Compliance Custom module

Documentation page describing Compliance Custom module usage.

Feature’s goals

The Compliance Custom module allows:

  • the creation of new rules
  • the duplication of existing rules
  • the edition of custom rules

Activate the feature

The full activation of the module requires a pre-activation by Cyberwatch.

You can send us an e-mail at support@cyberwatch.com to ask for this pre-activation.

Once this pre-activation is effective, you can go to the Administration page and activate “Custom analyses”.

Rules evaluation

To understand how rules are evaluated in Cyberwatch, consult the documentation section on the rules evaluation.

Create a custom rule

  1. Go to the Compliance rules encyclopedia
  2. Click on the button + Add

  3. Fill in the fields of the rule creation form:

    • Reference: unique reference for each rule (e.g., CIS-debian-9-2.3.4)
    • Name: brief description of the rule’s goal (e.g., Ensure telnet client is not installed)
    • Description: description of the product/configuration concerned
    • Rationale: description of security concerns linked to non-compliance
    • Audit: description of the analysis to be conducted (e.g., Ensure package name equals 'telnet' is not installed)
    • Remediation: technical solution to become compliant
    • Script type: language of the script that will be run
    • Script content: complete code of the script
    • Regular expression of compliance: regular expression the script’s output has to match to be compliant with the rule
    • Regular expression of non-compliance: regular expression the script’s output has to match to be non-compliant with the rule
    • Concerned operating systems: list of operating systems to which the rule applies
    • Admin rights: whether the script requires admin rights to be run
    • Level: compliance level of the rule
    • Repositories: repositories to which the rule will be added
  4. Accept the terms of service that come with the creation of a custom compliance rule
  5. Save

If all fields are valid, the rule will immediately be added to the Rule encyclopedia.

Duplicate a rule

  1. Go to the Compliance rules encyclopedia
  2. Click on the reference of the rule to duplicate
  3. In the rule’s specific page, click on the button “Actions > Duplicate rule”
  4. Modify the fields in the form. These fields are automatically filled with the duplicated rule fields
  5. Accept the terms of service that come with the creation of a custom compliance rule
  6. Save

If all fields are valid, the rule will immediately be added to the Rule encyclopedia.

Among the default rules, only those with an SCE script can be duplicated. It is also possible to duplicate custom rules. However, there are limitations when duplicating rules that have multiple checks.

Edit a custom rule

Only rules created with the Compliance custom module can be edited.

  1. Go to the Compliance rules encyclopedia
  2. Click on the reference of the rule to duplicate
  3. In the rule’s specific page, click on the button “Actions > Edit”
  4. Modify the fields in the form. These fields are automatically filled with the edited rule fields
  5. Accept the terms of service that come with the creation of a custom compliance rule
  6. Save

If all fields are valid, the rule will immediately be updated in the Rule encyclopedia.

Delete a custom rule

Only rules created with the Compliance custom module can be deleted.

  1. Go to the Compliance rule encyclopedia
  2. Click on the reference of the rule to delete
  3. In the rule’s specific page, click on the button “Actions > Delete”
  4. Accept the deletion popup

The rule is immediately deleted from the Rule encyclopedia.

Back to top

English Français Español