In my previous post titled Introduction to VMware vRealize Automation SaltStack SecOps, I provided an introduction to VMware Aria Automation SaltStack Automation SecOps, as well as a brief history and overview of the product’s capabilities. In this post, I’ll dive deeper into the product’s compliance management capabilities.
Compliance checks are at the foundation of VMware Aria Automation SaltStack SecOps compliance management. These checks provide the information necessary to identify the purpose of the check, the operating systems it applies to, the rationale for the check, and, more importantly, the state file responsible for implementing/remediating the check. VMware Aria Automation SaltStack SecOps includes thousands of built-in checks corresponding to various CIS and DISA STIG benchmarks. Additionally, VMware provides the SaltStack SecOps Compliance Custom Content SDK that allows customers to define and implement custom checks within the product. Most checks contain the following data:
Benchmarks build upon checks by grouping together various checks required to implement an industry compliance benchmark, such as CIS benchmarks or DISA STIGs. Each benchmark consists of the following items:
Compliance policies define the relationship between compliance content (benchmarks and checks) and the minions assessed. They allow you to specify which benchmark checks are applied to which minions, the required configuration inputs for the various benchmark checks, and a schedule for evaluating the minions for compliance. Additionally, compliance policies contain compliance assessment and remediation data, benchmark check exemptions, and minion exemptions.
When defining a new compliance policy, a wizard walks you through the process of providing the following information:
After defining all of the required information, you can save the policy and begin assessing compliance. When the assessment process is complete, you can review and remediate the findings, add exemptions, and modify the policy.
When the policy assessment is complete, you are provided several options that are separated into different tabs and the option to Remediate All minions. These tabs include Checks, Minions, Exemptions, Report, and Activity.
The Checks tab lists all the checks included in the policy and the number of minions per each status: Compliant, Non-Compliant, Not Applicable, Error, or Unknown. Clicking on a specific check loads the details of the check and the details for the last assessment and remediation. You can select the Non-Compliant minions and click the REMEDIATE button to begin the remediation process or click EXEMPTION to add an exemption to the policy for the specific check/minion combination.
The Minions tab provides assessment results grouped per minion. After selecting a minion, a minion details report lists the state of all policy checks for the minion. From here, you can choose individual checks to either remediate or exempt.
The Exemptions tab displays all exemptions defined within the policy during your review of the Checks or Minions tabs. Exemptions can be defined for the same check multiple times to group various minions into separate exemptions. When an exemption is defined, you provide a reason for each exemption. These exemptions and their reasons are displayed here. You can expand the exemption details and click the REMOVE EXEMPTION button if an exemption is no longer needed.
The Report view provides an overview of the assessment and allows you to download the details formatted as JSON. The JSON results are provided for download inside a .zip file.
The activity tab lists all activities related to the policy. These activities include jobs such as policy assessments and remediations. Each job in the list provides a link to download the job details.
Aria Automation SaltStack SecOps provides several options for remediating compliance policy findings. The possibilities include remediating all findings for the entire compliance policy, remediating one or more findings for all minions, remediating all findings for one or more minions, and remediating one or more findings for a particular minion.
The first option is to remediate all findings for a specific compliance policy. This task is accomplished by selecting the particular compliance policy and clicking the REMEDIATE ALL button in the top right corner.
The next option is to remediate one or more findings for all minions. This task is accomplished by selecting the particular compliance policy. Then, select the specific checks you wish to remediate from the Checks tab and click the REMEDIATE button.
To remediate all findings for one or more minions, start by selecting the Minions tab. Next, choose the minions you wish to remediate and click the REMEDIATE button.
The final option is to remediate specific findings for a single minion. To accomplish this task, select the Minions tab, then click the name of the minion you wish to remediate. Next, choose the checks you want to remediate from the Last assessment tab and click the REMEDIATE button.
VMware Aria Automation SaltStack SecOps provides a powerful tool to assess and remediate minions based on industry benchmarks such as CIS and DISA STIGs. Policy definitions offer flexibility in how these policies are defined against the various minions. This flexibility allows numerous ways to customize policy implementations and exemptions to best fit your environment requirements. Additionally, using the SaltStack SecOps Compliance Custom Content SDK, you can define custom checks to be included within your Compliance Policies offering limitless customization capabilities.
Get Notified of Future Posts