This is the documentation for Wazuh 3.1. Check out the docs for the latest version of Wazuh!

wodle name=”cis-cat”

New in version 3.1.0.

XML section name

<wodle name="cis-cat">

Configuration options of the CIS-CAT wodle.


CIS-CAT is not installed by default. It is a proprietary software that you have to obtain for using this module.


Options Allowed values
disabled yes, no
timeout A positive number (seconds)
interval A positive number
scan-on-start yes, no
java_path Any valid path
ciscat_path Any valid path
content N/A


Disables the CIS-CAT wodle.

Default value no
Allowed values yes, no


Timeout for each evaluation.

Default value 1800
Allowed values A positive number (seconds)


Interval between CIS-CAT executions.

Default value 1d
Allowed values A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days).


Run evaluation immediately when service is started.

Default value yes
Allowed values yes, no


Define where Java is located. If this parameter is not set, the wodle will seach for the Java location in the default environment variable $PATH.

Default value /usr/bin
Allowed values Any valid path.


Define where CIS-CAT is located.

Default value /var/ossec/wodles/ciscat
Allowed values Any valid path.


Define an evaluation. At present, you can only run assessments for XCCDF policy files.


type Select content type.

Use the specified policy file.

Default path: ciscat_path/benchmarks


Timeout for the evaluation (in seconds).

Use of this attribute overwrites the generic timeout.

profile Select profile.

Example of configuration

<wodle name="cis-cat">



  <content type="xccdf" path="benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml">