The Configuration Checks capability is supported from sensor version 0.3.4.
Intezer Protect performs configuration checks on the hosts to identify misconfigurations that could compromise the asset. The configuration checks includes the CIS (Center of Internet Security) best practices and checks for Linux, Docker and Kubernetes.
How does it work?
- The Intezer Protect sensor checks the configurations on the host every 24 hours.
- The configuration checks results are displayed for each host.
- Each check gets a Vulnerability Status. The Vulnerability Status marks the result of the check. Checks that pass successfully get a Safe Vulnerability Status. The Vulnerability Status of Configuration Checks affects the Vulnerability Status of the host. The status of the host represents the highest vulnerability identified in it.
- The Remediation section for each check provides instructions to resolve the misconfiguration and secure the host. Once the misconfiguration has been remediated, the next scan will identify the new configuration and refresh the Vulnerability Status.
Viewing Configuration Checks
- In the menu, click on the Assets menu item.
- Click on one of the assets on the list.
You can filter the assets by their Vulnerability Status.
- Click on the Configuration Checks tab.
Tip: The color of the dot in the tab indicates the package with the highest Vulnerability Status found on the asset.
- A prioritized list of installed configuration checks is displayed.
Available attributes are:
Vulnerability Status: Marks the configuration check result. Available values are High, Medium, Low and Safe.
Check Name: The name of the check as it appears in the check source.
Check Number: The number of the check as it appears in the check source.
Source: The security framework that includes the check.
Click on one of the checks to view additional information:
Description: Description of the check.
Rationale: Risk imposed by the misconfiguration.
Remediation: Instructions on how to fix the misconfiguration.