Enabling Windows Security Benchmark Analysis

This section is dedicated to creating a new policy for "Benchmark Analysis", in the default groups all the necessary policies are active and selected.

The first step is to create a policy. From "Rules & Policies" -> "Policy Management" -> "Policy Rules" and click on "+Policy" to create a new policy.

Select the module and type. Give a name for the policy and set the "Collection Interval". The default interval is 30 minutes. After the initial execution, the policy interval can be set to a value of 1440 minutes. The description is optional. The last step of the policy is the selection of the benchmark(s).

Then apply the policy from the "Group Management" settings. There is a default group in which all new agents are enrolled automatically. Click the three dots on the right of the grid and edit this group. Navigate on the page, select the "Windows Security Benchmarks" and click save button.

The final step is to enable the classification rules. Navigate to the "Rules & Policies" section on the left menu, go to "Artifact Classification" and search "Benchmark". Click three dots on the upright on the grid and click "Enable All Rules Displayed". When you enable the rules, you should see gray circles turn to green on the status column. After enabling all the rules displayed, click the three dots again and click "Force Run All Rules Displayed". This action will force rules to run immediately.

The collection and classification results can be observed from Security Assurance -> Hardening & Configuration Management.

PreviousEnabling Windows Thor Analysis NextEnabling In-Depth Analysis

Last updated 5 months ago