Grouping policies for audit

The first step in creating a compliance audit is to group the policies against which you want to audit a specific group of target systems for compliance.

Note: Remember compliance audits only run on target systems whose OS match with that of policies. Therefore, it's recommended to group policies based on OS in order to effectively map them to targets belonging to the same OS.

To create a policy group,

  • Go to Compliance > Policy Groups.
  • If you're just starting out and haven't created a Policy Group yet, click on View Compliance Policies. It will open up a wizard that displays all the available policies along with their details such as the category of the policy, OS platform to which it applies, and the total number of rules against which targets will be scanned. Note: Once a policy group is created, the View Compliance Policies button will change to Create Policy Group.
  • Give a meaningful name to the Policy Group.
  • Select the policies you want to group together for audit. Clicking on a policy reveals a detailed breakdown. Refer to this document to learn more about the policies supported and how they're structured.
  • Click on Create Group.

The created group will be listed under the Policy Groups section. Click the created policy group to view the policies included in the group. You can use filters to view policies by Deprecation Status and OS platform. The deprecated policies refers to the obsolete policies that are superseded by their latest upgraded version. The deprecated policies will appear greyed-out in the console. Vulnerability Manager Plus immediately supports the superseded version of all the deprecated policies. Later when you map target system groups to this policy group, they will appear under the Mapped Target Groups section.

Under built-in templates, policy group templates built by consolidating policies based on OS and profile levels are readily available. Click a template to view the policies that are included in it. If you want to use these template policy groups for audit, click the Add to Policy Groups button against the desired templates. These templates will now be available under Policy Groups and can be used for audits.

Once a policy group is created, the next step involves mapping the policy group to the desired target group of systems and scheduling audit scans.