CIS policy scanning on insightAgents

Adrian · September 17, 2021, 5:28am

How can we scan for CIS benchmarking when we use insightAgents only and we do not have shared scan credentials?

nowel · September 17, 2021, 8:09am

hmmm AFAIK, CIS based assessment thru the InsightAgent is not currently possible. Though from what I gather before this is in the works already just that no concrete ETA were given.

PS: I also raised that query last year

anon26205435 · September 17, 2021, 10:57am

Yeah performing policy scans are not possible via Agents, the docs make this clear: Scan Engine and Insight Agent Comparison | InsightVM Documentation

Adrian · September 17, 2021, 2:26pm

Thank you for information

sylvain_hamel · September 23, 2021, 4:08pm

As other says, it is not currently possible. They were planning to add that feature by end of 2021 but I think I have seen they are now targeting early 2022.

thomas_freeman · September 23, 2021, 4:10pm

I have been wanting this feature as well. Is there a way to inquire on where it is on the development roadmap?

kreavis · September 23, 2021, 6:34pm

CIS policy assessment using InsightAgents is currently planned for the first half of 2022

parth_khundiwala · September 24, 2021, 1:58am

That’s the limitation InsightAgents have. We can’t perform policy scans using InsightAgents. Only local checks can be performed. You may refer below article :

Scan Engine and Insight Agent Comparison | InsightVM Documentation (rapid7.com)

njennings · October 20, 2021, 8:59pm

Looking forward to policy scans via InsightAgent. We also asked a year ago and we’re told it was coming end of 2021. I guess first half of 2022 isn’t so bad, but this has become more important than ever considering new ways of working with lots more folks at home!

ccastro · March 14, 2022, 4:22pm

I still don’t see it

mark_mark · March 29, 2022, 2:10pm

Is this still outstanding? Is there anywhere to see the roadmap?

Compliance is so critical these days and it’s just not acceptable for a security vendor to say “if you want compliance you need to weaken your security model by opening unnecessary ports to a scanning engine”

This gives a nice backdoor for all the ransomware to walk through across your entire estate.

@tyler_slijboom1 You seem to be the active InsightVM employee, is this something you can push and get us an update please.

efrenz-local_efrenz-local · April 19, 2022, 2:54pm

Is it possible to hear from r7 on this topic?

spardus · September 12, 2022, 2:01pm

I am also looking for an update regarding this feature. Has it been dropped, still in progress or implemented?

faiz_patel · September 13, 2022, 7:44pm

I can confirm that this feature is being worked on and prioritized. General availability is planned before the end of the year.

mark_mark · June 28, 2023, 2:25pm

This might now be here, will check it out