Configuration Compliance imported data
The Configuration Compliance application imports policies, tests, authoritative sources, and test results from third-party integrations and stores them in modules for viewing.
| Terminology prior to v14.9 | Terminology v14.9 onwards |
|---|---|
| Test Result Group | Remediation Task |
| Group Rules | Remediation Task Rules |
| Policy | Test group |
Supported integrations
Third-party integrations import configuration assessment findings, test groups, tests, technologies, authoritative sources, and test results into the Configuration Compliance application. Vulnerability managers or vulnerability analysts can use this data to identify and respond to the configuration-related vulnerabilities on your assets.
For more information about supported integrations, see Configuration Compliance integrations.
Test groups
Test Groups are related to authoritative documents and test records. A group of configuration tests define Test Groups. Test Groups typically align to a technology class, for example, Windows, Oracle databases, Cisco IOS, and are often derived from the primary industry standard. Test Groups can be modified to meet the needs of the organization. A single Configuration Test can belong to multiple test groups.
| Integration | Description |
|---|---|
| Qualys Vulnerability Integration | Test groups are retrieved and Control IDs are populated by the scheduled job, Qualys PC Policies at 1:00AM. You can view the scheduled job by navigating to .
Note: If you choose to run the integration manually, run Qualys PC Policies first. |
| Tenable Vulnerability Integration | The scheduled job Tenable.io Compliance Results Integration imports policies. If you choose to run the integrations manually, run the integrations in the following order until you reconcile any ignored assets with
assessment data:
To view the policy record, navigate to . To correctly identify and create the test group records, audit information for test groups is imported and displayed in the Short description field. |
Tests
Tests are libraries of data records that organize scans of computing assets. Configuration tests define how a class of technology assets should be governed.
A Configuration Compliance test is the mechanism third-party integration applications use to group assets by vulnerability type. Some third-party VA scanning solutions such as Qualys have very large libraries of tests (as many as 8,000) that are mapped to policies and "frameworks" of authoritative sources.
A Test can have many values, one-to-many, expected vs. actual, and so on. A test is anything that can be used to identify a class of software or hardware asset that is out of compliance. For example, a release or hardware number.
| Integration | Description |
|---|---|
| Qualys Vulnerability Integration | The scheduled job, Qualys PC Controls, retrieves the tests. You can view the scheduled job by navigating to . Note: If you choose to run the integration manually, run Qualys PC Controls after Qualys PC Policies. |
| Tenable Vulnerability Integration | The scheduled job Tenable.io Compliance Results Integration imports configuration tests (Tests). If you choose to run the integrations manually, run the integrations in the following order until you reconcile any
ignored assets with assessment data:
To view the Configuration Test record, navigate to . On the record, imported data is displayed in the Short description field and Remediation Status, Description, and Remediation tabs. Data is also displayed on the Citations, Policies, and Test Results Related Links. |
Technologies
One of the techniques used by third-party vulnerability scanners to create test groups of software and hardware configuration items for analysis is to organize them by technology. Technologies are an imported library of OSes, network devices, databases, and apps that are associated with policies. Tests have multiple implementations for different technologies. Remediation is technology-specific, as well.
You can view the applicable technologies for a test, to better understand what kinds of software or hardware assets the control can be applied to. Examples of technologies that can be applied to controls include CentOS 7.x, Windows 8.1, Windows 2016 Server, and so on. The list of technologies is read-only and match the technologies defined in the Qualys Cloud Platform application.
Technologies are imported for database-related configuration assessments only. The db_type (if not empty) in the import is used to create a technology. View technologies populated on the Technologies section on configuration test records, test result records, policy records and at .
Authoritative sources
Authoritative sources and citations (also known as mandates) are imported from the third-party vulnerability scanners.
Authoritative source records contain references to information about known software and hardware configuration issues from experts in the field of computer security. They define requirements for security policies and procedures. Configuration tests can reference multiple authoritative sources through citations. Authoritative sources can report on compliance for a given standard in preparation for an audit.
| Integration | Description |
|---|---|
| Qualys Vulnerability Integration | The scheduled job, Qualys PC Policies Detail, retrieves the authoritative sources and citations. You can view this scheduled job by navigating to . Note: If you choose to run the integration manually, run Qualys PC Policies Detail after Qualys PC Policies. |
| Tenable Vulnerability Integration | The scheduled job Tenable.io Compliance Results Integration imports authoritative sources as part of Citations data. If you choose to run the integrations manually, run the integrations in the following order until
you reconcile any ignored assets with assessment data:
Data is displayed on the Citations related link on configuration test records. |
Test results
Configuration Compliance does not calculate the test results, but imports them as part of a third-party integration. Once they are viewable in Configuration Compliance, they are remediated using Remediation Tasks. See Configuration Compliance correlation for more information.
| Integration | Description |
|---|---|
| Qualys Vulnerability Integration |
You can retrieve the test results in one of the following ways: The scheduled job, Qualys PC Results, retrieves the test results. You can view this scheduled job by navigating to . Note:
If you choose to run the integration manually, run Qualys PC Results after Qualys PC Policies and Qualys PC Policies Detail. The Qualys PC Results import uses the Start Time parameter in the Integration Details tab. All other Configuration Compliance imports bring in all available data regardless of Start Time. When the Qualys PC Results import is complete, an event is fired to trigger end-of-import calculations. For more information see, Configuration Compliance states. Alternatively, starting from V14.5, you can also run the following integrations to retrieve the test results:
|
| Tenable Vulnerability Integration | The scheduled job Tenable.io Compliance Results Integration imports Test Results. If you choose to run the integrations manually, run the integrations in the following order until you reconcile any ignored assets
with assessment data:
To view the Configuration Test record, navigate to . On the record, imported data is displayed in theTest, and Configuration Item fields. Data is also displayed on the Expected Values, Actual Values, and Remediation tabs. The Remediation Tasks and Test Result History Related Links are populated. |