Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Perform Custom Compliance Scans

Paragon Automation automatically runs scans to assess the targets in the network. While automatic scans check for compliance of all targets in the network, you can initiate custom scans to scan specified targets.

You can run a custom scan in the following ways:

  • Adding details directly on the UI.

  • Uploading a preconfigured JSON File.

To run a custom scan:
  1. Click Trust > Compliance > Compliance Scan.
    The Compliance page appears.
  2. Click the add icon (+).

    The Create Compliance Scan wizard appears.

  3. Choose any one of the following options to configure the custom compliance scan:
    • To enter details directly on the UI, perform the steps that are described in Enter Details Directly.

      Note:

      If you choose to enter details directly on the UI, do not upload a JSON file.

    • To upload a preconfigured JSON file, perform the steps that are described in Upload JSON file.

    Enter Details Directly

    1. (Optional) Enter a name for the scan in the Scan Name field.

      The name can contain alphanumeric characters and some special characters [hyphen (-), underscore (_), period (.), and colon (:)] and cannot exceed 64 characters. If you do not enter a name, the scan name is auto-generated.

    2. (Optional) Enter a description for the scan in the Scan Description text box.

    3. Click Next to view the Select Benchmark section. The source, benchmarks document, and version are selected by default.

    4. Select a benchmark profile depending on the level of security of the scan to be performed.

      A benchmarks document may have one or more profiles. The value <default> indicates that you haven't selected a security profile. For more information, see Table 1.

      (Optional) Click Clear to clear the information that you provided in the Select Benchmark section.

    5. Click Next to view the Tailor section.

    6. (Optional) Select a tailoring document and version from the Name and Version drop-down lists respectively.

      Alternatively, click Clear to clear the information that you provided in the Tailor section.

    7. Click Next to view the Select Targets section.

    8. On the Select Targets section, select one or more targets that you want to scan from the Available Targets box and click the > icon to move the targets to the Selected Targets box.

    9. Click Next to view the Labels section.

    10. (Optional) On the Labels section, click add (+) to define a key-value pair. Labels (keypair) help you identify scans that you initiated. You can use these labels to filter completed scans.

    11. Click Next to view the Review section.

      You can review the information that you entered on the Create Compliance Scan wizard in this section. The three accordions in this section provide information about benchmarks details, tailoring details, and labels assigned to the specified targets. The accordions are:

      1. Benchmark Details—View the rules that are defined in the benchmarks document for the scan. See About the Compliance Benchmarks Page.

      2. Tailoring Details—View the selected tailoring values for the scan. See About the Compliance Tailoring Page.

      3. Add Labels—View the defined key-value pair for the scan. See Compliance Scans Overview.

      (Optional) To edit information in any section of the wizard, click Back to navigate to that section. After you edit information, click Next to proceed to the next section.

    Upload JSON File
    1. Click Browse to upload a preconfigured custom compliance scan configuration file in the JSON format.

      Note:

      Ensure that the JSON file contains all the details required for each field that you want to scan.

      Alternatively, to remove the uploaded JSON file, click Clear.

    2. (Optional) Enter a name for the scan in the Scan Name field.

      The name can contain alphanumeric characters and some special characters [hyphen (-), underscore (_), period (.), and colon (:)] and cannot exceed 64 characters. If you do not enter a name, the default scan name is auto-generated.

    3. (Optional) Enter a description for the scan in the Scan Description text box.

    4. Click Next to view the Review section of the Create Compliance Scan wizard.

      The fields (see Table 1) on the Create Compliance Scan wizard are populated with the information available in the JSON file that you uploaded.

      You can review these details in this section. The three accordions in this section provide information about benchmarks details, tailoring details, and labels assigned to the specified targets. The accordions are:

      1. Benchmark Details—View the rules that are defined in the benchmarks document for the scan. See About the Compliance Benchmarks Page.

      2. Tailoring Details—View the selected tailoring values for the scan. See About the Compliance Tailoring Page.

      3. Add Labels—View the defined key-value pair for the scan. See Compliance Scans Overview.

  4. Do any of the following:
    • Click Cancel to exit the wizard without saving changes.

    • Click Back to go to the Labels page.

    • Click Export to download the details in the JSON file format.

      You can upload this file when you want to run a custom compliance scan with the same details available in the JSON file that you exported.

    • Click Scan to initiate the scan.

      The newly initiated scan is listed on the Compliance page. After the scan is completed, you can analyze the scan results. For more information, See Analyze Scan Results.

    Table 1: Fields on the Create Compliance Scan Wizard

    Field

    Description

    Source

    Select the organization that provides the benchmarks document. For example, Center for Internet Security (CIS).

    Benchmark

    Select the benchmarks document applied on the network.

    Version

    Select the version of the benchmarks document.

    Profile

    Select a security profile. A typical benchmarks document has three recommended profiles: default, Level 1 and Level 2. While the profile Level 1 is the base recommendation that doesn’t cause much performance impact, Level 2 is for environments that need stricter security enforcement. The default profile is applied if no profile is selected.