Custom profiles

A custom profile is a benchmark profile that you customize to fit your organization's internally defined standards. You can base a custom profile on an existing benchmark and profile combination, and then specify which rules to apply.

For example, assume that your Center for Internet Security (CIS) Benchmark includes a rule that prohibits users from reusing any of the last 24 passwords that they specified. However, your organization enforces a stricter password policy. In this case, you could create a custom profile that enforces all other benchmark rules but excludes the CIS password rule. In this way, you would achieve more realistic compliance scores.

Custom profiles are typically created for long-term use. During an audit, you can note that a custom profile is applied to meet your organization's requirements.

The Comply API allows you to retrieve lists of profiles and information about specific profiles using the Profiles endpoints.

Create a custom profile

Create a custom profile based on an existing benchmark.

  1. Navigate to Custom profiles.
  2. Click Create custom profile.
  3. Select a Benchmark and Profile.
  4. Deselect rules in the profile that you do not want to scan and click Next.
  5. Enter the name of the profile and, optionally, a description.
  6. Click Save custom profile.
    Your custom profile appears as an option when you assign the associated benchmark to a node.
What to do next
Navigate to Nodes to set your custom profile as the desired compliance for your nodes or perform an ad hoc scan by selecting your custom profile on the Scans page.
To apply a custom profile to several nodes simultaneously, go to the Inventory page and select the nodes. From the Actions menu, select Set desired compliance. In the Benchmark, Profile, and Custom profile fields, specify the desired compliance and click Update.
Restriction: The selected nodes must be running on the same operating system, and the latest version of the CIS-CAT Pro Assessor must be installed on each node.

Delete a custom profile

When a custom profile is no longer necessary, you can delete the profile.

CAUTION: After you delete a custom profile, you cannot restore it.
  1. In the Custom profiles table, select one or more profiles to delete.
  2. In the Actions drop-down menu, select Delete selected.
  3. When you are prompted to confirm the choice, click Delete.
Results
Any nodes that were assigned to the deleted custom profile are unassigned. During future scans, the nodes will not be checked against the deleted custom profile. Any nodes that were assigned to the deleted custom profile will be reassigned to their default profile.

Previously run scan reports will continue to show results that reflect the custom profile. However, the custom profile appears in red and will be flagged with a warning triangle. The hover help will indicate that the custom profile no longer exists.

Export a custom profile

You can export a list of all, many, or one of your custom profiles along with their details.

  1. In the Custom profiles table, select one or more custom profiles to export.
  2. Select Actions, then Export raw data.
  3. Write a name and description for the export.
  4. Click Submit.
  5. You can view your exported custom profiles in the Exported data tab.