With the recent release of the VMware vSphere 6.5 Virtual Machine STIG Version 1, Release 1, I needed to create new vRealize Operations alert content to verify compliance of my virtual machines. Combined with the automated alert remediation process I described in a previous post, ensuring compliance with the new STIG requirements is easy. See the link at the bottom of the page to download the alert content XML. Unfortunately, the following STIG items can’t be verified by vRealize Operations either because the checks are user process related or the configuration values aren’t currently collected by vRealize Operations:
Update: On Oct 25, 2019, DISA released the first update to the VMware vSphere 6.5 STIGs As of today, the Defense Information Systems Agency has made available the first STIGs for VMware vSphere 6.5. These STIGs can be downloaded from DoD Cyber Exchange here: DISA Virtualization STIG Downloads. The VMware vSphere 6.5 STIG ZIP file contains the following: VMware vSphere 6.5 Version 1 Release 1 - Overview PDF VMware vSphere 6.
Why Use a VMware vSphere Platform Service Controller? As mentioned in a previous post, Splunk Enterprise is a fantastic application for handling the massive amount of log data generated by VMware virtualization environments. Since every VMware vCenter deployment includes at least a single Platform Service Controller (PSC), you can easily configure your Splunk Enterprise deployment to use the same authentication services making it easier to access your log data. Items to Keep in Mind Splunk Enterprise requires that the following information be passed back as part of the SAML assertion from the IdP: Role Splunk Enterprise will use the following information if it is passed back as part of the SAML assertion from the IdP: Email, Real Name As of Splunk Enterprise version 7.