I have recently gone through a lot of testing under Red Hat, CentOS and Linux platforms for PCI-DSS and STIG compliance, assessment, and remediation using the oscap engine. Do we have anyone that would be interested in seeing this documented with simple custom packages that could kick off the oscap validation and remediation efforts through Heat EMSS? Primarily this would be aimed at finance/retail for PCI-DSS and STIG being Federal Government and any system interacting with DOD. Not only does this replace our recently removed SCM product from EMSS but it is a important security standard for the US to help automate the testing and hardening of machines. This can also potentially be done under Windows although I have not done this testing.
We can generate really cool reports like these images show. Based around the assessment, and I would see a syslog, splunk or event collection picking up these files for storage. Also machine readable xml files are generated which would be more useful for automation systems. Once the analysis has been completed you can remediate the machine against all the findings. Dangerous to do without understanding the changes, but very cool especially for new builds before getting applications installed and configured.