FireEye Keywords

The following table indicates how each keyword in the FireEye compliance checks can be used:

Keyword	Example
type	CONFIG_CHECK CONFIG_CHECK_NOT RANDOMNESS_CHECK
description	This keyword gives a brief description of the check that is being performed. It is required that description field be unique and no two checks should have the same description field. Tenable uses this field to auto generate a plugin ID number based on the description field. Example: description: " Verify login authentication"
info	This keyword allows users to add a more detailed description to the check that is being performed. Multiple info fields are allowed with no preset limit. The info content must be enclosed in double-quotes. Example: info: "Verifies login authentication configuration."
see_also	This keyword allows users to include links that might provide helpful information about a check. Example: see_also: "http://www.fireeye.com/support/"
reference	This keyword allows including cross references for audit checks. Example: reference: "PCI\|2.2.3,SANS-CSC\|1"
solution	The keyword provides text to include solution text to fix a compliance failure. Example: solution: "Modify the configuration to add missing line"
severity	This keyword allows users to set the severity of the check. The severity can be set to HIGH, MEDIUM, or LOW. Example: severity: MEDIUM
regex	This keyword allows enumerating items that match a particular regex expression. If a check has “`regex`” keyword set, but no “`expect`” or “`not_expect`” keyword is set, then the check simply reports all items matching the regex. Example: regex: "power-state.+"
expect	This keyword allows searching within the lines found by regex. All lines found by regex must match the expect setting for the check to pass. If no regex was provided, all lines will be checked but only one needs to be found. Example: regex: "power"
not_expect	Similar to `expect`, but if any matches are found, the check fails. If both `expect` and `not_expect` are omitted, all applicable lines will be reported as an info message.
min_occurrences	Specifies the minimum number of occurrences of the configuration item required to pass the audit. Example: min_occurrences: 3
max_occurrences	Specifies the maximum number of occurrences of the configuration item allowed to pass the audit.
required	This keyword allows specifying if a check match is required or not. The value of the required field can be YES, NO, ENABLED, or DISABLED. Example: required: YES
cmd	This allows users to run a show command. Example: cmd: "show version" Only “`show`” commands are allowed. <item> type: CONFIG_CHECK cmd: "show version" description: "Show Product version" regex: "Product model:" expect: "1234" </item>