Compliance audits

vsdc · April 7, 2021, 6:40pm

So, I’m trying to understand how the compliance audit feature works. Running a policy audit seems to be…useless?

I’ve tried selecting creating an audit with an existing policy (IT-Grundshutz). I get 23 log results, and compliance percentage of “N/A”, and only log results. One of which is:

IT-Grundschutz, Kompendium 0.0 (Log) 95 % 10.100.2.130 zapazoid.xxxx.net general/IT-Grundschutz Wed, Apr 7, 2021 5:32 PM UTC

What is that even telling me? It’s a “log” level message, none of which are displayed by default, and which I imagine most “policy” type checks are. Did I pass my randomly selected policy? Fail? It couldn’t be run?

What I’d like to do, is write or re-use a bunch of individual policy checks so that I can see what specific items comply, and which do not. Just reporting %25 compliance isn’t useful. I don’t care about CVE checks specifically in this particular case.

How do I do that, and what am I doing wrong?

Lukas · April 11, 2021, 9:24am

Please check out fine documentation:

https://docs.greenbone.net/GSM-Manual/gos-20.08/en/compliance-and-special-scans.html#it-grundschutz

Martin · April 15, 2021, 12:13pm

If you are using the Greenbone Source Edition, please also have a look at my additional explanation here:

Thorsten1972 · January 12, 2022, 3:40pm

Hi,
I tried this out too but I only see “Compliance Status” 42 % but no further information under “Results”.
I would expect to see what is wrong or missing. Is that why we are using the free version from Greenbone ?
Thanks