Why does CIS-CAT Pro Assessor v4 remote assessment require SMB protocol along with a WinRM connection?
Product Name
CIS-CAT Pro Assessor v4
Product Version
all
Date
Sep 30, 2022
When CIS-CAT Pro connects to a remote Windows target for assessment, it requires an SMB connection in order to;
Create an "ephemeral" folder on that target system to hold scripts required for collection of necessary information
To allow CIS-CAT Pro to transfer the scripts from the machine executing CIS-CAT to that "ephemeral" folder.
Once the scripts are transferred from the CIS-CAT host to the "ephemeral" directory, WinRM commands are used to execute those scripts in order to collect the necessary information for assessment, such as password policies, account policies, registry keys, user rights assignments, etc.
Once the assessment is completed and the connection to the remote target is being closed, SMB is again used to remove the "ephemeral" directory and all those scripts from the target system.
To allow connection to the target host using SMB, ensure it is reachable on port 445
You can use a powershell command to test for that remote system SMB port connection;
Test-NetConnection -ComputerName <IP Address> -Port 445 -InformationLevel Detailed
Join the : CIS Members : CIS-CAT Discussion to read more about Why CIS CAT Pro requires SMB protocol along with WinRM connection
Related Content