CIS benchmark output has missing checks #131
Assignees
Labels
enhancement
New feature or request
impact-medium
Issue with medium impact to codebase
severity-medium
Issue with medium severity
Comments
silverhack
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
If an specific resource (e.g. Virtual Machine) or service (e.g. SharePoint online) has a collector and an associated rule mapped in Monkey365 and for whatever reason the collector is unable to fetch data, results won't appear in any form of output. For example: Rule's output for SharePoint online won't appear in the output unless the Tenant have at least one site.
Apart from that, latest CIS benchmarks includes multiple checks that are not implemented in Monkey365. This generates confusion for end users because there is no way to see exactly what is audited/checked.
Describe the solution you'd like
Ideally, Monkey365 should map all the controls from specific benchmarks and mark rules as "manual" in the status field when a rule hasn't been validated for whatever reasons (e.g. If there is no automation for the rule, then the rule will be marked as a "manual").
Additional context
It should be noted that if collectors are unable to fetch data for whatever reason (e.g. permissions issue, lack of resources, etc..), associated rules will be removed and the rules won't appear in any form of output.
The text was updated successfully, but these errors were encountered: