Add Profiles and Parameters
Updated Aug 30, 2023Add profiles and parameters
After you create a Slang project or import an existing project, you can add profiles and parameters to give users options when scanning content.
Before you begin
Steps
Step 1: Create a profile
Profiles determine which rules apply to a project scan. Profiles must be located in the project folder alongside the project.slang
file. The file name must start with profile.
and end with .slang
.
-
In Visual Studio Code (VS Code), select File > Open Folder and navigate to the project folder.
-
Right-click project.slang and select New File to create a file.
-
Name the file
profile.<profile_name>.slang
and save it to the project folder. -
In the profile file, add this content:
Profile: title: <profile_name> description: <profile_description>
-
To set which rules apply to the profile, add addional lines for options such as
select_all_rules_except
orselect rules
and any applicable values.For example:
select_all_rules_except: - local_admin_disabled.slang
-
Save the profile file.
-
Run this command to export your Slang project including the added profiles:
slang export <project_name> <project_name>.xml
Note: For Windows 10 devices, run
slang export <project_name> <project_name>.xml --scan_config <config_name> --profile profile.general_use.slang
to export and test your project. The results must have the local_admin_disabled rule marked NOT SELECTED.
Step 2: Update a profile to use a parameter
In addition to selecting rules, profiles can update parameter values.
-
In the profile file, add a
set_values
option and applicable values.For example:
Profile: title: General Use description: This profile selects rules applicable to general use systems select_all_rules_except: - local_admin_disabled.slang set_values: - min_password_param: 12
The General Use profile now requires a password of 12 characters in length.
-
Save the profile file.
Step 3: Add Slang parameters to a rule
With Slang parameters, you can customize rules for a profile.
-
Open the rule file.
-
Add a
parameters
option and applicable values.For example:
parameters: min_password_param: title: Minimum required password length value: 8
Complete example:
Rule: title: Password Policies description: Password policies for <project_name>. checks: - ALL: - windows.account.lockout_policy: threshold: 5 duration: 5 minutes observation_window: 1 hour - windows.account.password_policy: allow_reversible_encryption: true maximum_password_age: 30 days minimum_passwords_remembered: 100 require_password_complexity: true minimum_password_length: 0 parameters: min_password_param: title: Minimum required password length value: 8
-
Save the rule file.