Beginner’s guide to Comply

Welcome to the Beginner’s guide to Comply! As a new user, you'll need to perform some initial installation and configuration tasks, and then we'll show you how to use the core features of Comply.

You're just a few steps away from enforcing compliant configurations across your infrastructure. Before you begin, we recommend familiarizing yourself with our terminology and Comply overview.

Step 1: Install and configure Comply

Use the main documentation to install and configure Comply. If you've already completed these steps, proceed to step 2.

  • Install Puppet Application Manager (PAM)
  • Set up Comply

Step 2: Set desired compliance

Desired compliance is the benchmark and profile that you to assign to a particular node. It is what is scanned on that node by default. Most of the time, you only need to set this once for your nodes.

Based on fact information from PE, Comply can automatically assign an appropriate benchmark for each operating system, along with a Level 1 profile, to nodes that have not been set. This is the quickest way to get up and running with desired compliance. To manually choose your own benchmark and profiles, see Manually set desired compliance.

  1. In Comply, click Nodes.
    Comply lists the nodes that have been classified with the comply class. If you do not see any nodes, ensure you have classified your nodes correctly.
  2. In the message box that appears in the top right corner, click Apply suggested profiles.
    Comply automatically assigns profiles to all the nodes that have not already been set on your current page. To apply the suggested profile to all the nodes in your inventory, you must do this on every page.
    Tip: If you want to customize your scans to fit your organization's internally defined standards, see Creating custom profiles, which shows you how to exclude rules in a profile.
Results
The ✔️ sign in the Profile assigned column tells you that the desired compliance is set. You can view the node's information, including its assigned benchmark and profile, by clicking on the node. If you want to change a node's desired compliance, use the drop-down menu and click Update.

Step 3: Run a CIS scan

You are now ready to run a scan.

  1. In Comply, click Scan.
  2. In the Benchmark drop-down, select Desired Compliance.

    This scans each node with the profiles you assigned in the previous step.

  3. Click Next to review the PE credentials and environment you want the scan to run on.
  4. Click Next to see the nodes selected for scanning.
    To only scan a subset of nodes, deselect any that you do not want to include.
  5. Click Scan and then Start.
    You'll be taken to the Activity Feed, which lists each scan. Scans are run as a task in PE. To see the details of the job, click on the job ID to be taken to PE.
    Tip: You can also run a scan by clicking the Scan nodes button at the top right corner on several pages. This option uses the nodes listed on the page you are currently viewing.
  6. In Comply, navigate to the Compliance dashboard to see the results of your scan.
    See Viewing scan results for a description of the scan data.
Results
Congratulations! You've completed the Beginner’s guide to Comply. You're now familiar with the core features and know how to run CIS scans with Comply.