Run an ad hoc scan
Should you prefer to run ad hoc scans using the
Security Compliance Management API, you can use one of the following
endpoints:- Custom Scan API. Run an ad hoc scan with custom CIS profiles.
- Scan API. Run an ad hoc scan with a provided CIS profile.
Run your desired compliance scan or an ad hoc scan on your nodes.
- In Security Compliance Management, click Scan
reports or Scan schedules, and then Run an
ad hoc scan.
- In the drop-down menu, select Desired compliance or
Custom.
If you have not set desired compliance, follow the instructions in Setting desired compliance.
- If you selected Custom, select a benchmark from the Benchmark
drop-down menu, then select an option from the
Profile drop-down menu. To use a custom profile
for this scan, select the Use an associated custom
profile? option and choose the relevant option from the
Custom profile drop-down menu.
- Click Next to see the nodes selected for scanning.
Use the drop-down menus to filter nodes by operating system, environment, or
node group.
To scan only a subset of nodes, deselect any nodes that you want to
exclude.
By default, assessor
logs are set to WARN level. To troubleshoot an issue, you can set the
logging level to DEBUG for the scan by clicking
Run in debug
mode. The assessor logs can then be retrieved from the
individual node.
On Linux and macOS platforms the assessor log is
located
at:
/opt/puppetlabs/comply/Assessor-CLI/logs/assessor-cli.log
On
Windows the assessor log is
located
at:
C:/ProgramData/PuppetLabs/comply/Assessor-CLI/logs/assessor-cli.log
Note
that scanning in debug mode increases the size of the assessor log
file significantly.
- Click Scan.
You are taken to the Activity feed, which lists
each scan. Scans are run as a task in Puppet Enterprise.
Click the scan name to see the scan report, or click the job ID to be taken
to Puppet Enterprise.
- Optionally, to review the results of your scan, navigate to the
Compliance Dashboard page.
See Scan results for a
description of the scan data.
Related information