Configuring Asset Management › Collection Modules › Device Compliance Scanner (DCS) › Checklists Bundled with This Release › How DCS Works

How DCS Works

DCS is implemented as an Asset Management inventory detection module. You can configure this inventory detection module as part of a hardware inventory collect task. The following process helps you understand how the scanner works and the actions you must take for the working of the scanner:

1. Client Automation automatically creates inventory detection modules for all the checklists placed under ITCM_Installpath\SCAP_Checklists folder.
2. Configure one or more hardware inventory collect tasks to schedule the scan and collect the results from the FDCC inventory detection modules. You can create a new collect task or modify the existing one to schedule the scan.
3. When the collect task runs at the agent computer, the scanner starts the scan based on the checklists available on the agent computer. Each checklist has an SCAP data stream. An SCAP data stream consists of the following files:
   • An eXtensible Configuration Checklist Description Format (XCCDF) file that defines a set of rules
   • One or more Open Vulnerability and Assessment Language (OVAL) files that specify how to check for compliance, using the rules defined in the XCCDF file
   • (Optional) A Common Platform Enumeration (CPE) dictionary file that specifies how to check whether the target computer has the required operating environment or applications. For example, if the checklist is for Windows XP, the CPE dictionary file specifies how to check whether the target computer has Windows XP.
4. The scanner parses the rules in the XCCDF file and invokes an OVAL interpreter to evaluate the OVAL definitions referenced in the SCAP data stream.
5. The interpreter produces OVAL result files that contain the values for each OVAL definition.
6. The scanner then reads the result files and determines the outcome of compliance check for each rule in the checklist and produces the following files:
   • XCCDF compliant test result file in the XML format
   • Asset Management inventory file

   Note: All the result files are stored in a subdirectory under the asset management agent's working directory.

7. The information in the inventory file is stored in the management database (MDB), and the results of the scan are displayed in the DSM Explorer and Web Console. You can create queries and reports based on this inventory information just as you do with any other inventory data.

Collection of Result Files from the Agent Computer

The scanner stores the XCCDF and OVAL result files on the agent computer by default. You can configure the FDCC inventory detection modules to enable the collection of result files from the agent computer to the scalability server. When the engine runs the collect task next time, it collects the result files from the scalability server and stores them on the domain manager. Storing the result files on the domain manager helps you manage them centrally and retrieve the files quickly when required.

Note: The result files are signed with a digital signature to prevent data tampering between the agent and the manager. If the manager is unable to verify the signature, an event is raised and logged in the default event log.

More information:

Modify the Result File Location