New to CIS-CAT Pro: Reduced Process Time & Tagging Features
At CIS, we collaborate day in and day out with the cyber defense community to develop consensus-developed best practices. Our teams work with organizations around the world to help automate these best practices for improved cybersecurity. The result? Over 2,000 CIS SecureSuite Members, a growing community of organizations dedicated to implementing security best practices. Members leverage tools and resources including:
- CIS-CAT Pro Assessor, a configuration assessment tool that compares endpoint configuration to the CIS Benchmarks guidelines
- CIS-CAT Pro Dashboard, a companion to the Assessor that helps organizations monitor configuration security over time
- CIS Build Kits, GPOs and shell scripts for quickly implementing CIS Benchmarks recommendations
CIS SecureSuite Members are receiving an update to CIS-CAT Pro Dashboard v1.1.8 and Assessor v4.0.10. Read on to learn more about the coming improvements.
Speeding process time
CIS SecureSuite Members using CIS-CAT Pro have shared challenges with long-running assessment processes on some Linux endpoints. By working with the community, we identified that evaluation on some endpoints was most lengthy when analyzing files - especially with a mounted file system. To help improve processing speeds, the CIS team did some refactoring to provide a more efficient verification of file systems for Linux environments. This helped decrease the duration of Linux endpoint configuration assessment.
With the help of CIS SecureSuite Members testing the new build, CIS-CAT Pro Assessor v4.0.10 has proven to significantly reduce the Linux configuration assessment process time. Members who helped with testing reported duration reductions from approximately 6 hours down to less than 30 minutes and from 75 minutes down to 47 minutes. But keep in mind, results will vary depending on your individual environment. We are very grateful to the CIS SecureSuite community for testing the new CIS-CAT Pro build!
We’ve also added an option to exclude assessment of mounted file systems for Linux. We recommend that this option be utilized only in extreme conditions where analysis of very large mounted file systems may cause an excessive process duration.
TIP: CIS SecureSuite Members may add to the assessor-cli.properties file a comma-delimited list of file system names or mount points to exclude from full system analysis.
Improved HTML Reports for CIS Microsoft Windows 10 Benchmarks
When your endpoints fail a CIS Benchmark check in CIS-CAT Pro, it’s important to understand why. To help members, we’ve brought more information to the HTML formatted configuration assessment reports in CIS-CAT Pro Assessor v4.0.10. Members will now be able to see:
- What system values CIS-CAT Pro collected during the assessment
- CIS Benchmark recommended settings for the target system
- Configuration rules used to evaluate the CIS Benchmark check
The new HTML report details can be reviewed on Microsoft Windows 10 for included CIS Benchmarks in the latest version of CIS-CAT Pro Assessor, v4.0.10.
TIP: Press “more” in the “Assessment” section of any CIS Benchmark recommendation to review the added information.
Expansion of Tag Lookup Feature
Can’t remember all your existing endpoint tag names? In the latest version of CIS-CAT Pro Dashboard v1.1.8, we expanded the auto-complete functionality. This adds more tag fields within CIS-CAT Pro Dashboard. This new feature was influenced by direct conversation with our CIS SecureSuite Members working on in-the-trenches configuration security. You’ll find this expanded feature in the Dashboard Tag View chart and while applying vulnerability or configuration exceptions.
We’ve also added helper text under some tag fields to inform users that entering a space will show the existing tag list.
Support for NIST Vulnerability Feeds in JSON
Are you leveraging CIS-CAT Pro for vulnerability management? Great news - we’ve updated our process to accommodate NIST vulnerability feeds soon to be exclusively offered in JSON format (XML format sunset date is October 9, 2019). CIS-CAT Pro users must upgrade to the latest CIS-CAT Pro Dashboard v1.1.8 in order to stay up to date with CVSS scoring and CVE details. The vulnerability update process within CIS-CAT Pro Dashboard has been updated to retrieve the NVD CVE feed in JSON for the 1.1 schema. The newest version of CIS-CAT Pro Dashboard v1.1.8 will no longer support feeds in XML format. The vulnerability update process within CIS-CAT Pro Dashboard has been updated to retrieve the NVD CVE feed in JSON for the 1.1 schema. Concerns? Contact email@example.com.
Enhanced Endpoint Search
Another feature we’re excited to share is enhanced searching capabilities. In the “Search Target Systems” screen, users can now combine more criteria by using a wildcard in the Target Primary ID field. Now users can search for all endpoints with a similar primary ID format and combine it with other criteria!
An ever-growing CIS-CAT community
CIS is deeply thankful for our volunteers, partners, and CIS SecureSuite Members who work together to improve configuration security for everyone. By providing feedback on best practices, testing new software builds, and more, our communities are continuously helping us improve and grow. We couldn’t do it without you!
CIS SecureSuite Members can download the latest updates to CIS-CAT Pro Assessor and Dashboard by logging in to CIS WorkBench. Don’t forget to check the CIS-CAT Pro Dashboard Change Log and CIS-CAT Pro Assessor Change Log for all the update details!
Want to share your endpoint configuration challenges with a CIS-CAT Pro team member? We love hearing real world experience and challenges! Reach out to us at firstname.lastname@example.org.