Slang Profiles & Parameters

Add Profiles

Profiles can be used to determine which rules will be applied during a scan.

  1. Open the QuickStart project in VS Code (File, Open Folder)
  2. Create a new file in the QuickStart folder (right-click below project.slang, New File) called profile.general_use.slang with the following content:
    Profile:
      title: General Use
      description: This profile selects rules applicable to general use systems
      select_all_rules_except: 
        - local_admin_disabled.slang
    
  3. Create a second profile called profile.high_security.slang with the following content:
    Profile:
      title: High Security
      description: This profile selects rules applicable to high security systems.
      select_rules: all
    
    
  4. Save both profiles!
    Tip: profiles must be located in project folder alongside the project.slang file. The file name must start with profile. and end with .slang.
  5. From the Terminal, run slang export QuickStart quickstart.xml to export your Slang project including the two profiles you’ve added!
  6. If you have access to a Windows 10 device to scan against and have completed the Testing QuickStart, run slang export QuickStart quickstart.xml --scan_config QuickTest --profile profile.general_use.slang to export and test your project using the General Use profile.
    • When you review the results, you’ll see that the local_admin_disabled rule is marked “NOT SELECTED”

Add a Slang Parameter

Slang Parameters enable rules to be customized in a Profile.

  1. Open password_policies.slang and update the content to match:
    Rule:
      title: Password Policies
      description: Password policies for QuickStart.
      checks:
        - ALL:
          - windows.account.lockout_policy:
              threshold: 5
              duration: 5 minutes
              observation_window: 1 hour
          - windows.account.password_policy:
              allow_reversible_encryption: true
              maximum_password_age: 30 days
              minimum_passwords_remembered: 100
              require_password_complexity: true
              minimum_password_length: 0
    
      parameters:
        min_password_param:
          title: Minimum required password length
          value: 8
    

    Note: we’ve added minimum_password_length: 0. And, we’ve added a parameters section with a Slang Parameter min_password_param that has a default value of 8.

  2. Change the minimum_password_length value from 0 to ${min_password_param} and save!
    Now, the rule will use our parameter instead of the hard-coded 0 value!

Update Profiles to Use Our Parameter

In addition to selecting rules, profiles can update parameter values.

  1. Update profile.general_use.slang to match:
    Profile:
      title: General Use
      description: This profile selects rules applicable to general use systems
      select_all_rules_except: 
        - local_admin_disabled.slang
      set_values:
        - min_password_param: 12
    
  2. Update profile.high_security.slang to match:
    Profile:
      title: High Security
      description: This profile selects rules applicable to high security systems.
      select_rules: all
      set_values:
        - min_password_param: 24
    

    Now, when the General Use profile is selected, a minimum password length of 12 will be required. And, selecting the High Security profile will require a password length of 24!

Questions? Feedback?

Please contact your account executive or reach out here!