Jumbo hotfix take does not match requirement-checkpoint-all
Indeni can verify that the take of the jumbo hotfix installed is a specific one.
Install the correct jumbo hotfix take.
How does this work?
Using the Check Point command “installed_jumbo_take” we retreive the currently installed jumbo hotfixes.
Why is this important?
It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.
Without Indeni how would you find this?
An administrator could login and manually run the command.
name: chkp-asg-diag-verify-newer description: Check for any failures with asg diag verify type: monitoring monitoring_interval: 55 minute requires: vendor: checkpoint asg: true limited_availability_script: remove_this_line_to_enable_for_specific_customer comments: asg-test-state: why: | Check Point's scalable firewalls offer an on-demand diagnostic utility called "asg diag". It runs through a series of pre-defined diagnostics on both the hardware an software configurations. The benefit in leveraging asg diag is that it is packaged with proactive insights sourced by Check Point. how: | Indeni runs an iteration of the asg diag across all the tests available. Because running the report can take several minutes, Indeni pulls a report from the last iteration of the tests and identifies if any of the tests have failed. without-indeni: | An administrator could login and manually run the command. can-with-snmp: false can-with-syslog: false vendor-provided-management: | Running "asg diag" is only available from the command line. hotfix-jumbo-take: why: | It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents. how: | Using the Check Point command "installed_jumbo_take" we retreive the currently installed jumbo hotfixes. without-indeni: | An administrator could login and manually run the command. can-with-snmp: false can-with-syslog: false vendor-provided-management: Listing installed hotfixes is only available from the command line interface, and in some cases also via the WebUI and SmartUpdate. steps: - run: type: SSH file: asg-diag-verify.remote.1.bash parse: type: AWK file: asg-diag-verify.parser.1.awk
// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead. package com.indeni.server.rules.library.templatebased.crossvendor.compliance import com.indeni.server.rules.RuleContext import com.indeni.server.rules.library.templates.SingleSnapshotComplianceCheckTemplateRule import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity case class crossvendor_compliance_check_hotfix_jumbo_take() extends SingleSnapshotComplianceCheckTemplateRule( ruleName = "crossvendor_compliance_check_hotfix_jumbo_take", ruleFriendlyName = "Compliance Check: Jumbo hotfix take does not match requirement", ruleDescription = "Indeni can verify that the take of the jumbo hotfix installed is a specific one.", severity = AlertSeverity.WARN, metricName = "hotfix-jumbo-take", baseRemediationText = "Install the correct jumbo hotfix take.", parameterName = "Jumbo hotfix take", parameterDescription = "The jumbo hotfix take to look for.", expectedValue = "1" )()