1. Introduction
2. Installation
3. Reference Deployment with SSL Termination
4. RPM Installation (Deprecated)
5. Container Installation
6. Upgrades
7. Running Sicura Console
8. Configuration - Accounts
9. Configuration - Database
10. Configuration - Collector
11. Configuration - Security
12. Configuration - Plugins
13. Configuration - Experimental
14. Sidebar - Administration
15. Sidebar - Infrastructure
16. Sidebar - Profiles
17. Sidebar - Reports
18. Sidebar - Scheduling
19. Known Issues
20. How To - Enforce compliance
21. How To - Enforce custom profiles
22. How To - Use the API

Sidebar - Profiles

Profiles are groupings of rules that are used to scan systems and enforce their compliance. On startup, the console provides profiles defined by the following providers:

• CIS (Center for Internet Security)
• DISA (Defense Information Systems Agency)

Each of these providers includes numerous profiles depending on your compliance needs. Any of these profiles can be scanned on any of our various supported platforms, and then enforced either using the console’s built-in enforcement feature, or by using the Sicura Compliance Engine in a Puppet environment.

Scan Profiles

Currently, scan profiles can only be accessed from the Scan dropdown or from the Node Settings/Default Profile selection.

In a future release of the console, a dedicated page will be created to view built-in profiles, create custom ones, and link them to enforcement profiles.

Enforcement Profiles

The enforcement profiles page provides a top-down view of any profile that can be used to enforce settings on a system.

The page is split into 2 sections.

1. Default

Profiles under the Default tab are automatically populated the first time the console loads, and will update whenever the console is upgraded to a newer version. Each profile appears as a row in the datatable with an Actions column that provides 3 actions to be taken on any default profile:

• 🛈 View Profile: Allows you to view the active rules in the profile
• ⤓ Download YAML: Downloads the profile as YAML to be used with Sicura Compliance Engine
• ⊞ New profile: Creates a custom profile based on the contents of this profile

To create a custom profile based on an existing one, click the ⊞ New profile button in the Actions column. This will bring up the new profile form.

This form will allow you to set the name of your custom profile, modify the default description, and select rules to remove from the default profile set.

Once created click over to the custom tab to continue.

2. Custom

Whenever you copy a default profile, it will appear in this custom tab. The name, version and description provided can be viewed here as well as the name of the user that created the profile.

Note: Currently only admin users can access enforcement profiles. Profiles will be integrated into the RBAC system in a later release.

The Actions provides 4 actions to be taken on any custom profile:

• 🛈 View Profile: Allows you to view the active rules in the profile
• ⤓ Download YAML: Downloads the profile as YAML to be used with Sicura Compliance Engine
• ⊞ New profile: Creates a custom profile based on the contents of this profile
• 🗑 Delete Profile: Removes the profile

Editing a profile

To edit a custom profile, use the 🛈 View Profile action, then click on the Edit Profile button.

This window provides details for a profile including its name, description, and the list of rules contained within that profile.

From here rules can be added or removed as a user sees fit.

Rules can be deleted from a profile by selecting the rules you don’t want and clicking on the ⮈ arrow to move them from the Active rules column to the Available rules column.

Rules can be added by selecting from the Available rules and clicking on the ⮊ arrow to move them to the Active rules column.

When finished, click on the Save Changes button.