Description of Cyberwatch compliance repositories
This documentation provides a description of repositories available by default in Cyberwatch.
ADV200006_mitigation
This repository contains compliance rules used to ensure a mitigation mechanism is in place against the Microsoft security advisory (ADV200006) published on the 23/03/2020 regarding the CVE-2020-1020 allowing a remote code execution.
At the date of publication of the security advisory, no corrective action had been published yet. This repository could therefore help enable a mitigation mechanism against this vulnerability despite the fact that no patch was available.
CERTFR_AD
CERTFR_AD is an implementation of the Active Directory hardening guide developed and maintained by the ANSSI. Cyberwatch provides this repository by default for the compliance analysis of Active Directory assets according to ANSSI’s rules.
CIS_Benchmark
The CIS (Center for Internet Security) is a recognized IT security entity. It is responsible for developing and maintaining the CIS Controls® and CIS Benchmarks™ guides, globally recognized best practices for securing IT systems and data.
These best practices are gathered in guides published and split by operating systems. A set of technical information and scripts are developed by the CIS, allowing to check assets’ compliance towards rules published in the CIS Benchmark.
Cyberwatch uses and implements these scripts in some of its default repositories.
The CIS_Benchmark repository present by default in Cyberwatch, contains all CIS Benchmark rules implemented in Cyberwatch. It gathers a set of rules applicable to different operating systems (Windows and Linux).
CIS_Benchmark_level_1
This repository gathers all level 1 CIS Benchmark rules, level being defined by the CIS.
CIS_Benchmark_level_2
This repository gathers all level 2 CIS Benchmark rules, level being defined by the CIS.
CIS_Benchmark_level_3
This repository gathers all level 3 CIS Benchmark rules, level being defined by the CIS.
Cyberwatch
This repository contains two rules, allowing to verify on a Windows asset:
- that it is connected to a WSUS server;
- activation of the WUA service.
These Cyberwatch recommendations ensure that updates deployment is configured and that these assets can be correctly scanned by Cyberwatch.
DC_Hardening
This repository aims to gather rules and best practices related to Domain Controllers’ security and hardening.
At the moment, it contains a rule used to verify that the print service “Windows Print Spooler” is disabled.
It is recommended to disable this service on every asset on which it is not required, particularly on domain controllers and domain administration systems.
This service is related to several CVEs, such as: CVE-2021-1675, CVE-2021-34527 (PrintNightmare).
The benefits of disabling this service has been reinforced by the fact that, when these security advisories were published, no corrective action was yet available.
Another specificity of this security issue being that, in some cases, even assets with latest available security patches installed were impacted.
ICS_Best_Practices
This repository regroups a set of best practices rules generally applied to industrial systems (ICS = Industrial Control Systems).
This rules are mostly adapted from the CIS Benchmark, with some of them requiring a specific adaptation to the context of industrial systems security.
IIS
This repository regroups a set of rules allowing to verify whether SSL/TLS protocols are enabled or disabled on Windows servers.
Security_Best_Practices
Repository of rules acting as a best practices guide that can be reasonably applied on the majority of information systems.
The main goal is to provide a starting guide allowing to establish a first overview of the IT infrastructure, using rules both comprehensive on a technical aspect as well as providing relevant configuration from a security standpoint.
Cyberwatch recommends using this repository as a starting point and an introduction to a deeper exploitation of the compliance module.
System_Services
Repository gathering rules allowing to check the status (enabled/disabled) of a set of services on Windows systems.