select a risk score for the policy. 
  4. Click Select Asset Groups and select one or more asset groups (server smart groups or static groups in Server Automation) on which you want to run this compliance scan job. 
  5. In the Policy Schedule section, specify a schedule for the policy:
    1. Daily: Click the clock icon in the Time field, and specify the time.
    2. Weekly
      1. From the Recur Every list, select the number of weeks after which the policy should run again. 
      2. Click the clock icon in the Time field, and specify the time.
      3. Specify the days of the week when the schedule should run.

    3. Monthly: Click the clock icon in the Time field, specify the time, and then specify one of these options:

      • Specify the frequency (first, second, third, or fourth) and the day of the week for the schedule.
      • Specify the day in every month when the schedule should run. 
      • Select the last day of every month.  

      The schedule summary is displayed.

  6. Save the policy. 

After you save the compliance scan policy, it appears on the Manage Compliance Scan Policies page with the asset scope and the status as Enabled and runs as per the schedule defined in the policy.  

To run a compliance scan policy

You can run a patch policy immediately after adding it. You cannot execute a policy that is disabled or already running.

On the Manage > Manage Compliance Scan Policies page, do the following:

  1. Select a policy and click Actions > Execute now.
  2. Click Continue

To run compliance scan policies imported from TrueSight Server Automation

You can import a compliance job from TrueSight Server Automation and to schedule and run a compliance job.

On the Manage > Manage Compliance Scan Policies > Create Compliance Scan Policies page, do the following:

  1. Select Import Compliance Scan Policy.
    image-2024-6-18_12-59-12.png
  2. In the Scan Details section, click Browse, to select the compliance job from TrueSight Server Automation.
  3. Select the required compliance job from the list to import it to TrueSight Automation Console.
    compliance job.png
  4. Select the applicable risk score for the imported compliance job.
  5. In the Asset Selection, click Select Asset Groups to select the asset group for the compliance job as follows:
    1. Select Smart Group or Static Group as the Asset Group Type.
    2. In the table, select the checkbox corresponding to the Asset Group Name.

    3. Click Select.

      Important

      An error is displayed, and you will not be able to import the compliance job from TrueSight Server Automation in the following cases:

      • If multiple templates are present in the compliance job. 
      • If the compliance job is created with a component or a component template.
      • If a compliance job is created by selecting an individual server.
      • If a compliance job is created with multiple schedules.
      • If a compliance job contains any configured notifications.
  6. Schedule the compliance scan job to run the compliance policy scan.
  7. Click Save.

Important

To avoid duplicate remediation of a compliance job, make sure not to import a compliance job that has auto-remediation enabled in TrueSight Server Automation.

To view compliance policy scan results

On the Manage Compliance Scan Policies page you can see the policies available in the product and additional information such as name, selected assets, last run date and time, and the status.

After a policy runs according to the schedule, the results are displayed on the Scan Results page.

To view the results, do the following:

  1. Click the policy name.
    The Scan Run Results page shows results of each policy scan according to the schedule.
  2. To view results for any previous scan, select the particular scan in the Scan Start Time column. 
    The following image shows the results of a policy scan.
    Compliance Policy Scan Results.png
    The following details are displayed: 
    • Date, time, duration, and status of the policy scan
    • Total number of assets scanned by the policy
    • Number of assets that were scanned successfully (Assets Compliant) or with warnings (Assets Non-Compliant), and failed scans (Assets Failed)
    • List of assets scanned by the policy and the number of compliant, non-compliant, and indeterminate rules
    • Logs for the policy that contains errors and warnings, if any
  3. To view the policy results for each asset, click the asset name. The following details are displayed:
    • Policy name and the scan date and time
    • Number and the list of rules evaluated, segregated into Compliant, Non-compliant, and Indeterminate stages. 

To disable or enable a compliance scan policy

You may want to stop running scanning policies for a while or the policy may no longer be relevant. You cannot disable a policy if it is used by any operation. In such a case, delete the operation first, and then disable the policy. 

On the Manage > Manage Compliance Scan Policies page, do these steps: 

  • Select a policy and click Actions > Disable and click Continue
    The policy status changes to Disabled and the policy no longer runs according to the schedule. It still appears in the Compliance scan policy list. 
  • Select a policy and click Actions > Enable.
    The policy status changes to Enabled and the policy runs according to the schedule.

To remove a compliance scan policy

You cannot delete a policy if it is used by any operation. In such a case, delete the operation first, and then delete the policy. 

When you remove a policy from the Automation Console it continues to exists in TrueSight Server Automation. 

On the Manage > Manage Compliance Scan Policies page, do the following:

  1. Select a policy and click Actions > Remove.
  2. Click Continue



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*