Quick Start Guide: Creating an Assessor Configuration XML File

Owned by Allan Cornwell, created
Last updated: Feb 15, 2024
3 min read

Product Name

CIS-CAT Pro Assessor v4

Product Version

all

Date

Oct 19, 2023

Overview

This guide outlines the process of creating a Configuration XML file to store assessment details of multiple local or remote endpoints in CIS-CAT Pro Assessor. An XML file allows the user to configure Benchmarks, Profile levels, interactive values, user properties, and reporting options all in a single file.

Requirements

An example XML is included in each Assessor release under /config/assessor-config-sample.xml.

While it is possible to create your Configuration XML file using the above example and a text editor, we recommend populating the initial values using the Assessor GUI. The resulting XML file can then be edited further, and used for both GUI and CLI assessments on all supported platforms.

Walkthrough

1

Launch the Assessor-GUI.exe as Administrator:

2

Select "Advanced" -> "Add Remote or Local Target System":

3

Enter the connection details for the first remote host, and select the desired Benchmark & Profile level:

For information on the required protocols & ports for remote assessments, please refer to the Configuration Guide for each target system type.

4

On the next screen, select the "Add" button in the top right to include additional systems.

The below example shows 3 targets, one Windows Server 2019 host and two Linux systems, each with their own credentials, Benchmarks and Profile levels:

5

Once all intended systems are included in the ā€œTarget Systemsā€ list, move to the next ā€œAssessment optionsā€ screen. Select the report formats and a CIS-CAT Pro Dashboard upload URL (optional).

The ā€œSave configuration fileā€œ checkbox near the bottom allows you to save these systems and preferences as a Configuration XML. The path & filename is specified with the ā€œSave Asā€ button:

You can also choose to encrypt the configuration file with a password. This helps protect the embedded connection credentials from being viewable in plaintext.

If a Configuration XML is encrypted, it is no longer possible to make changes to the file using a text editor. You can however re-import the encrypted XML into the Assessor GUI, supply the chosen password and enact modifications at a later time.

To load the resulting Configuration XML in a later assessment, use one of the following two methods.

  • Using the Assessor GUI, choose ā€œAdvancedā€ ā†’ ā€œLoad a configuration or sessions fileā€:

    Ā 

  • Using the Assessor CLI, invoke the file with the -cfg parameter:
    Assessor-CLI.bat -cfg config\my-configuration-file.xml

Keywords; Configuration XML Assessor GUI CLI

Content by Label

Copyright Ā© 2023

Center for Internet SecurityĀ®

Ā