Recently I've been working with a customer to showcase de security capabilities of Aria Automation for Secure Hosts (formerly SaltStack SecOps) which I could define into two distinct modules:
Vulnerability:
Allows the Security and IT team to scan and detect security advisories that reference the Common Vulnerabilities and Exposures (CVE), upon those finds you can easily remediate those systems with a click of a button.
Compliance:
Leveraging best practices and hardening Guides, such as CIS and NIST, allows you to define policies based on those benchmarks or even create your own custom policy. After policy definition you can asses your environment to find non-compliant systems and remediate them instantly, enhancing the secure posture of your environment.
I'm almost getting to the point of this post;
Where Aria Automation for Secure Hosts gets all this information from?
To make sure the solution has the most up-to-date security information, the RaaS service checks daily for the latest benchmarks, and security advisories along with the software packages or versions to fix them.
Luckily VMware consolidates the CVEs from multiples vendors into a central location, that way you don't need to open access to several locations: So you only want to allow access to:
https://enterprise.saltstack.com/secops_downloads - for Compliance content.
https://enterprise.saltstack.com/vman_downloads - for Vulnerability Management content
you can double-check that on the RaaS configuration file: /etc/raas/raas
One caveat, RaaS service itself does not know about system-wide proxy settings, so if you have to use proxies, don't forget to configure the RaaS service to do so. it's pretty good documented in the section Ingesting content via http(s) proxy
That's all, keep your environment safe folks !!!
