Zoom Compliance Checks

Check Type

All Zoom compliance checks must be bracketed with the check_type encapsulation and the Zoom designation.

This is required to differentiate .audit files intended specifically for Zoom from other types of compliance audits.

Checks

The following sections describe the checks you can add to a single audit file.

• KB_VALUE

• REST_API

KB_VALUE

The KB_VALUE check fetches data from the Knowldegebase (KB) and analyzes the output with regular expressions to identify if the data associated with the provided path matches the expected output. The plugin creates a KB for each target during a Tenable Nessus scan and shares the collected information with other plugins.

Usage

kb_path

The kb_path is the path to the KB value(s) to be evaluated.

regex

(Optional) The regex is used to filter the full configurations, or each of the context configurations, to a smaller set of lines of text based on the regular expression. Multiple regex can be used to narrow down the searchable configuration, and they are applied in the order that they are listed in the check.

expect

For expect, if the regular expression matches a line of text, the check result is PASSED. If there are no matches, the check result is FAILED.

To indicate if all lines need to match or that lines are case-sensitive, use the modifiers match_all or match_case.

kb_path_required

(Optional) The kb_path_required field can be set to specify if the audited kb_path is required to be present or not. If this option is not set, it is assumed it is required.

match_all

(Optional) Set match_all to YES to require all lines of text to match the expectation, and not just a single line of text. If you set match_all to the default of NO, only one line must match for the check to pass.

match_case

(Optional) Set match_case to YES to make the comparison case-sensitive. Set match_case to the default of NO to make the comparison case-insensitive.

Examples

REST_API

The REST_API check fetches data from the request endpoint and analyzes the output with regular expressions to identify if the data associated with the request matches the expected output.

Usage

request

Specifies the API endpoint name from which the plugin fetches results.

json_transform

Optional) The json_transform is a jq expression used to transform and format json results returned from an endpoint. This is helpful for reducing output to only the fields required for assessment.

regex

(Optional) The regex is used to filter the full configurations, or each of the context configurations, to a smaller set of lines of text based on the regular expression. Multiple regex can be used to narrow down the searchable configuration, and they are applied in the order that they are listed in the check.

expect

For expect, if the regular expression matches a line of text, the check result is PASSED. If there are no matches, the check result is FAILED.

To indicate if all lines need to match or that lines are case-sensitive, use the modifiers match_all or match_case.

match_all

(Optional) Set match_all to YES to require all lines of text to match the expectation, and not just a single line of text. If you set match_all to the default of NO, only one line must match for the check to pass.

match_case

(Optional) Set match_case to YES to make the comparison case-sensitive. Set match_case to the default of NO to make the comparison case-insensitive.

Example