Skip to content

Latest commit

 

History

History
103 lines (76 loc) · 3.22 KB

Task 4.md

File metadata and controls

103 lines (76 loc) · 3.22 KB

Custom Policy Scanning

####Task Summary

  • View/Export compliance reports
  • Create a Custom Policy Group
  • Add Custom Policy Group to Project
  • Scan custom policy

Documentation Notes:

  • Tenable.cs is used interchangeably with Tenable Cloud Security
  • Tenable.io is used interchangeably with Tenable Vulnerability Management

Prerequisites

  • Tenable Vulnerability Management account
  • Skills
    • Prior knowledge of networking, and Microsoft Windows and browser
  • Completed Labs 1 and 2

Tasks

Create a Project

  1. On the Tenable Cloud Security Dashboard, create a new project - custom_policy_project
  2. Select the provider AWS
  3. Click on the project custom_policy_project
  4. Click on the Repositories pencil icon
  5. Select the repository create from the prior labs (eg. tenable-awsjam-demo.git)
  6. Save the configuration

Compliance Report Dashboard

  1. On Tenable Cloud Security Dashboard left menu, click the icon for Reports
  2. Under the Projects filter, select the project custom_policy_project
  3. Select Filters
    1. Enable filter on
      • Policy Status: Non-Compliant
      • Severity: High
  4. Expand the control Security Group
  5. Click APPLY
  6. Expand Infrastructure Security

VALIDATION QUESTION

  1. What is the compliance coverage for Infrastructure Security?
  2. How many High severity, non-compliant policies were found?
  3. What is the compliance coverage for the Project we selected?

Create a Custom Policy Group

  1. On the Tenable Cloud Security dashboard, Create a new Custom Policy
    1. Click on the left menu (+) and select Custom Policy
    2. Select Add Policy Group
    3. Filter on the following:
      1. Severity: High
      2. Provider: AWS
      3. Category: Infrastructure Security
    4. Enable ALL policies
    5. Select Continue
    6. Type in the Policy Group Name: custom_Infrastructure_Security_policy_group
    7. Select AWS
    8. Select Enforce
    9. Select the DONE button to complete group creation.

Assign Custom Policy to Project

  1. On Tenable Cloud Security dashboard, click on the project
  2. Click on pencil icon for Active policy groups
  3. Deactive/disable the current policy group selections
  4. Search for custom_Infrastructure
  5. Enable custom_Infrastructure_Security_policy_group
  6. Click SAVE
  7. Verify Active policy groups updated with new custom policy
  8. Click on Run scan->IaC scan for the custom_policy_project

VALIDATION QUESTION

  1. Can custom policy group be created to build a customized policy that contains policies from each Industry Benchmark?

Optional Challenge Task - Remediate Misconfigured Code and verify Compliance changes

  1. Create a pull request
  2. Merge repository
  3. Validate compliance changes

END OF LABS

Return to Wiki Home Page