Modifying out-of-the-box component templates

During the installation of Compliance Content libraries, groups of out-of-the-box component templates are saved in TrueSight Server Automation. These templates contain compliance rules for regulatory standards and best practice policies (HIPAA, PCI, SOX, DISA, and CIS), and were designed specifically for analyzing compliance with these policies.

For a full list of Compliance Content component templates, see Overview-of-Compliance-Content-add-ons.

This topic contains the following sections related to modifying the out-of-the-box Compliance Content component template:


Considerations for modifying Compliance Content component templates

If necessary, you can modify and refine the Compliance Content component templates to suit your unique needs. For procedures for editing and modifying component templates, see Editing-a-component-template.

When editing these templates, note their special characteristics:

  • On the General tab of all Compliance Content component templates, only the Discover and Compliance operations are allowed. Remediation of compliance results is also allowed, but not auto-remediation.
  • On the Discover tab, the signature is designed to discover components that run a specific operating system and sometimes a specific OS version.
  • Multiple compliance rules are grouped together in rule groups on the Compliance tab. Reference numbers for these rule groups and rules follow a decimal (or scientific) numbering system, to enable easy navigation of the rules. You can open any rule to view its description on the General tab in the Rule Editor. Some rules include remediation options on the Remediation tab in the Rule Editor. The rule itself appears on the Rule Definition tab in the Rule Editor, and should be modified only by expert users who are highly proficient in both the regulatory standard or policy and in the task of defining compliance rules.

    For full instructions on defining or modifying compliance rules, see Adding-or-editing-a-compliance-rule.

Limitations in the export and import of Compliance Content

After you edit the component templates and tailor them to your needs, you might want to export them from one TrueSight Server Automation system and import them to multiple other TrueSight Server Automation systems. For information about exporting and importing TrueSight Server Automation objects, see Import-and-export-concepts.

To successfully use the imported component templates, note the following limitations in the export and import of Compliance Content:

  • The batch-type Scale Jobs provided by TrueSight Server Automation Compliance Content are not exported and imported along with the component templates. You must export and import them separately.
  • The following directories, which contain NSH scripts used by the compliance rules, must be copied manually to the target TrueSight Server Automation systems:
    • appserverInstallDirectory/share/sensors on the Application Server
    • appserverInstallDirectory/storage/extended_objects on the file server

Uncommenting duplicate rules for rule-group remediation

Within the SOX component templates, certain rules are duplicated and appear in two different rule groups. This duplication enables you to remediate components that failed a SOX Compliance Job for a single rule group rather than for all compliance rules in the component template.

However, since remediation at the template level is expected to be more common than remediation at rule group level, the component template is delivered out-of-the-box with all such duplicate rules commented out, so that remediation at template level is performed only once (for the first occurrence of the rule).

If you plan to remediate failed SOX components for a single rule group, you must uncomment the duplicate rules within the rule group before you run the SOX Compliance Job (as described below). 

Click here see the duplicate rules across rule groups in the various SOX component templates.

Note

In addition to the rules listed in the following table, which are duplicated across rule groups, several rules are duplicated within the same rule group. In the case of rules duplicated within the same group, the later appearance of the rule (that is, the rule with the higher reference number) is not commented out. Instead, remediation is turned on only for the first occurrence of the rule, while turned off for any duplicate occurrence of the rule within the group. The following rules are duplicated within the same rule group:

  • In the SOX - AIX component template: DS 9.1.2.1 as DS 9.1.5.12 and DS 9.1.5.13
  • In the SOX - Windows Server 2003 component template:
    • DS 5.5.1.1 as DS 5.5.3
    • DS 5.5.1.4 as DS 5.5.2
    • DS 5.5.1.8, DS 5.5.1.10, and DS 5.5.1.12 in DS 5.5.6

The macro csv from Confluence is no longer available.

To uncomment rules

  1. On the Compliance tab in the content editor of the relevant component template, navigate to the compliance rule or rules that you want to uncomment.
  2. Select one or more compliance rules, right-click, and select Uncomment.