Custom Items
A custom item is a complete check defined on the basis of the keywords defined above. The following is a list of available
custom item types. Each check starts with a <custom_item>
tag and ends with </custom_item>
. Enclosed within the
tags are lists of one or more keywords that are interpreted by the compliance check parser to perform the checks.
Tip: Custom audit checks may use </custom_item>
and </item>
interchangeably for the closing tag.
Note: All built-in and custom_item checks support the following optional keywords:
-
info — Allows you to add a more detailed description to the check that is being performed. Multiple info fields are allowed with no preset limit. The info content must be enclosed in double-quotes.
Example: info: "Verifies login authentication configuration."
-
solution — Allows you to add solution text to fix a compliance failure.
Example: solution: "Modify the configuration to add missing line"
-
see_also —Allows you to include links that might provide helpful information about a check.
Example: see_also: "http://www.fireeye.com/support/"
-
reference — Allows you to include cross references for audit checks.
Example: reference: "PCI|2.2.3,SANS-CSC|1"
This section includes the following information:
- ANONYMOUS_SID_SETTING
- AUDIT_ALLOWED_OPEN_PORTS
- AUDIT_DENIED_OPEN_PORTS
- AUDIT_EXCHANGE
- AUDIT_FILEHASH_POWERSHELL
- AUDIT_IIS_APPCMD
- AUDIT_POLICY
- AUDIT_POLICY_SUBCATEGORY
- AUDIT_POWERSHELL
- AUDIT_PROCESS_ON_PORT
- AUDIT_USER_TIMESTAMPS
- BANNER_CHECK
- CHECK_ACCOUNT
- CHECK_LOCAL_GROUP
- FILE_AUDIT
- FILE_CHECK
- FILE_CONTENT_CHECK
- FILE_CONTENT_CHECK_NOT
- FILE_PERMISSIONS
- FILE_VERSION
- GROUP_MEMBERS_POLICY
- KERBEROS_POLICY
- LOCKOUT_POLICY
- PASSWORD_POLICY
- REG_CHECK
- REGISTRY_AUDIT
- REGISTRY_PERMISSIONS
- REGISTRY_SETTING
- REGISTRY_TYPE
- SERVICE_AUDIT
- SERVICE_PERMISSIONS
- SERVICE_POLICY
- USER_GROUPS_POLICY
- USER_RIGHTS_POLICY
- WMI_POLICY