Do you think IIT Guwahati certified course can help you in your career?
Introduction
Do know what is Puppet? Puppet is a tool that helps us to manage and automate the configuration of servers. But do you know about Puppet Comply? No worries, in this blog, we will learn about Puppet Comply, Comply terminology, Supported CIS Benchmarks, CIS scan reports, CIS scan report details, and desired compliance.
Fine! So let us learn about Puppet Comply.💫
What Is Puppet Comply❓
Puppet Comply is a tool that evaluates the infrastructure you administer with Puppet Enterprise. Puppet Enterprise (PE) is used by comply to retrieve node and fact data. Comply must be set up to work with PE after installation. In comparison to CIS Benchmarks, which represent the industry's best practices for securely configuring systems.
Comply allows you to:
Run scans on up to 5000 nodes to determine whether your infrastructure complies with CIS Benchmarks.
Set your desired compliance, which serves as a baseline and profile against which your scans will be compared.
specify which rules you want to appear in scan reports by customizing profiles.
Establish the root cause and point of origin of compliance failures and decide which system configurations need to be changed.
Comply Terminology
Let’s discover the key phrases related to puppet comply.
👉CIS Benchmarks
CIS Benchmarks are standards and best practices for securely configuring systems. These were created by the Center for Internet Security (CIS).
👉CIS Assessor
It is the scanner tool that evaluates CIS benchmarks. The CIS assessor (CIS-CAT PRO) integrates with Comply. The CIS assessor is installed on your target nodes by Puppet Enterprise (PE) as part of the Comply configuration process.
👉Profiles
The CIS Benchmarks have various profiles or levels of security settings. Every system should use Level 1 profiles as a starting point, and Level 2 profiles for environments that demand higher levels of security. Both profiles can be detected by Comply.
👉Rules
Multiple rules that define particular system configuration elements are contained in each profile.
👉Custom Profiles
A custom profile is a benchmark profile that you can alter by specifying which rules you want to show in scan reports in order to confirm the internal standards of your organization.
👉Desired Compliance
The benchmark and profile that you give a node are known as desired compliance. It turns into the standard scan for that node.
Supported CIS Benchmarks
Comply supports the following CIS operating system benchmarks.
The Scans page lists every scan that was performed during the specified scan data retention period.
The following details are available under the Scan reports tab on the Scans page:
👉Name - The name given to the scan.
👉Scan type - Ad hoc or scheduled.
👉Environment - Production environment.
👉Nodes scanned - The total number of nodes.
👉Compliance - The percentage of nodes that passed compliance.
👉Time started - The date and time stamp when the scan was initiated.
To access the scan report page for any given scan, click the row assigned. This page contains all the details.
CIS scan report details
A selected CIS scan's detailed report is available on the Scan report page.
Compliance scan status and Puppet Enterprise job status are separated into separate sections of the metrics bar at the top of the Scan report page.
The number of nodes that have passed and failed compliance, the error percentage, the rules that couldn't be evaluated across nodes, and the scan initiation date and time are all briefly summarised in the Compliance scan status section.
The number of nodes that successfully ran the CIS scanner job, the number that failed to run the job, and the number of nodes that displayed an error for the scanner job are all displayed in the Puppet Enterprise job status section.
You can start a fresh scan by clicking Run an ad hoc scan on the Scans page.
On the Scan report page under the Nodes tab, more specific information is provided regarding the success and failure of rules. Details on how each rule was performed during the scan are available under the Rules tab.
Desired compliance
You can set the compliance level by your desire. This is the benchmark and profile that you give. A certain node is scanned automatically. In most cases, you can set compliance only once for each of your nodes.
For nodes that have not been set based on fact information from PE, Comply automatically assigns a Level 1 profile and an appropriate benchmark for each operating system. The quickest way to start operating with the desired compliance is to choose this option.
The✔️ symbolin the profile assigned column tells us that the desired compliance is set. By clicking on the row corresponding to the node, you can view its details, including its assigned benchmark and profile.
We hope you have understood everything about puppet comply. 🙌
With the aid of Puppet, you can manage and automate the configuration of servers. When using Puppet, you specify the ideal state for the infrastructure systems that you want to manage.
What is DevOps?
DevOps is a collection of cultural ideas, operational procedures, and technical resources that enhance an organization's ability to deliver products and services rapidly.
Why Puppet Comply?
Continuous compliance monitoring across hybrid infrastructure is made possible by Puppet Comply with less manual labor and overhead.
Does Puppet Comply support the Windows 11 CIS operating system benchmark?
Yes, Puppet Comply does support the Windows 11 CIS operating system benchmark.
What are CIS Benchmarks?
The Center for Internet Security (CIS) has developed a set of best practices called the CIS Benchmarks to assist security practitioners in implementing and managing their cybersecurity defenses.
Conclusion
In this blog, we got an overview of Puppet Comply. You can refer to similar articles for more information
34+ registered 
