I have been using vRealize Operations to monitor the compliance of virtual machines against the DISA VMware vSphere Virtual Machine STIG for quite some time now. With the release of the new VMware vSphere 6.5 Virtual Machine STIG, I have discovered that vRealize Operations does not collect all the necessary information out of the box to verify compliance with the new STIG rules. Rather than waiting for VMware to provide an update to vRealize Operations, I decided to utilize vRealize Orchestrator to add custom properties to the virtual machines in vRealize Operations using the vRealize Operations REST API.
As a follow-up to my previous post providing alert content for the VMware vSphere 6.5 Virtual Machine STIG Version 1, Release 1, I have also put together new alert content for the VMware vSphere 6.5 ESXi STIG Version 1, Release 1. See the link at the bottom of the page to download the alert content XML. The following STIG items cannot be verified by vRealize Operations because the checks are user process related, the configuration values are not currently collected by vRealize Operations, or the checks involve non-VMware assets (e.
With the recent release of the VMware vSphere 6.5 Virtual Machine STIG Version 1, Release 1, I needed to create new vRealize Operations alert content to verify compliance of my virtual machines. Combined with the automated alert remediation process I described in a previous post, ensuring compliance with the new STIG requirements is easy. See the link at the bottom of the page to download the alert content XML. Unfortunately, the following STIG items can’t be verified by vRealize Operations either because the checks are user process related or the configuration values aren’t currently collected by vRealize Operations:
Update: On Oct 25, 2019, DISA released the first update to the VMware vSphere 6.5 STIGs As of today, the Defense Information Systems Agency has made available the first STIGs for VMware vSphere 6.5. These STIGs can be downloaded from DoD Cyber Exchange here: DISA Virtualization STIG Downloads. The VMware vSphere 6.5 STIG ZIP file contains the following: VMware vSphere 6.5 Version 1 Release 1 - Overview PDF VMware vSphere 6.
Why Use a VMware vSphere Platform Service Controller? As mentioned in a previous post, Splunk Enterprise is a fantastic application for handling the massive amount of log data generated by VMware virtualization environments. Since every VMware vCenter deployment includes at least a single Platform Service Controller (PSC), you can easily configure your Splunk Enterprise deployment to use the same authentication services making it easier to access your log data. Items to Keep in Mind Splunk Enterprise requires that the following information be passed back as part of the SAML assertion from the IdP: Role Splunk Enterprise will use the following information if it is passed back as part of the SAML assertion from the IdP: Email, Real Name As of Splunk Enterprise version 7.