What are the requirements to convert the CIS pdf policy to XML file to import it to qualys. i want to convert many technologies policy to XML and import them to qualys.
To understand your question a bit, you want to be able to use a CIS-based policy within Qualys, correct? Qualys has a couple of pre-built CIS policies (under PC, go to Policies->New->Import->Import from Template), which lists a series of CIS policies for different technologies (2k, 2k3, 2k8, etc).
Let me know if that covers what you needed.
Thanks Chirag for the reply.
The pre-built policies are few (only Win xp, 2000,& 2003), win 2008 are not available. additional to that i need to import policies for example (AIX, Solaris, SQL, Oracle, andt etc....), i need the XML files for these technologies to import them to Qualys.
The current scenaria is to download all the controls for the technology after creating the policy, then arrange them in section wise which double the work.
I'm suggesting if we have a pre-built polices for the all technologies or XML fils that will help us in creating the policies
We're facing the same issue with our customer who wants to migrate over from a different solution but is unable to import his baselines.
What we're doing in this case is helping them build the policies - since they're already a customer, we're able to work that into our cost. I don't want to make this a sales talk, but I'm open to investigating this option if you like.
Basically though, there seem to two options at the moment based on my understand:
- manually build the policies/controls (or get someone to do it for you)
- use the golden image option - where you pick a server etc that has the controls the way you want (or is compliant with most of it), and map that into the policy with some tweaking. This won't eliminate the work, but would reduce it quite a bit.
Hope this helps,
Retrieving data ...