1

Configuration Audit

Last Update há um mês

Configuration Audit

Configuration Audit

Ankit Kumar

Last Update há um mês

This guide explains how to configure and run configuration audits on the SecOps Solution platform, including how to start an audit scan, use the Global Configuration Dashboard, create custom profiles, and manage audit variables.

Overview

The Configuration Audit module allows you to assess the security configuration of your Windows, Linux, macOS, and network devices against industry-standard benchmarks such as CIS (Center for Internet Security) Benchmarks and DISA STIGs. Audits evaluate each configuration check and report a clear PASSED or FAILED status so you can identify and remediate misconfigurations quickly.

Supported benchmark profiles:

  • CIS Level 1 – Baseline recommendations that minimize attack surface without impacting business functionality. Ideal as a starting point for all environments.

  • CIS Level 2 – Defense-in-depth recommendations for environments with high security or compliance requirements (e.g., environments handling sensitive or regulated data).

  • STIG – Security Technical Implementation Guides defined by DISA (Defense Information Systems Agency) for the US Department of Defense. STIG profiles include all Level 1 and Level 2 recommendations plus additional DoD-specific controls.
    • Start a Configuration Audit Scan

    1. Navigate to the Configuration Audit section.

    2. Click Start Scan to begin an immediate audit.

    3. In the Device Targeting section, select assets by server, endpoint, or asset group. Optionally filter by OS or Asset Security Rating (ASR).

    4. Choose a Compliance Profile – select the appropriate benchmark and profile level (e.g., CIS Level 1 – Server, CIS Level 2 – Workstation, or STIG).

    5. Click Start Scan to launch the audit immediately.

    6. Monitor audit progress in the Audits tab.
      View Audit Results

      1. Navigate to the Audits tab.

      2. Select a completed configuration audit job.

      3. Review the results summary: total checks, passed, failed, and errors.

      4. Click on individual checks to see:

        • Check description and benchmark reference

        • Current system value vs. expected value

        • Remediation guidance

      5. Export results as a report for compliance or audit purposes.
      Global Configurations
      The Global Configuration Dashboard provides a centralized view of all configuration audit results across your environment.

      Key features:
      • Unified view of all configuration checks across all audited assets

      • Clear PASSED / FAILED status for every check

      • Compliance profile and benchmark mapping for each result

      • Faster identification of misconfigurations at scale

      To access the global configurations:

      1. Navigate to the Configuration Audit section.

      2. Click on Global Configurations.

      3. Use the available filters (asset, OS, profile, status) to narrow down results.

      4. Click on any failed check to view the finding details, benchmark reference, and recommended remediation steps.

      The dashboard makes it easier to monitor your overall compliance posture, track failures across assets, and take corrective action at scale.
      Custom Profiles
      In addition to built-in CIS and STIG profiles, you can create your own custom audit profiles to match your organization's internal security policies or tailored compliance requirements.

      Create a Custom Profile

      1. Navigate to Configuration Audit > Profiles.

      2. Click Create Custom Profile.

      3. Enter a profile name and description.

      4. Define your audit checks by either:

        • Selecting and modifying existing checks from a built-in benchmark, or

        • Uploading a Tenable-compatible .audit file (see below).

      5. Save the profile. It will now be available for selection when starting or scheduling an audit.

      Manage Profile Variables
      Custom profiles support configurable variables. This allows you to define environment-specific values (such as allowed NTP servers, password policy thresholds, or permitted services) without editing the underlying audit logic.

      1. Open a saved custom profile.

      2. Navigate to the Variables tab.

      3. Locate the variable you wish to update (e.g., NTP_SERVER, MAX_PASS_AGE).

      4. Enter the desired value for your environment.

      5. Save the changes. The updated values will be applied in all future scans using this profile.
      Import a Tenable .audit File
      SecOps Solution supports importing custom audit profiles using Tenable's .audit file format. This is the same XML-based format used by Nessus and Tenable.io for compliance checks.

      1. Navigate to Configuration Audit > Profiles > Custom Profile.

      2. Select Import from .audit file.

      3. Upload your .audit file.

      4. Review the parsed checks and confirm.

      5. Save the profile. All checks from the file will be available for configuration and variable editing within the platform.


        Tips
        • Run CIS Level 1 first to establish a baseline, then progress to Level 2 for environments requiring stricter controls.

        • Use STIG profiles if your organization is subject to US federal or DoD compliance requirements.

        • Use custom profiles to enforce internal security policies that go beyond or differ from standard benchmarks.

        • Importing a Tenable .audit file lets you reuse existing compliance content from your Nessus or Tenable.io environment directly in SecOps Solution.
         
         

        Was this article helpful?

        0 out of 0 liked this article

        Still need help? Message Us