Is there a way to create a scap package to be run by morpheus which would audit the results / desired state
eg: check is a registry is present, socket is open/closed
Scap workbench could be used SCAP Workbench | OpenSCAP portal
anyone used it?
Hey @aabraham I haven’t personally used the SCAP workbench to create new benchmarks. I tend to use existing benchmarks. This repository is a good resource for benchmarkshttps://public.cyber.mil/stigs/scap/ which covers lots of different targets. The oscap docs suggests you can use workbench to create a new profile. SCAP Workbench User Manual information about the XCCDF Specification can be found here: Security Content Automation Protocol | CSRC
1 Like