-
-
-
-
Security & Compliance Inventory
-
Test Scripts
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Test Scripts
uberAgent ESA’s Security & Compliance Inventory (SCI) test scripts can be authored in any interpreted or compiled programming language. Typically, an interpreted language such as PowerShell or Python is used. This page documents conventions and requirements for SCI test scripts.
Test Script Execution
Tests are scheduled by uberAgent’s endpoint agent according to the test configuration.
Tests are run sandboxed according to the principle of least privilege. Please see the sandbox docs for details.
If a test is executed in user context, it is checked whether the user has read permissions. If not, the built-in group Users is added to the parent directory. If this is not desired, it can be disabled via the ConfigFlag DisableSetFilePermissionsOnExec.
Test Script Output
Multiple Tests per Script
A Security & Compliance Inventory test script may perform multiple independent tests per script invocation.
Console Output
uberAgent expects a test script’s output on the console (stdout). The script must only print test output to the console. Any other console output must be suppressed.
Output Encoding
Set the encoding to Unicode. When using PowerShell scripts, the following line should be specified at the beginning of each script:
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
Output Format
Format Specification
The expected output format is configured in the OutputFormat setting of the [SecurityInventoryTest] stanza (docs).
JSON Format
A test result that uses JSON output format looks like this:
[
{
"Name": "PowerShell v2 disabled",
"Score": 2,
"RiskScore": 0,
"ResultData": "Yes",
"ErrorCode": 0,
"ErrorMessage": ""
},
{
"Name": "PowerShell remoting allowed",
"Score": 2,
"RiskScore": 80,
"ResultData": "Yes",
"ErrorCode": 0,
"ErrorMessage": ""
}
]
<!--NeedCopy-->
Please note that the dashboard is designed to handle Security and Compliance Inventory test results as JSON objects only. Adding tests that do not use JSON output format may result in faulty dashboard panels or misleading information.
Modify Test Names and Descriptions
uberAgent ESA ships with an extensive set of pre-defined tests than can be executed through its Security and Compliance Inventory functionality. Each test is displayed with a human readable name and a short description. As customers may add their own tests, test display names and descriptions have to be added as well.
To modify existing or add new tests to this table, change the following input lookup file in $SPLUNK_HOME/etc/apps/uberAgent_ESA/lookups/security_inventory_checknames.csv. Please make sure to distribute the changed input lookup file to all search heads.
The lookup file contains three columns.
- SecurityInventoryName: this field contains the test name that was used in the script. To save data volume, this name may be abbreviated. Example: CMProtRoot
- SecurityInventoryDisplayName: this field contains the display name of the test to improve readability. Example: protected root certificates
- SecurityInventoryNameDescription: this field contains a description of the test to be displayed in the data table after selecting a test in the SCI test analysis chart. Example: Checks if root certificates can be installed by users.
Output Fields
The following table describes the fields that may be part of a test script’s output:
| Field name | Format | Valid values | Description |
|---|---|---|---|
| Name | String | Any string | The name of the test. Must be quoted to avoid parsing errors. |
| Score | Number | 0-10 | The resulting test score on a scale from 0 (very bad) to 10 (excellent). |
| RiskScore | Number | 0-100 | The severity of the test (how risky is the tested thing). |
| ResultData | String | Any string | Configuration information determined by the test. Should be quoted to avoid parsing errors. |
| ErrorCode | Number | Any number | Indicates success or failure. 0 = success. |
| ErrorMessage | String | Any string | Optional error message returned by the test. This message is logged to the agent log. |
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.