CIS Benchmark
Built-in compliance assessment that evaluates endpoint configurations against Center for Internet Security (CIS) benchmarks using telemetry collected by the Furl agent.
Description
Section titled “Description”The CIS Benchmark integration uses osquery data already gathered by the Furl agent — no separate connection or scanner is needed. It checks each endpoint’s configuration against CIS Level 1 and Level 2 benchmark controls and produces compliance findings that flow into the context graph alongside vulnerability data.
This integration requires the Furl agent to be installed on the endpoints you want to evaluate. There is no API connection or credentials to configure.
Supported Capabilities
Section titled “Supported Capabilities”Datasources
Section titled “Datasources”- CIS macOS Benchmark → Evaluates macOS endpoints against the CIS Apple macOS benchmark (Level 1 and Level 2).
- CIS Linux Benchmark → Evaluates Linux endpoints against the CIS Distribution Independent Linux benchmark (Level 1 and Level 2).
- CIS Windows Benchmark → Evaluates Windows endpoints against the CIS Microsoft Windows benchmark (Level 1 and Level 2).
Each datasource produces compliance_findings outputs in the context graph.
Actions
Section titled “Actions”Currently no actions are supported for this integration.
Troubleshooting
Section titled “Troubleshooting”- Make sure the Furl agent is installed and running on the endpoints you want to assess. Without agent telemetry, no benchmark checks can be evaluated.
- If specific checks are missing for an endpoint, verify the agent is collecting the osquery datasets the benchmark requires (e.g.,
osquery/disk_encryptionfor macOS,osquery/iptablesfor Linux,osquery/registry_securityfor Windows). - Compliance findings are produced per-endpoint per-control, so a single endpoint can have many findings on first sync.