Beginner’s guide to Comply
Welcome to the Beginner’s guide to Comply! As a new user, you'll need to perform some initial installation and configuration tasks, and then we'll show you how to use the core features of Comply.
Step 1: Install and configure Comply
Use the main documentation to install and configure Comply. If you've already completed these steps, proceed to step 2.
- Install Puppet Application Manager (PAM)
- Set up Comply
Step 2: Set desired compliance
Desired compliance is the benchmark and profile that you to assign to a particular node. It is what is scanned on that node by default. Most of the time, you only need to set this once for your nodes.
Based on fact information from PE, Comply can automatically assign an appropriate benchmark for each operating system, along with a Level 1 profile, to nodes that have not been set. This is the quickest way to get up and running with desired compliance. To manually choose your own benchmark and profiles, see Manually set desired compliance.
In Comply, click
Comply lists the nodes that have been classified with the
complyclass. If you do not see any nodes, ensure you have classified your nodes correctly.
In the message box that appears in the top right corner, click Apply
Comply automatically assigns profiles to all the nodes that have not already been set on your current page. To apply the suggested profile to all the nodes in your inventory, you must do this on every page.Tip: If you want to customize your scans to fit your organization's internally defined standards, see Creating custom profiles, which shows you how to exclude rules in a profile.
Step 3: Run a CIS scan
You are now ready to run a scan.
- In Comply, click Scan.
In the Benchmark drop-down, select Desired Compliance.
This scans each node with the profiles you assigned in the previous step.
- Click Next to review the PE credentials and environment you want the scan to run on.
Click Next to see the nodes selected for scanning.
To only scan a subset of nodes, deselect any that you do not want to include.
Click Scan and then Start.
You'll be taken to the Activity Feed, which lists each scan. Scans are run as a task in PE. To see the details of the job, click on the job ID to be taken to PE.Tip: You can also run a scan by clicking the Scan nodes button at the top right corner on several pages. This option uses the nodes listed on the page you are currently viewing.
In Comply, navigate to the Compliance
dashboard to see the results of your scan.
See Viewing scan results for a description of the scan data.