SaltStack SecOps is a compliance and vulnerability management application that can automate security remediation.

SaltStack SecOps allows you to scan your system for compliance against various security benchmarks, detect system vulnerabilities, and remediate your results. SaltStack SecOps includes both SaltStack SecOps Compliance and SaltStack SecOps Vulnerability services.

SaltStack SecOps Compliance scans your system for compliance with supported security benchmarks from accredited institutations (such as CentOS Linux Level 1 and 2 Senior and Workstation) and allows you to remediate nodes that are not in compliance. It includes two compliance libraries:
  • Compliance Content Library - Built-in security content
  • Compliance Content Custom Library - Custom checks and benchmarks defined and uploaded by your organization.

SaltStack SecOps Vulnerability scans your system for common vulnerabilities and exposures (CVEs), and then remediates any identified advisories. It includes a built-in advisories vulnerability library.

Content libraries are updated regularly as security standards change. You can also configure content to download automatically as updates become available, or download content manually. To manually check for updates and download content, click Administration > Secops > and click either Check for Updates or Upload Package underneath the desired content library.

Note: Before you can use SaltStack SecOps, you must have SaltStack Config installed and configured. However, SaltStack SecOps requires a separate product license from SaltStack Config. Contact a sales representative for more information.