To begin using SaltStack SecOps Vulnerability, first create your security policy. In your policy, add the minions you want to target in an assessment and determine the assessment’s run schedule.

A vulnerability policy is comprised of a target and an assessment schedule. The target determines which minions to include in an assessment and the schedule determines when assessments will be run. A security policy also stores the results of the most recent assessment in SaltStack SecOps Vulnerability. Policies can also include schedules, as well as specifications for handling exemptions.

Component Description
Target A target is the group of minions, across one or many Salt masters, that a job’s Salt command applies to. A Salt master can also be managed like a minion and can be a target if it is running the minion service. When you choose a target in SaltStack SecOps Vulnerability, you define the group of assets (referred to as minions) your policy will apply to. You can choose an existing target or create a new one.
Schedule Choose the schedule frequency from Recurring, Repeat Date & Time, Once, or Cron Expression. Additional options are available, depending on the scheduled activity, and on the schedule frequency you choose.
  • Recurring - Set an interval for repeating the schedule, with optional fields for start or end date, splay, and maximum number of parallel jobs.
  • Repeat Date and Time - Choose to repeat the schedule weekly or daily, with optional fields for start or end data, and maximum number of parallel jobs.
  • Once - Specify a date and time to run the job.
  • Cron - Enter a cron expression to define a custom schedule based on Croniter syntax. For best results, avoid scheduling jobs less than 60 seconds apart when defining a custom cron expression. For more information, see the Cron Editor for guidelines.
    Note: In the schedule editor, the terms “Job” and “Assessment” are used interchangeably. When you define a schedule for the policy, you are scheduling the assessment only - not the remediation.
  • Not Scheduled (on demand) - Choose to run only single assessments as needed. No set schedule is defined.

Prerequisites

Before creating your first security policy, you need access to the vulnerability library. For more information, see Using the vulnerability library for more information.

You must also create the targets that you want to assess before creating your policy. A target is the group of assets (referred to as minions) your policy will apply to.

Procedure

  1. In the Vulnerability workspace, click Create Policy.
  2. Enter a policy name and select the target you want to access.
    Note: Scanning a large number of minions might result in long processing times. This could also delay other processes, such as jobs running, in SaltStack Config. Make sure to account for extra time required to run large assessments.
  3. Define a schedule frequency.
  4. (Optional) Select Run assessment on save.
  5. Click Save.

Results

The policy is saved. If you selected Run assessment on save, the policy is run immediately after saving. If necessary, you can edit a policy by selecting the policy from the Vulnerability workspace and clicking Edit Policy and then Save.