IBM Tivoli and Cisco User Manual

Chapter 8. Remediation subsystem implementation

395

This file contains the mapping between the remediation workflows and the
posture collector parameters used in the compliance policies defined on the
Tivoli Security Compliance Manager server.

4. Edit the WorkflowPostureCollectorMapping.properties file and provide the

content that will be relevant to the policies you have defined in the 6.2.4,
“Customization of compliance policies” on page 161.

For our compliance checks we have defined the following workflow names:

– TCRNavScan
– TCRNavVirusDefUpdate
– TCRNavSoftwareInstalled
– TCRMSPatchesInstallWinXP
– TCRMSServicePackInstallWinXpSp2
– TCRZLSoftwareInstalled
– TCRZLSoftwareRunning
– TCRMessengerDisabled

The sample content of this file is presented in Example 8-1.

Example 8-1 WorkflowPostureCollectorMapping.properties contents

# =/

TCRNavScan=nac.win.any.nav.PostureNavV2/SCAN_WF
TCRNavVirusDefUpdate=nac.win.any.nav.PostureNavV2/DEFS_WF
TCRNavSoftwareInstalled=nac.win.any.nav.PostureNavV2/VERSION_WF

TCRMSPatchesInstallWinXP=nac.win.any.hotfix.PostureHotfixV2/HOTFIX_WF

TCRMSServicePackInstallWinXpSp2=nac.win.any.oslevel.PostureOSLevelV2/SERVICE_PACK_WF

TCRZLSoftwareInstalled=nac.win.any.regkey.PostureRegKeyV2/KEY_WF

TCRZLSoftwareRunning=nac.win.any.services.PostureServices/SERVICE_RUNNING_WF

TCRMessengerDisabled=nac.win.any.services.PostureServices/SERVICE_DISABLED_WF

#TCRSolProcessRunning=nac.win.any.process.PostureProcess/PROCESS_RUNNING_WF
#TCRForbiddenFileExists=nac.win.any.file.PostureFile/FILE_EXISTS_WF

# --> Example workflow for Windows 2000 version of compliance policy
# TCRMSPatchesInstall=nac.win.any.hotfix.PostureHotfixV2/HOTFIX_WF
# TCRMSPatchesInstallW2K=nac.win.any.hotfix.PostureHotfixV2/HOTFIX_WF
# TCRMSServicePackInstallWin2kSp4=nac.win.any.oslevel.PostureOSLevelV2/SERVICE_PACK_WF

You must update this file for every collector type or workflow name you
configured in your environment.