Chatta subito con l'assistenza
Chat con il supporto

KACE Systems Management Appliance 13.2 Common Documents - Administrator Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Managing user notifications Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Deploying the KACE Agent to managed devices Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Maintaining device and appliance security Manage quarantined file attachments
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

About benchmarks

About benchmarks

A SCAP benchmark is a security configuration checklist that contains a series of rules for evaluating the vulnerabilities of a device in a particular operational environment.

The NIST (National Institute of Standards and Technology) maintains the National Checklist Repository that contains various security configuration checklists for specific IT products and categories of IT products.

The USGCB (United States Government Configuration Baseline) benchmark standard evolved from the FDCC (Federal Desktop Core Configuration), and currently addresses Windows OS.

SCAP 1.0 and 1.1 only. A checklist consists of a ZIP file that contains several XML files called a SCAP Stream. The primary file in the Stream is the XCCDF file. The XCCDF file is a structured collection of security configuration rules for a set of target devices. Essentially, it is a list of OVAL tests that should be run. The other XML files contain the OVAL tests specified in the XCCDF file. For detailed information on the XCCDF Specification, go to http://scap.nist.gov/specifications/xccdf/.

SCAP 1.2 and later only. These versions use a single file containing all required streams.

A benchmark can contain one or more profiles. A profile specifies the rules that run on specific kinds of devices. For example, a benchmark might contain one set of rules for desktops and another set for servers.

How a SCAP scan works

How a SCAP scan works

Before SCAP scans are conducted, the appliance imports and verifies a benchmark. After it is imported and verified, the benchmark is loaded into the appliance and the XCCDF file undergoes a process called resolution.

During resolution, the oval-command.zip file is generated. This ZIP file contains the input files necessary to run a particular profile. You can view the files on the Script Detail page. See Configure SCAP schedules.

The SCAP scan is controlled by a KScript. When the scan runs, the following files are downloaded to the target device as script dependencies:

benchmark.zip: contains the benchmark files, that is, the SCAP Stream that was uploaded to the appliance. (The XCCDF file is not actually used by the device.)
oval-command.zip: contains the input files generated by the XCCDF.
ovalref.zip: contains the OVAL scanning engine (ovaldi.exe).

The KScript initiates the OVAL scans on the target device and generates several results files. The OVAL scanning engine runs two or three times:

Each run generates a results file. These files are named according to the run. For example, the file from the first run is named scap-profile-10-result-1.xml and the second is named scap-profile-10-result-2.xml. These files are located in the following directory: C:\Documents and Settings\All Users\Quest\KACE\kbots_cache\packages\kbots\<working directory>.

To find the KACE Agent’s working directory, go to Inventory > Devices > Device Detail > Logs.

These results files are then uploaded to the appliance and collated into a single results file (xccdf-results.xml). You can use this file for reporting the results to a government agency such as the US OMB (United States Office of Management and Budget). The appliance and managed device retain only the latest results files.

In the final step of a run, a subset of the results files is extracted and stored in the Organization database for reporting and displayed on the SCAP Scan Results page for each device.

The database tables that contain this information are SCAP_RESULT, SCAP_RESULT_RULE, and SCAP_RESULT_SCORE. See View SCAP scan results.

Access SCAP Scan information

You can access SCAP Scan information in the Security section.

1.
Go to SCAP Scan page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
Catalog: Shows the status of SCAP benchmarks. Additionally from this page, you can import checklists, delete checklists, and export a checklist to CSV format.
Schedules: Displays the name of the benchmarks and when they are scheduled to run. Additionally from this page, you can add and delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format.
Reporting: Shows the general results of SCAP scans.

The page also displays a dashboard that shows the results by benchmark. For a device to pass a benchmark, it must score 100%.

View and manage benchmarks

You can view and manage SCAP benchmarks, which include profiles and checklists that have been imported to the appliance.

Additionally, you can import benchmarks, delete benchmarks, and export benchmarks to CSV format by selecting Choose Action on the SCAP Catalog page.

1.
Go to SCAP Catalog list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
c.
On the SCAP Scan panel, click Catalog.
2.
Optional: Specify which benchmarks are displayed using either the View By drop-down list or Search field.
3.
Optional: To sort the benchmarks, click a column heading.

The SCAP Catalog contains general information about the selected benchmark and the time and date that the SCAP data was uploaded to the appliance. See Download benchmarks from the archive.

Import and modify benchmarks

You can import and modify benchmarks from the National Checklist Repository as needed.

1.
Go to SCAP Catalog list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
c.
On the SCAP Scan panel, click Catalog.
2.
Select Choose Action > Import New Checklists.
The SCAP Configuration Scan Settings page appears and displays Step 1 of the import wizard.
3.
Click Browse or Choose File to import a benchmark ZIP file.
4.
Click Next.
5.
Select a benchmark in the Select a profile to scan drop-down list, then click Next.
6.
Select the OVAL Engine that you want to use in the Scan using existing engine drop-down list.
NOTE: The default engine is MITRE’s OVAL Interpreter (ovaldi.exe). The appliance automatically downloads updates to this engine when Quest certifies and releases new versions of the engine and OVAL definitions.
7.
Optional: Click Browse or Choose File to find and upload a custom engine and its configuration files.
A dialog box appears indicating that the file is being uploaded and a message appears on the SCAP Configuration Scan Settings page that the engine was successfully imported.
TIP: Use a custom engine if you need local control of the OVAL engine or if you do not want automatic updates to change the engine. The custom engine must be a ZIP file of a folder containing the custom ovaldi.exe and any necessary configuration files required to run the engine. This ZIP file replaces the ovalref.zip dependency file in the SCAP scan script. See View the resolved XCCDF files.
8.
Click Next.

A dialog box appears indicating that the benchmark file is being loaded, followed by the Script Detail page. See Editing SCAP scan schedules.

Configure SCAP schedules

You can import benchmarks or definitions, and change settings for SCAP scans, by configuring SCAP schedules.

1.
Go to SCAP Scan Schedules list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
c.
On the SCAP Scan panel, click Schedules.
2.
Select Choose Action and select an action to add or delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format.
4.
Scroll down the page to the Scheduling section and make the necessary changes.

Access SCAP Scan information

How a SCAP scan works

Before SCAP scans are conducted, the appliance imports and verifies a benchmark. After it is imported and verified, the benchmark is loaded into the appliance and the XCCDF file undergoes a process called resolution.

During resolution, the oval-command.zip file is generated. This ZIP file contains the input files necessary to run a particular profile. You can view the files on the Script Detail page. See Configure SCAP schedules.

The SCAP scan is controlled by a KScript. When the scan runs, the following files are downloaded to the target device as script dependencies:

benchmark.zip: contains the benchmark files, that is, the SCAP Stream that was uploaded to the appliance. (The XCCDF file is not actually used by the device.)
oval-command.zip: contains the input files generated by the XCCDF.
ovalref.zip: contains the OVAL scanning engine (ovaldi.exe).

The KScript initiates the OVAL scans on the target device and generates several results files. The OVAL scanning engine runs two or three times:

Each run generates a results file. These files are named according to the run. For example, the file from the first run is named scap-profile-10-result-1.xml and the second is named scap-profile-10-result-2.xml. These files are located in the following directory: C:\Documents and Settings\All Users\Quest\KACE\kbots_cache\packages\kbots\<working directory>.

To find the KACE Agent’s working directory, go to Inventory > Devices > Device Detail > Logs.

These results files are then uploaded to the appliance and collated into a single results file (xccdf-results.xml). You can use this file for reporting the results to a government agency such as the US OMB (United States Office of Management and Budget). The appliance and managed device retain only the latest results files.

In the final step of a run, a subset of the results files is extracted and stored in the Organization database for reporting and displayed on the SCAP Scan Results page for each device.

The database tables that contain this information are SCAP_RESULT, SCAP_RESULT_RULE, and SCAP_RESULT_SCORE. See View SCAP scan results.

Access SCAP Scan information

You can access SCAP Scan information in the Security section.

1.
Go to SCAP Scan page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
Catalog: Shows the status of SCAP benchmarks. Additionally from this page, you can import checklists, delete checklists, and export a checklist to CSV format.
Schedules: Displays the name of the benchmarks and when they are scheduled to run. Additionally from this page, you can add and delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format.
Reporting: Shows the general results of SCAP scans.

The page also displays a dashboard that shows the results by benchmark. For a device to pass a benchmark, it must score 100%.

View and manage benchmarks

You can view and manage SCAP benchmarks, which include profiles and checklists that have been imported to the appliance.

Additionally, you can import benchmarks, delete benchmarks, and export benchmarks to CSV format by selecting Choose Action on the SCAP Catalog page.

1.
Go to SCAP Catalog list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
c.
On the SCAP Scan panel, click Catalog.
2.
Optional: Specify which benchmarks are displayed using either the View By drop-down list or Search field.
3.
Optional: To sort the benchmarks, click a column heading.

The SCAP Catalog contains general information about the selected benchmark and the time and date that the SCAP data was uploaded to the appliance. See Download benchmarks from the archive.

Import and modify benchmarks

You can import and modify benchmarks from the National Checklist Repository as needed.

1.
Go to SCAP Catalog list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
c.
On the SCAP Scan panel, click Catalog.
2.
Select Choose Action > Import New Checklists.
The SCAP Configuration Scan Settings page appears and displays Step 1 of the import wizard.
3.
Click Browse or Choose File to import a benchmark ZIP file.
4.
Click Next.
5.
Select a benchmark in the Select a profile to scan drop-down list, then click Next.
6.
Select the OVAL Engine that you want to use in the Scan using existing engine drop-down list.
NOTE: The default engine is MITRE’s OVAL Interpreter (ovaldi.exe). The appliance automatically downloads updates to this engine when Quest certifies and releases new versions of the engine and OVAL definitions.
7.
Optional: Click Browse or Choose File to find and upload a custom engine and its configuration files.
A dialog box appears indicating that the file is being uploaded and a message appears on the SCAP Configuration Scan Settings page that the engine was successfully imported.
TIP: Use a custom engine if you need local control of the OVAL engine or if you do not want automatic updates to change the engine. The custom engine must be a ZIP file of a folder containing the custom ovaldi.exe and any necessary configuration files required to run the engine. This ZIP file replaces the ovalref.zip dependency file in the SCAP scan script. See View the resolved XCCDF files.
8.
Click Next.

A dialog box appears indicating that the benchmark file is being loaded, followed by the Script Detail page. See Editing SCAP scan schedules.

Configure SCAP schedules

You can import benchmarks or definitions, and change settings for SCAP scans, by configuring SCAP schedules.

1.
Go to SCAP Scan Schedules list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
c.
On the SCAP Scan panel, click Schedules.
2.
Select Choose Action and select an action to add or delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format.
4.
Scroll down the page to the Scheduling section and make the necessary changes.

View and manage benchmarks

How a SCAP scan works

Before SCAP scans are conducted, the appliance imports and verifies a benchmark. After it is imported and verified, the benchmark is loaded into the appliance and the XCCDF file undergoes a process called resolution.

During resolution, the oval-command.zip file is generated. This ZIP file contains the input files necessary to run a particular profile. You can view the files on the Script Detail page. See Configure SCAP schedules.

The SCAP scan is controlled by a KScript. When the scan runs, the following files are downloaded to the target device as script dependencies:

benchmark.zip: contains the benchmark files, that is, the SCAP Stream that was uploaded to the appliance. (The XCCDF file is not actually used by the device.)
oval-command.zip: contains the input files generated by the XCCDF.
ovalref.zip: contains the OVAL scanning engine (ovaldi.exe).

The KScript initiates the OVAL scans on the target device and generates several results files. The OVAL scanning engine runs two or three times:

Each run generates a results file. These files are named according to the run. For example, the file from the first run is named scap-profile-10-result-1.xml and the second is named scap-profile-10-result-2.xml. These files are located in the following directory: C:\Documents and Settings\All Users\Quest\KACE\kbots_cache\packages\kbots\<working directory>.

To find the KACE Agent’s working directory, go to Inventory > Devices > Device Detail > Logs.

These results files are then uploaded to the appliance and collated into a single results file (xccdf-results.xml). You can use this file for reporting the results to a government agency such as the US OMB (United States Office of Management and Budget). The appliance and managed device retain only the latest results files.

In the final step of a run, a subset of the results files is extracted and stored in the Organization database for reporting and displayed on the SCAP Scan Results page for each device.

The database tables that contain this information are SCAP_RESULT, SCAP_RESULT_RULE, and SCAP_RESULT_SCORE. See View SCAP scan results.

Access SCAP Scan information

You can access SCAP Scan information in the Security section.

1.
Go to SCAP Scan page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
Catalog: Shows the status of SCAP benchmarks. Additionally from this page, you can import checklists, delete checklists, and export a checklist to CSV format.
Schedules: Displays the name of the benchmarks and when they are scheduled to run. Additionally from this page, you can add and delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format.
Reporting: Shows the general results of SCAP scans.

The page also displays a dashboard that shows the results by benchmark. For a device to pass a benchmark, it must score 100%.

View and manage benchmarks

You can view and manage SCAP benchmarks, which include profiles and checklists that have been imported to the appliance.

Additionally, you can import benchmarks, delete benchmarks, and export benchmarks to CSV format by selecting Choose Action on the SCAP Catalog page.

1.
Go to SCAP Catalog list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
c.
On the SCAP Scan panel, click Catalog.
2.
Optional: Specify which benchmarks are displayed using either the View By drop-down list or Search field.
3.
Optional: To sort the benchmarks, click a column heading.

The SCAP Catalog contains general information about the selected benchmark and the time and date that the SCAP data was uploaded to the appliance. See Download benchmarks from the archive.

Import and modify benchmarks

You can import and modify benchmarks from the National Checklist Repository as needed.

1.
Go to SCAP Catalog list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
c.
On the SCAP Scan panel, click Catalog.
2.
Select Choose Action > Import New Checklists.
The SCAP Configuration Scan Settings page appears and displays Step 1 of the import wizard.
3.
Click Browse or Choose File to import a benchmark ZIP file.
4.
Click Next.
5.
Select a benchmark in the Select a profile to scan drop-down list, then click Next.
6.
Select the OVAL Engine that you want to use in the Scan using existing engine drop-down list.
NOTE: The default engine is MITRE’s OVAL Interpreter (ovaldi.exe). The appliance automatically downloads updates to this engine when Quest certifies and releases new versions of the engine and OVAL definitions.
7.
Optional: Click Browse or Choose File to find and upload a custom engine and its configuration files.
A dialog box appears indicating that the file is being uploaded and a message appears on the SCAP Configuration Scan Settings page that the engine was successfully imported.
TIP: Use a custom engine if you need local control of the OVAL engine or if you do not want automatic updates to change the engine. The custom engine must be a ZIP file of a folder containing the custom ovaldi.exe and any necessary configuration files required to run the engine. This ZIP file replaces the ovalref.zip dependency file in the SCAP scan script. See View the resolved XCCDF files.
8.
Click Next.

A dialog box appears indicating that the benchmark file is being loaded, followed by the Script Detail page. See Editing SCAP scan schedules.

Configure SCAP schedules

You can import benchmarks or definitions, and change settings for SCAP scans, by configuring SCAP schedules.

1.
Go to SCAP Scan Schedules list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click SCAP Scan.
c.
On the SCAP Scan panel, click Schedules.
2.
Select Choose Action and select an action to add or delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format.
4.
Scroll down the page to the Scheduling section and make the necessary changes.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione