> For the complete documentation index, see [llms.txt](https://docs.rewst.help/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.rewst.help/documentation/crates/existing-crate-documentation/exchange-cis-audit-crate.md). # Exchange CIS Audit Crate {% hint style="info" %} If you’re new to Crates, read through our introductory Crate documentation [here](https://docs.rewst.help/prebuilt-automations/crates). Find the Crate in our Crate Marketplace. {% endhint %} ## What does the Exchange CIS Audit Crate do? This Crate automates the process of validating certain Center for Internet Security (CIS) controls such as audit logs and mailbox configurations, and logs a ticket in your PSA for record-keeping and potential remediation actions. ### How the Crate works * The workflow validates if audit logs are configured correctly per CIS controls. * It confirms if mailbox settings align with specific CIS controls. * A ticket is created in your integrated PSA, detailing the compliance status of each control validated. * The ticket contains a detailed summary of all the controls checked, making it easier for remediation if necessary. ## Crate prerequisites The [Microsoft Cloud Integration Bundle](/documentation/integrations/integration-guides/microsoft-cloud-integration-bundle.md) must be set up before unpacking this Crate. Your [PSA must successfully be integrated](/documentation/integrations/top-5-integration-types-get-started-with-integrations-in-rewst.md#psa-integrations) with Rewst. ## Unpack the Exchange CIS Audit Crate 1. Navigate to **Marketplace > Crates** in the Rewst platform. 2. Search for `Exchange CIS Audit`.\ \ ![](/files/jYCBJaafsAqQdTW83mEy)
3. Click on the Crate tile to begin unpacking. 4. Click **Unpack Crate.** 5. Click **Continue**. 6. Note that you have the option under the **Cron Job** accordion menu to activate the Crate for all future organizations in addition to the current one. You may also set activation to certain [tags](https://docs.rewst.help/documentation/settings/tags-in-rewst), [trigger criteria](https://docs.rewst.help/documentation/automations/intro-to-triggers/trigger-criteria), or for integration overrides. 7. Click **Unpack**. ### Update the cron trigger {% hint style="info" %} To test this Crate, you'll need to adjust the cron trigger's schedule to a few minutes in the future, then adjust it back to your regular schedule after the test. Alternatively, you could wait until the regularly scheduled run occurs and check your result, which would not require you to update the cron trigger schedule. Check in your PSA to ensure that the workflow creates a ticket as expected. {% endhint %} After unpacking, the default schedule for this Crate is once monthly, on the first day of each month. 1. Navigate to **Automations > Workflows**. 2. Search for `[ROC] EXO: CIS Audit`. 3. Click on the workflow to open it in the Workflow Builder. 4. Click on the trigger in the workflow to open its settings in the right side menu. 5. Update the timing of the cron trigger as desired in the fields under **Trigger Parameters**. Note that when entering the time into the **Cron Schedule** field, the correct format is minutes followed by hour. For example, 18 3, not 3 18. 6. Click **Save Trigger**. {% hint style="info" %} Got an idea for a new Crate? Rewst is constantly adding new Crates to our Crate Marketplace. Submit your idea or upvote existing ideas here in our [Canny feedback collector](https://rewst.canny.io/crates). {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rewst.help/documentation/crates/existing-crate-documentation/exchange-cis-audit-crate.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.