A baseline is a standard configuration that you can check against de-facto configurations. Baselines are a powerful tool to check if your systems are actually configured they way they should be, no matter if it comes to cyber security patches, software versions, or hardware configuration.
Defining a baseline
In order to define a baseline, go to WORKFLOW/AUDITS. There you see the list of existing baselines.
- In order to define a new baseline from scratch, click on "Add".
- In order to define a new baseline based on an existing baseline, select the baseline that you want to use as a template and click on "Clone".
- In order to modify an existing baseline, click on "Edit".
Thereafter, the add/edit baseline dialog pops up.
You can use the following sections and fields to define your baseline:
- Name: You must assign a unique name to each baseline.
- Description: Specify what this baseline is about, such a a configuration standard for operator stations.
- Comments: Any comments that are helpful for other users to understand the baseline and its implications.
- Hardware: Here you can define any specific hardware products that must be used for devices covered by this baseline, such as specific computer models. If you specify more than one hardware product, a device is considered compliant with the baseline if it uses either of these products.
- Modules: The hardware modules that must be present for a device compliant with this baseline, such as specific interface cards. A device will only be considered compliant if all modules are present.
- Required Software: Software products that are mandatory in order for a device to be compliant. For embedded devices, you can also specify firmware versions. If you specify multiple software/firmware products, all these products must be present in order for a device to be compliant.
- Prohibited Software: Software products that must not be installed on a device. An example would be software that is known to be prone to security vulnerabilities, such as Adobe Flash Player.
- Reference: Allows you to specify a reference system from which a default configuration is taken (see below).
- Files: Here you can attach any files that could be helpful, such as configuration guidance, software images, etc.
Using a reference system to define a baseline
Sometimes you want to model a baseline around an existing configuration. In this case you don't have to specify all the required software products etc. from scratch.
Instead, click on the Reference tab and select the device that shall act as the reference system. In the drop-down list that is opened after clicking the down arrow of the edit field, you can filter the device list by entering characters in the filter bar, as in the following example.
After having specified a reference system, hardware, modules, and required software will be set to the values of the reference system. You can still edit all list to remove or add items.
If the configuration of your reference system has changed and you want to see the changes reflected in the baseline, you need to click the "Refresh" button next to the reference system's ID.
Associating a baseline with devices
In order for a baseline to become effective for any device you must associate it with the target devices. In order to do this, go to INVENTORY/DEVICES and select the device(s) you want to associate with the baseline. Remember that you can select multiple devices using Shift-Left Click and Control-Left Click. Then click on "Edit".
Baseline compliance in device profiles
After you have associated a device with a baseline, a new Compliance section will appear in the device profile that informs you about
- the baseline that is associated with the device
- if the device is compliant with the device or not
- any reasons for non-compliance.
In the following example, it is indicated that the device is non-compliant because it is running the wrong firmware version.
You can launch the profile of a baseline by selecting the baseline in the baseline list and then click on "Profile", or by clicking on the baseline's name in a device profile.
The baseline profile contains all the information that you have specified in the baseline definition. It also shows you which devices have been associated with this baseline, and their compliance with the baseline. An orange "X" tells you that a device is non-compliant. In order to find out the reason for non-compliance, you click on the device ID of the device in order to launch the device profile.