Compliance audits

So, I’m trying to understand how the compliance audit feature works. Running a policy audit seems to be…useless?

I’ve tried selecting creating an audit with an existing policy (IT-Grundshutz). I get 23 log results, and compliance percentage of “N/A”, and only log results. One of which is:

IT-Grundschutz, Kompendium 0.0 (Log) 95 % 10.100.2.130 zapazoid.xxxx.net general/IT-Grundschutz Wed, Apr 7, 2021 5:32 PM UTC

What is that even telling me? It’s a “log” level message, none of which are displayed by default, and which I imagine most “policy” type checks are. Did I pass my randomly selected policy? Fail? It couldn’t be run?

What I’d like to do, is write or re-use a bunch of individual policy checks so that I can see what specific items comply, and which do not. Just reporting %25 compliance isn’t useful. I don’t care about CVE checks specifically in this particular case.

How do I do that, and what am I doing wrong?

1 Like

Please check out fine documentation:

https://docs.greenbone.net/GSM-Manual/gos-20.08/en/compliance-and-special-scans.html#it-grundschutz

1 Like

If you are using the Greenbone Source Edition, please also have a look at my additional explanation here:

2 Likes