[Open-scap] oscap results stored in central database?

Fri Feb 2 01:18:34 UTC 2018

Fen,

This might help if you want to get started with XCCDF XSLT processing
https://github.com/simp/NIST-800-18-SSP_Template/tree/master/docs/references/controls/nist800-53rev4

There are already the splits for outputting the HIGH/MODERATE/LOW 800-53
controls.

It outputs RST but it should be easy enough to swap those parts out to
pretty much anything.

Patches/feedback most welcome!

Thanks,

Trevor

On Thu, Feb 1, 2018 at 5:37 PM, Fen Labalme <fen.labalme at civicactions.com>
wrote:

> Would love some XSLT files for parsing the XML files nicely (I've been
> wanting this, but am not an XSLT sorta guy). If the transform included
> name, CVE, perhaps RMF controls and result, well, that would be a great
> start.
>
> Had not seen wuzah - looks awesome. I don't need the PCI DSS but rather
> the RMF low/mod controls, and I use Graylog instead of ELK, but these
> should be straightforward issues to resolve. (And if resolved, can
> contribute the patches - I love open source!)
>
> =Fen
>
>
> On Thu, Feb 1, 2018 at 4:01 PM, Luke Salsich <luke.salsich at gmail.com>
> wrote:
>
>> ...
>> All of this is to say maybe a first step would be to write some XSLT
>> files for MariaDB and Postgre and then see where that goes? someone could
>> use that to then start an API, etc.
>>
>> I also did want to mention the really great work the people at Wazuh have
>> done in adding Open-Scap data to their OSSEC fork which then outputs data
>> into elasticsearch / Kibana dashboards really nicely. I will continue to
>> use their product gratefully, but as I say - I'm looking for data which I
>> can query without having to master Lucene to get data out of Elasticsearch.
>>
>> http://wazuh.com
>> https://documentation.wazuh.com/current/user-manual/capabili
>> ties/policy-monitoring/openscap/index.html
>>
>>
>> On Thu, Feb 1, 2018 at 1:20 PM, Fen Labalme <fen.labalme at civicactions.com
>> > wrote:
>>
>>> ...
>>> I like https://osquery.io/ (open source at:
>>> https://github.com/facebook/osquery)
>>>
>>> Also consider InSpec (https://github.com/chef/inspec) - though created
>>> by/for Chef, it's entirely self-contained. OpenSCAP integrating with
>>> either/both of these would be awesome.
>>>
>>
> _______________________________________________
> scap-security-guide mailing list -- scap-security-guide at lists.
> fedorahosted.org
> To unsubscribe send an email to scap-security-guide-leave@
> lists.fedorahosted.org
>
>

-- 
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788

-- This account not approved for unencrypted proprietary information --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180201/aff3d528/attachment.htm>