wodle name=”cis-cat”

New in version 3.1.0.

XML section name

<wodle name="cis-cat">

Configuration options of the CIS-CAT wodle.


CIS-CAT is not installed by default. It is a proprietary software that you have to obtain for using this module.


Options Allowed values
disabled yes, no
timeout A positive number (seconds)
interval A positive number
scan-on-start yes, no
java_path Any valid path
ciscat_path Any valid path
content N/A


Disables the CIS-CAT wodle.

Default value no
Allowed values yes, no


Timeout for each evaluation.

Default value 1800
Allowed values A positive number (seconds)


Interval between CIS-CAT executions.

Default value 1d
Allowed values A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days).


Run evaluation immediately when service is started.

Default value yes
Allowed values yes, no


Define where Java is located. If this parameter is not set, the wodle will search for the Java location in the default environment variable $PATH.

Default value wodles/java
Allowed values Any valid path.


For this field, it can be set a full path or a relative path. Whether you specify a relative path, it concatenates to the Wazuh installation path. ciscat_path has the same behavior.


Define where CIS-CAT is located.

Default value wodles/ciscat
Allowed values Any valid path.


Define an evaluation. At present, you can only run assessments for XCCDF policy files.


type Select content type.
path Use the specified policy file.

Timeout for the evaluation (in seconds).

Use of this attribute overwrites the generic timeout.

profile Select profile.


The path attribute can be filled in with the whole path where the benchmark files are located, or with a relative path to the CIS-CAT tool location.

Example of configuration

<wodle name="cis-cat">



  <content type="xccdf" path="benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml">