Clone the auditor suite

  • Release version: Washingtondc
  • Updated May 29, 2024
  • 1 minute to read

    • Clone and customize the default Auditor suite in your instance to create a new suite tailored to your organization's security practices.

    Before you begin

    Role required: admin

    About this task

    The default auditor suite provided with your instance can’t be modified. However, if you want to add, remove, or edit checks to align with your organization's security practices, you can duplicate the auditor suite. Copying the auditor suite enables you to customize it and create a new suite based on the default one. The auditor suite includes checks related to security best practices, covering system properties, plugins, and tables that impact the instance's security posture. The following steps demonstrate how to duplicate the default Auditor suite to tailor it to your organization's requirements.

    Procedure

    1. Navigate to All > Instance Scan > Suites.
    2. Select New and enter a name for your suite, along with an optional description.
    3. Right-click the form header and select Save.
    4. Add the checks needed for your scan.
      1. In the Checks tab, select edit.
      2. Add the conditions.
        For example, to add scan checks apply the following fields, operators, values, and conditions:

        [Field][is][Security] AND [Application][is][Global]

        For example, it should look like the following: Category is Security And Application is Global.

    5. Select run filter.
    6. Select the scan checks that you want to add from the collection list to the check list, and then select the add (>) button.
    7. Select save.
      The suite with your custom checks added have been created.
    8. Select Execute Suite Scan.