Product Name
CIS-CAT Pro Dashboard
Product Version
v3.0+
Date
Problem
As of version 3, CIS-CAT Pro Dashboard includes a built-in CIS-CAT Pro Assessor that can be used to conduct scans directly from Dashboard’s web interface:
https://cis-cat-pro-dashboard.readthedocs.io/en/stable/source/Dashboard%20User%27s%20Guide/#assess-a-target-system
However, some assessment features are unavailable in this integrated version.
Solution
Below is a listing of usage cases where a standalone version of Assessor is still required.
You are planning to assess multiple systems via a Configuration XML or Sessions file (Dashboard’s Assessor only allows scanning one target at a time)
You intend to use Tailored Benchmarks to conduct assessments, which are currently not supported in Dashboard v3 (only the pre-supplied list of included Benchmarks can be run)
You intend to conduct assessments of databases (such as MySQL), or any other target system types requiring interactive values whose Benchmarks are not included in the list for the built-in Assessor edition:
https://ccpa-docs.readthedocs.io/en/latest/Coverage%20Guide/You want to authenticate to targets via SSH using a private key file (instead of a username & password)
You are using WinRM over HTTPS for Windows assessments (instead of HTTP)
Note that you can use both tools concurrently, and uploading reports from a standalone Assessor can be carried out alongside the built-in Assessor scans if you should encounter any of the above requirements.
Add Comment