The Atlas STIG Compliance solution is a set of tools that are designed to help you collect, analyze, and interact with your compliance data all within the Splunk interface. With Atlas STIG Compliance you can achieve near real-time visibility into the status of your compliance documentation and then manage that data as Splunk continues to collect the data.
You can collect and view many sources of STIG Compliance data from within Splunk, including STIG checklists, SCAP (Security Content Automation Protocols) scan outputs, and user generated data that can be created within the app itself. Once the data is compiled within the system, users are provided with a suite of tools to help manage the data directly in Splunk as it updates in real time.
Atlas STIG Compliance provides users the ability to define their targets (i.e. servers, network devices, etc.) into systems. Systems are a collection of targets that represent your environment. You can then assign, update, and edit STIG checklists within the app and then export it into a variety of formats. Data can be exported directly from Splunk that can later be opened in the DISA (Defense Information Systems Agency) STIG Viewer.
STIG Compliance Capabilities
Collect STIG compliance data into Splunk from multiple sources to get a real-time view of your STIG compliance posture
Manage compliance documentation within the Splunk UI and export it out in DISA STIG Viewer format
Bulk update STIG checklists within the Splunk UI to reduce manual editing of STIG checklists
Create systems that allow you to view the status of your infrastructure directly in an easy to create and view dashboard
Continually collect STIG Compliance data from multiple sources to prepare for an audit or for continuous compliance monitoring
Remediate and enforce STIG vulnerabilities using the Atlas STIG Puppet content and view the results in Splunk
How it works
The Atlas STIG Compliance Splunk app relies on two primary components to function properly:
1. The STIG Compliance Splunk App
The Splunk app itself is an Element in the Atlas platform that contains all the necessary tools to correlate, visualize, and edit compliance related artifacts. At a minimum, you must install Atlas Core with valid license key for STIG Compliance to work properly. The Splunk App is dependent on the delivery of data from external sources or by manual entry from users to populate the Splunk App.
2. The Atlas STIG Technology Add-On (TA)
Ingestion of existing STIG Checklists are performed using the Atlas STIG TA. This TA will process all desired checklist files from a given location, and automatically format the data for ingestion into Splunk for use in the Atlas STIG Compliance app.
It is required that users install both the Atlas STIG Compliance app and the associated Atlas STIG TA on the Splunk search head, which will be used to analyze compliance data. Read more about this in the Using STIG Compliance section of the documentation
Atlas STIG Compliance also contains integrations with other tools that are commonly used when dealing with system compliance hardening.
Atlas STIG Compliance provides features that can incorporate results from SCAP. Results from SCAP compliance scans are incorporated in a similar manner to the STIG checklist files and requires a separate Atlas SCAP TA that will help to onboard the data into Splunk. This can be used to help enable an automation workflow where SCAP results are sent to Splunk as soon they are available. SCAP scans can be configured to run on a regular schedule so that real-time visibility of vulnerabilities that have SCAP content can be monitored in Splunk across all of your systems.
The STIG Compliance Splunk App comes pre-populated with all of the latest unclassified STIGs that are provided by DISA. Each time the App is released we capture the STIG checklists from DISA and load them into the STIG Compliance App. They can be referenced from the STIG Library section of the app. You can use STIG Library view a summary of a STIG checklists or create an instance of a STIG for a target and assign it to a system. This way you don't have to ingest an external STIG checklist, you can create and modify them directly in the Splunk UI.
Automated STIG Remediation
Another part of the STIG Compliance solution includes Puppet modules that can automate the remediation of STIGs. Puppet users have the ability to enforce automatic remediation and checklist generation through the use of supported Puppet modules that come with Atlas. These modules utilize either Puppet Enterprise or Puppet open-source and include an integration that allows them to send the compliance results to Splunk for reporting.