You can create ESM checks using the Check Builder wizard.
The Check Builder wizard provides you with the following options to create checks:
The Quick Check Builder option |
Lets you create a check without a precondition. |
The Advanced Check Builder option. |
Lets you add a precondition to the new check. |
The check execution process in ESM includes the following:
Every check in a CCS 9.0 ESM standard maps to a module in an ESM policy.
The CCS evaluation engine checks if the ESM agent reports the security messages that the corresponding CCS ESM check generates.
If the ESM agents reports security messages, then the CCS check is reported as "Fail."
In case of a failed check, the evidence report includes the following:
If the ESM agent does not report any security message, then the CCS evaluation engine checks if the agent reports any error message.
If the ESM agents reports error messages, then the CCS check is reported as "Unknown" and the evidence report includes the ESM error messages.
If the ESM agent does not report any security message or any error message, then the CCS check is reported as "Pass."
More Information
Creating a CCS ESM check by using the Quick Check Builder option
Creating a CCS ESM check by using the Advanced Check Builder option