[Open-scap] oscap results stored in central database?
Trevor Vaughan
tvaughan at onyxpoint.com
Thu Feb 1 17:33:37 UTC 2018
I guess I was thinking of this being the modernized version of the CMDB
effort that keeps trying to live because, frankly, it literally is CM
information.
This was the first FOSS-core thing that popped up in my search and seems
reasonable at first glance.
I'd love to be part of this, I'd also love to not reinvent the wheel
(again). That said, as an extendable platform, maybe iTop is horrible,
there needs to be a global conversation about it (and FIPS, SSP, etc...)
https://www.combodo.com/itop-193
Trevor
On Thu, Feb 1, 2018 at 11:41 AM, Shawn Wells <shawn at redhat.com> wrote:
>
>
> On 2/1/18 1:21 PM, Luke Salsich wrote:
>
> Thanks for the comments guys. It helps me understand where things are and
> where they might be going.
>
> For me, I would write a (initial) user story much along the lines of:
>
> "I would like to be able to parse oscap results into a MySQL database so
> that I can compare specific aspects of these results to others from the
> same server or from other servers."
>
> I word it like this because I (personally) am not looking for a larger
> application framework (user interface, authentication, etc) that has to
> come along with the central database. I also like the idea of not being
> tied to one database engine and/or using a standardized API, but an API
> sounds like a few stories down the road.
>
> Anyway, I'm grateful for the thoughts. I was initially just checking to
> make sure that before I start working on converting the XML to SQL
> (probably with xslt and Python) that someone else hasn't already done that.
> I hate it when I build something only to find out later that someone in the
> community has already built it (and probably way better).
>
>
> Imagine something like https://osquery.io/, except with enriched
> compliance data.
>
>
>
> _______________________________________________
> scap-security-guide mailing list -- scap-security-guide at lists.
> fedorahosted.org
> To unsubscribe send an email to scap-security-guide-leave@
> lists.fedorahosted.org
>
>
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180201/3a93aaf3/attachment.htm>
More information about the Open-scap-list
mailing list