The Security [2] Attack Surface Dashboard

The Attack Surface dashboard utilized various validation scripts to ensure the monitored hosts meet basic security and best practices guidelines. To make it easier to prioritize resolving issues identified by the validation checks, the scripts are grouped into Workstation, Server & Domain Controllers.

Numbers shown in the tiles reflect the number of validation checks that failed for this particular host type (e.g. Server) and validation tag (e.g. #security-server). Clicking the tile will run the respective reports and show all failed validation checks.

Prerequisites
This dashboard requires that the tags listed below are assigned to one or more validation script packages. The respective packages can be downloaded through an online package update (Management Console -> Packages -> Update) or by manually importing (Management Console -> Packages -> Import) the JSON package file below.

#domaincontroller
#bestpractice-domaincontroller
#bestpractice-server
#bestpractice-desktop
#cis-csc-server
#cis-csc-desktop
#privacy-server
#privacy-desktop
#security-server
#security-desktop

validation_dashboard.json

Reports
All tiles utilize reports from the Security [2] Attack Surface category, which can be found under Reports ->My Reports. These reports can be adjusted if there are valid reasons that the recommended settings would not work. Individual scripts that are not applicable can also be blocked in the respective Validation Scripts packages in the management console.

The reports can also be scheduled with jobs, for example to get an email on the condition that a report contains data (implying that there are failed validation scripts).

Practical Approach
Since it is likely that this dashboard will initially contain a large number of failed validations, it's important to take a structured approach to resolve deficiencies. In many environments it will take time to correct the underlying OS settings which cause scripts to fail: Consider this a long-term effort that will pay significant dividends when completed. Below are some approaches that may work in your environment:

• Start by identifying and resolving failed checks that have little or no impact on your environment. After successfully reducing the number of failed checks, establish a procedure for the remaining checks.
• Focus on failed checks that affect the most hosts - this can result in a more visible impact initially.
• Focus on resolving failed & critical checks on high-risks assets, e.g. domain controllers or specific servers

IMPORTANT: Correcting some failed checks may break legacy functionality in your environment, when unsure always test settings first