Application Baseline

Owned by Sneha B A (Unlicensed)
Last updated: Sept 27, 2022
5 min read

 

Add a rule for Application Baseline Globally or at the Company level

CyberCNS can help you define a Mandatory or Denied list of application(s) at the Company level and report data based on the rules set. Post Scan, this data can be found in Remediation Plan to help you take remedial action.

Company Level

  • On the Main menu() Navigate to the Application Baseline tab.

  • Click on +Add to add a New Rule Name.

  • In the depicted below image enter the Rule Name and Select the OS Type(Windows, Linux, Mac) as required.

  • To apply the rule, select the Type. The type can be chosen in two ways:

Application.

Service.

Application Type

  • Enter the details of OS Name (mention sub-OS as per requirement here), and you can set up Denied Application by adding details of Denied Application(s), and similarly, you can set up Mandatory Application(s) by adding details of Mandatory Application(s). Once Application details are complete, click on + to add the application(s) in both fields. This will add the rule for the Denied Application(s) and Mandatory Application(s). Add multiple rules here as per the requirement and click on Save. Select the Regex option in case needed.

  • Anytime it is possible to delete the added details of Denied and Mandatory Application(s) if needed.

  • Enter the Ignore Tags and the Include Tags.

  • CyberCNS Lightweight agent can be selected as a Mandatory application as depicted in the below image.

  • Once the above details are saved, the application updated will be notified as a Process initiated successfully, Added successfully, message.

  • After successfully adding the rule, navigate to the Probes/Agents tab and select Offline Vulnerability Scan to see the results in the Remediation Plan.

Service Type

  • You can set up Denied Service by adding details of Denied Service(s), and similarly, you can set up Mandatory Service(s) by adding details of Mandatory Service(s). Once Service details are complete, click on + to add the Service(s) in both fields. This will add the rule for the Denied Service(s) and Mandatory Service(s). Add multiple rules here as per the requirement and click on Save. Select the Regex option in case needed.

  • Anytime it is possible to delete the added details of Denied and Mandatory Service(s) if needed.

  • Enter the Ignore Tags and the Include Tags.

  • CyberCNS Lightweight agent can be selected as a Mandatory application as depicted in the below image.

  • Once the above details are saved, the application updated will be notified as a Process initiated successfully, Updated successfully, message.

  • After successfully adding the rule, navigate to the Probes/Agents tab and select Offline Vulnerability Scan to see the results in the Remediation Plan.

Regex Condition

Regular expressions (abbreviated as "regex") are specific strings that represent a pattern to be searched for.

  • If an application is marked as Microsoft in Denied or as a Mandatory Application, all Microsoft applications will be listed in the Remediation Plan for removal or installation.

  • In the screenshot below, can see a list of Microsft applications that have been identified as Denied applications in the Application Baseline.

  • The application added as Mandatory Application & which is already installed in the system, that application doesn't appear in the Remediation Plan.

  • The application added a s Denied Application and which is not there in the system, that application doesn’t appear in the Remediation Plan.

  • Once the rule is applied, navigate to the Remediation tab and can view the Denied application and Mandatory application.

  • There is an option to Edit and Delete the Application Baseline Rules using the Action column. Any Rules can be edited and deleted if needed.

  • It is possible to download the Full data or the Filtered data of the Application Baseline Rules by clicking on the () download option, where the data will be downloaded in XLSx format.

Global Level

  • On the Main menu() Navigate to the Application Baseline tab.

  • Click on +Add to add a New Rule Name. Enter the details of the Application for Denied and Mandatory. In case need to add Services enter the details of the Services for Denied and Mandatory.

  • After successfully adding the rule, navigate to the Probes/Agents tab and select Offline Vulnerability Scan to see the results in the Remediation Plan.

  • Once the rule is applied, navigate to the Remediation tab and can view the Denied application and Mandatory application.

  • This completes the documentation of the Application Baseline.