Manually creating assets in STIG Manager

[MarkCaronJr]

Greetings!

I work in a web server environment and have been really wanting to use STIG Manager to manage my assets stig checklists. I'm wondering if it's possible to do what I am trying to do or maybe I am just overlooking something.

Under my collection (I am the owner), I would really love to create an asset for each of my managed web servers and then assign it the appropriate STIGs. Of course, these will show 0% assessed until a STIG CKL for that asset is imported; however, when importing a STIG CKL, STIG manager wants to create a new asset that has hostname-NA-NA (or the site is provided in the CKL). Is there not a way to bypass these particular keys and only tell STIG manager to assign imported ckls based simply on the 'cklHostname' key?

Having the functionality to say "Assign all imported CKLs with this cklHostname key to this specific asset" would be amazingly useful.

Thanks in advance,
Mark C

[cd-rite]

Hi @MarkCaronJr STIG Manager maintains a 1 to 1 relationship between Assets and specific STIGs (ie. Each particular STIG can only be assigned once to an Asset). Since one Host could have several web server (or DB) instances, we break out those instances into their own Asset, as you have noticed. This processing is described here: https://stig-manager.readthedocs.io/en/latest/installation-and-setup/data-and-permissions.html#ckl-processing
This special processing is only invoked on import if the <WEB_OR_DATABASE> value is "true" in the ckl/b.

You could set the <WEB_OR_DATABASE> value to "false" in the .ckl/b, which will prevent that behavior but if you do that, each .ckl/b you import with the same HOST_NAME will overwrite any results that are already there, which I don't think is what you want.

Just to be clear, on export of one of these expanded-name Assets, STIG Manager will recreate the .ckl/b data with the original HOST_NAME (stored in the cklHostname asset metadata), and rebuild the WEB_DB elements as they were on import using the appropriate Asset metadata values.

This behavior is something of a limitation stemming from the .ckl/b format, which insists on a "HOST_NAME" for assets, whereas other standards like XCCDF (which we also support) just specify a "Target" of evaluation which can be a Web Site or DB instance without necessarily being attached to a specific Host.

So, short answer would be "no", longer answer is tentative "yes" but may not result in the behavior you are looking for, since an Asset can only be associated with one set of results per STIG.