You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The only solution I've found is to import the checklists before I merge them into super checklists. But then, instead of errors, it just creates separate assets for each DB instance.
I have not modified the .ckl files. It's how they're created with Evaluate-STIG. To properly count assets, I'd like all of these be on the same asset.
Hi @Bwall95 What errors are you getting?
STIG Manager maintains a 1 to 1 relationship between Assets and STIGs. Only a single instance of a STIG can be assigned to an Asset, so the behavior you are seeing is by design.
Assets do not necessarily need to be equivalent to Hosts. For DBs and Web instances, each instance is considered an "Asset" and .ckl imports will create an expanded Asset name consisting of the hostname and web/db instance name. When exporting again, the .ckl will be reconstructed in the form of the original import.
There's more information about this processing here, in our docs: https://stig-manager.readthedocs.io/en/latest/installation-and-setup/data-and-permissions.html#ckl-processing
I'm not necessarily getting errors, and also I'm unsure how our process compares to others. but essentially eval-stig runs on every machine. The checklists are sent to the file share. We run a script to combine all the individual checklists into 1 super checklists per machine, and then that super checklists gets adjudicated with the super checklists we have stored in a "adjudicated" directory on the share to cover any NR's that remain from Eval-STIG/Answer files. The script we use to merge checklists modifies the XML's in a way that's incompatible with STIG manager for DB's.
The issue is, if we import individual checklists then we will have many NR's for our DB's. And I currently don't have a solution to adjudicate the individual checklists without merging them into a super checklist first. The only solution I see is to import the individual SQL server .ckl's into STIG manager and manually copy over the adjudicated information into STIG-Manager.
Are there any issues with our current process? How do others handle this? What's reccommended?
The solution was to create a PS script that separates the combined "SuperChecklists" back into individual checklists after the adjudication process. Then we were able to import with no issues to StigManager. Manual checklists such as Mcafee and vSphere had to be edited to have a hostname in the .ckl file.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The only solution I've found is to import the checklists before I merge them into super checklists. But then, instead of errors, it just creates separate assets for each DB instance.
I have not modified the .ckl files. It's how they're created with Evaluate-STIG. To properly count assets, I'd like all of these be on the same asset.
Beta Was this translation helpful? Give feedback.
All reactions