Analysis SCA custom check list

Hi , i have a custom check list for 300 tasks & fixlets , now i want to generate compliance report for my custom check list , do i need to build all 300 analysis for the same or is there any way to get the compliance / non - compliance report without building analysis?

Do we have any analysis builder tool available?

You do not need the “Measured Values” analyses to generate a score, they are only there to help determine why any particular check has passed/failed.

If you are using the checklist wizards, this shouldn’t be a problem - but if you are creating fixlets by hand, there are some xml tag metadata that must be added to the fixlets to flag them as checklist items. You can’t do that with the console. If you are in that case reply back and we can find the details.

Hi jason , yes i am creating fixlets by hand and need to know the tag which we need to add into the fixlet to glag them as checklist items without creating analysis.

please assist.

If you export one of the default checklist fixlets and view it in a text editor, you’ll find a number of fields. These deal with how the fixlet is presented to the BigFix Compliance application, and how the wizards and dashboards deal with them.

Having not done this myself, I think the most important part is to have a unique value for “x-fixlet-scm-id” on each fixlet, and to have a “x-fixlet-xccdf-benchmark” value common to all of the fixlets from the same checklist. A partial export of one of the fixlets looks like this …

<MIMEField>
		<Name>x-fixlet-scm-id</Name>
		<Value>6a8a54c2-d72b-5368-b093-1eb7a728a95c</Value>
</MIMEField>
<MIMEField>
		<Name>x-fixlet-xccdf-benchmark</Name>

 <Value>xccdf_org.cisecurity.benchmarks_benchmark_3.0.0_CIS_Microsoft_Windows_7_Benchmark</Value>
    	</MIMEField>
1 Like

Hi jason , it is not working as you suggested , i tried to put benchmark value but no luck.

I’ll need to defer to someone with more SCA experience in that case.

Also advise you should read the Compliance operators guide. I just wanted to point out that there’s more to Compliance than just writing the fixlets, there is metadata there that is used in building the scores.

i read the SCA user guide but there is no correct view given how to get the analysis for own written fixlet to generate the SCM report. If this is the case the SCM is not straight forward and can’t be used for custom compliance report in general. :frowning:

The following guide may help:
SCM_Fixlet_documentation.pdf

2 Likes
1 Like

If your creating custom SCM checks (the checks themselves and associated analysis, if you want) then the easiest way is to use the create custom check wizards located in the SCM Reporting site. When you do that all of the needed XML meta-data will be written for you and imports into the Compliance reporting tools will work fine. There is one for using relevance (typically windows checks) and another for UNIX (shell scripts). Any reason you are not using these tools?

Hi @dmccalla, create custom checklist would not help , as i would ask you to create checklist from the industry stand checklist provided by IBM CIS/ PCI etc sites.

Hi @fermt, that means we need to update code into xml files? Is there any tool which can link both custom fixlet and analysis automatically and update the desired scm-id fields?

The create custom check wizards do what you are asking (proper XML MIME fields). I was not referring to the create custom checklist wizard in my previous post.

i do not find that option create custom check wizards, can you please provide screen dump which you are referring?

Security Configuration Domain (button on bottom left) > Configuration Management > Checklist Tools. The two wizards are named like “Create Custom * SCM Content”.

1 Like

Hi @dmccalla, thanks for your help, i tried the option which you mentioned and found it is good to link the fixlet and analysis but only issue is that we need to write fixlet compliance and analysis relevance code by our own.

Is it something can we generate analysis relevance automatically just like we have fixlet generator which helps us to get the fixlet relevance code automatically somewhat

thanks

You could do that. Another option is to look at the existing checks and see if some of them are close to what you need and then modify. https://bigfix.me would also be a good resource.

1 Like

Having created lot of SCM fixlets using an editor, i would say that the x-fixlet-xccdf-benchmark is optional. The only mandatory field required is x-fixlet-scm-id. And if you are using SCA 1.9 and above, make sure that id is unique or your SCA data imports would fail.

Can you try this

  1. Create a empty site
  2. Create a normal fixlet as you usually would and just the mimefield tag for x-fixlet-scm-id

So how you would get x-fixlet-scm-id ? is it just a copy from any existing CIS / PCI etc site?

if you are taking about the value under x-fixlet-scm-id, then you can use guidgenerator.com to generate a guid to use.

2 Likes