Configuration Compliance imported data

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 7 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuration Compliance imported data

    The Configuration Compliance application enables the import of policies, tests, authoritative sources, and test results from third-party integrations, allowing users to identify and address configuration-related vulnerabilities in their assets. It is essential for vulnerability managers and analysts to utilize this data effectively for maintaining compliance and security standards.

    Show full answer Show less

    Key Features

    • Terminology Changes: Terms have been updated in version 14.9, including "Test Result Group" to "Remediation Task Group" and "Rules" to "Remediation Task Rules".
    • Policies: Policies are derived from authoritative documents and can be modified to suit organizational needs. They are associated with various technology classes like Windows and Oracle databases.
    • Tests: Configuration tests define governance for technology classes and are linked to third-party vulnerability integrations, enabling comprehensive asset scanning.
    • Technologies: Imported technologies categorize software and hardware for assessment, matching those defined in the Qualys Cloud Platform.
    • Authoritative Sources: These sources provide essential compliance references, helping in generating alerts and ensuring adherence to industry standards.
    • Test Results: Results are imported from third-party integrations, and remediation tasks are initiated based on these results.

    Key Outcomes

    By utilizing the Configuration Compliance application, customers can:

    • Streamline the import of configuration data from various sources for effective vulnerability management.
    • Enhance compliance through the use of updated policies and tests tailored to their specific technology stacks.
    • Gain visibility into asset compliance and remediation efforts via structured data from authoritative sources and test results.
    • Facilitate better decision-making for security posture improvements through prioritized remediation tasks.

    The Configuration Compliance application imports policies, tests, authoritative sources, and test results from third-party integrations and stores them in modules for viewing.

    Note:
    Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v14.9 Terminology v14.9 onwards
    Test Result Group Remediation Task
    Group Rules Remediation Task Rules
    Policy Test group

    Supported integrations

    Third-party integrations import configuration assessment findings, policies, tests, technologies, authoritative sources, and test results into the Configuration Compliance application. Vulnerability managers or vulnerability analysts can use this data to identify and respond to the configuration-related vulnerabilities on your assets.

    For more information about supported integrations, see Configuration Compliance integrations.

    Policies

    Policies are related to authoritative documents and test records. A group of configuration tests define policies. Policies typically align to a technology class, for example, Windows, Oracle databases, Cisco IOS, and are often derived from the primary industry standard. Policies can be modified to meet the needs of the organization. A single Configuration Test can belong to multiple policies.

    Integration Description
    Qualys Vulnerability Integration Policies are retrieved and Control IDs are populated by the scheduled job, Qualys PC Policies at 1:00AM.
    You can view the scheduled job by navigating to Qualys Vulnerability Integration > Primary Integrations > Qualys PC Policies.
    Note:
    If you choose to run the integration manually, run Qualys PC Policies first.
    Tenable Vulnerability Integration The scheduled job Tenable.io Compliance Results Integration imports policies.
    If you choose to run the integrations manually, run the integrations in the following order until you reconcile any ignored assets with assessment data:
    • Tenable.io Assets Integration
    • Tenable.io Compliance Results Integration
    • Tenable.io Compliance Results Backfill Integration
    • Tenable.io Assets Integration
    • Tenable.io Compliance Results Backfill Integration

    To view the policy record, navigate to All > Configuration Compliance > Policies.

    To correctly identify and create the policy records, audit information for policies is imported and displayed in the Short description field.

    Tests

    Tests are libraries of data records that organize scans of computing assets. Configuration tests define how a class of technology assets should be governed.

    A Configuration Compliance test is the mechanism third-party integration applications use to group assets by vulnerability type. Some third-party VA scanning solutions such as Qualys have very large libraries of tests (as many as 8,000) that are mapped to policies and "frameworks" of authoritative sources.

    A Test can have many values, one-to-many, expected vs. actual, and so on. A test is anything that can be used to identify a class of software or hardware asset that is out of compliance. For example, a release or hardware number.

    Integration Description
    Qualys Vulnerability Integration The scheduled job, Qualys PC Controls, retrieves the tests. You can view the scheduled job by navigating to Qualys Vulnerability Integration > Primary Integrations > Qualys PC Controls.
    Note:
    If you choose to run the integration manually, run Qualys PC Controls after Qualys PC Policies.
    Tenable Vulnerability Integration The scheduled job Tenable.io Compliance Results Integration imports configuration tests (Tests).
    If you choose to run the integrations manually, run the integrations in the following order until you reconcile any ignored assets with assessment data:
    • Tenable.io Assets Integration
    • Tenable.io Compliance Results Integration
    • Tenable.io Compliance Results Backfill Integration
    • Tenable.io Assets Integration
    • Tenable.io Compliance Results Backfill Integration

    To view the Configuration Test record, navigate to Configuration Compliance > Tests. On the record, imported data is displayed in the Short description field and Remediation Status, Description, and Remediation tabs. Data is also displayed on the Citations, Policies, and Test Results Related Links.

    Technologies

    One of the techniques used by third-party vulnerability scanners to create test groups of software and hardware configuration items for analysis is to organize them by technology. Technologies are an imported library of OSes, network devices, databases, and apps that are associated with policies. Tests have multiple implementations for different technologies. Remediation is technology-specific, as well.

    You can view the applicable technologies for a test, to better understand what kinds of software or hardware assets the control can be applied to. Examples of technologies that can be applied to controls include CentOS 7.x, Windows 8.1, Windows 2016 Server, and so on. The list of technologies is read-only and match the technologies defined in the Qualys Cloud Platform application.

    Technologies are imported for database-related configuration assessments only. The db_type (if not empty) in the import is used to create a technology. View technologies populated on the Technologies section on configuration test records, test result records, policy records and at Configuration Compliance > Supporting Data > Technologies.

    Authoritative sources

    Configuration Compliance uses Authoritative sources and citations when generating vulnerability alerts for tests. Authoritative sources usually map to sections of published industry standards, such as "NIST 800-53 version 3 (2009) 3: 2009, SA-4".
    Note:
    In the Qualys Vulnerability Integration, this combination is referred to as framework.

    Authoritative sources and citations (also known as mandates) are imported from the third-party vulnerability scanners.

    Authoritative source records contain references to information about known software and hardware configuration issues from experts in the field of computer security. They define requirements for security policies and procedures. Configuration tests can reference multiple authoritative sources through citations. Authoritative sources can report on compliance for a given standard in preparation for an audit.

    Integration Description
    Qualys Vulnerability Integration The scheduled job, Qualys PC Policies Detail, retrieves the authoritative sources and citations. You can view this scheduled job by navigating to Qualys Vulnerability Integration > Primary Integrations > Qualys PC Policies Detail.
    Note:
    If you choose to run the integration manually, run Qualys PC Policies Detail after Qualys PC Policies.
    Tenable Vulnerability Integration The scheduled job Tenable.io Compliance Results Integration imports authoritative sources as part of Citations data.
    If you choose to run the integrations manually, run the integrations in the following order until you reconcile any ignored assets with assessment data:
    • Tenable.io Assets Integration
    • Tenable.io Compliance Results Integration
    • Tenable.io Compliance Results Backfill Integration
    • Tenable.io Assets Integration
    • Tenable.io Compliance Results Backfill Integration

    Data is displayed on the Citations related link on configuration test records.

    Test results

    Configuration Compliance does not calculate the test results, but imports them as part of a third-party integration. Once they are viewable in Configuration Compliance, they are remediated using Remediation Tasks. See Configuration Compliance correlation for more information.

    Integration Description
    Qualys Vulnerability Integration

    You can retrieve the test results in one of the following ways:

    The scheduled job, Qualys PC Results, retrieves the test results. You can view this scheduled job by navigating to Qualys Vulnerability Integration > Primary Integrations > Qualys PC Results.

    Note:
    If you choose to run the integration manually, run Qualys PC Results after Qualys PC Policies and Qualys PC Policies Detail.

    The Qualys PC Results import uses the Start Time parameter in the Integration Details tab. All other Configuration Compliance imports bring in all available data regardless of Start Time.

    When the Qualys PC Results import is complete, an event is fired to trigger end-of-import calculations. For more information see, Configuration Compliance states.

    Alternatively, starting from V14.5, you can also run the following integrations to retrieve the test results:
    • Qualys PCRS Policy Host Integration - Retrieves the host IDs for each policy. To view this scheduled job, navigate to: Qualys Vulnerability Integration > Primary Integrations > Qualys PCRS Policy Host Integration.
      Note:
      If you choose to run the integration manually, run Qualys PCRS Policy Host Integration after Qualys PC Policies and Qualys PC Policies Detail.

      After this scheduled job is complete, it automatically triggers the Qualys PCRS Test Results Integration.

    • Qualys PCRS Test Results Integration - Retrieves the test results for each host ID. To view this scheduled job, navigate to Qualys Vulnerability Integration > Primary Integrations > Qualys PCRS Test Results Integration.
      Note:
      If you choose to run the integration manually, run Qualys PCRS Test Results Integration after Qualys PC Policies, Qualys PC Policies Detail and Qualys PCRS Policy Host Integration.

      This integration uses the Start Time parameter in the Integration Details tab.
    Tenable Vulnerability Integration The scheduled job Tenable.io Compliance Results Integration imports Test Results.
    If you choose to run the integrations manually, run the integrations in the following order until you reconcile any ignored assets with assessment data:
    • Tenable.io Assets Integration
    • Tenable.io Compliance Results Integration
    • Tenable.io Compliance Results Backfill Integration
    • Tenable.io Assets Integration
    • Tenable.io Compliance Results Backfill Integration

    To view the Configuration Test record, navigate to Configuration Compliance > Tests Results. On the record, imported data is displayed in theTest, and Configuration Item fields. Data is also displayed on the Expected Values, Actual Values, and Remediation tabs. The Remediation Tasks and Test Result History Related Links are populated.