We've discussed Compliance capabilities in Aria Operations before: DISA, FISMA, HIPAA, PCI, CIS, and ISO. But what if I want to customize a Benchmark, say CIS, and change a few things? Answer: Clone the Alerts/Symptom definitions included in the CIS Benchmark, change what you want, then import them into your new Benchmark, here's how.
I've activated and enabled the CIS Compliance Pack as shown here. First you select ACTIVATE FROM REPOSITORY, then once activated you select ENABLE. You can see the Compliance Packs in various states here.
Once enabled, you'll see Compliance or non-Compliance for that particular Benchmark, clicking the tile will give you details.
Now, what's really in this Compliance Pack? Alert and Symptom Definitions, you can find them here.
You'll notice all Alert Definitions contain the string CIS and there are 19 of them, lets go get them. Go to Operations - Configurations - Alert Definitions and search for them.
As you can see, there are 19 of them. We can now clone and adjust the ones we want to use for our custom Compliance Pack. For example, we'll clone the "ESXi Host is Violating CIS" Alert definition and remove a few of the Symptoms we're not interested in, same with the Alert Definition for "Virtual Machine is Violating CIS". I've appended my new Alert definitions with v2.
We will now use these new Alert Definitions in our custom Compliance Pack. Go to Operations - Compliance - Add Custom Compliance
Then select CREATE A NEW CUSTOM BENCHMARK
Then give it a name and description.
Click NEXT and tell it which Alert Definitions to use, in my case my newly defined v2 ones.
Click NEXT and tell it which Policy/s to enable it in.
Your new Compliance Pack is now running an initial assessment.
Once done it'll show something like this.
Click the CIS Compliance Benchmark v2 tile to see the details.
You can do this same thing for as many CIS related Alerts/Symptoms you want and ultimately turn off the out-of-the-box Compliance Pack and use your custom one. This same methodology works for any of the other Compliane Packs as well, enjoy!