Would love some XSLT files for parsing the XML files nicely (I've been wanting this, but am not an XSLT sorta guy). If the transform included name, CVE, perhaps RMF controls and result, well, that would be a great start.
Had not seen wuzah - looks awesome. I don't need the PCI DSS but rather the RMF low/mod controls, and I use Graylog instead of ELK, but these should be straightforward issues to resolve. (And if resolved, can contribute the patches - I love open source!)
=Fen
On Thu, Feb 1, 2018 at 4:01 PM, Luke Salsich luke.salsich@gmail.com wrote:
... All of this is to say maybe a first step would be to write some XSLT files for MariaDB and Postgre and then see where that goes? someone could use that to then start an API, etc.
I also did want to mention the really great work the people at Wazuh have done in adding Open-Scap data to their OSSEC fork which then outputs data into elasticsearch / Kibana dashboards really nicely. I will continue to use their product gratefully, but as I say - I'm looking for data which I can query without having to master Lucene to get data out of Elasticsearch.
http://wazuh.com https://documentation.wazuh.com/current/user-manual/capabilities/policy- monitoring/openscap/index.html
On Thu, Feb 1, 2018 at 1:20 PM, Fen Labalme fen.labalme@civicactions.com wrote:
... I like https://osquery.io/ (open source at: https://github.com/facebook/osquery)
Also consider InSpec (https://github.com/chef/inspec) - though created by/for Chef, it's entirely self-contained. OpenSCAP integrating with either/both of these would be awesome.
Fen,
This might help if you want to get started with XCCDF XSLT processing https://github.com/simp/NIST-800-18-SSP_Template/tree/master/docs/references...
There are already the splits for outputting the HIGH/MODERATE/LOW 800-53 controls.
It outputs RST but it should be easy enough to swap those parts out to pretty much anything.
Patches/feedback most welcome!
Thanks,
Trevor
On Thu, Feb 1, 2018 at 5:37 PM, Fen Labalme fen.labalme@civicactions.com wrote:
Would love some XSLT files for parsing the XML files nicely (I've been wanting this, but am not an XSLT sorta guy). If the transform included name, CVE, perhaps RMF controls and result, well, that would be a great start.
Had not seen wuzah - looks awesome. I don't need the PCI DSS but rather the RMF low/mod controls, and I use Graylog instead of ELK, but these should be straightforward issues to resolve. (And if resolved, can contribute the patches - I love open source!)
=Fen
On Thu, Feb 1, 2018 at 4:01 PM, Luke Salsich luke.salsich@gmail.com wrote:
... All of this is to say maybe a first step would be to write some XSLT files for MariaDB and Postgre and then see where that goes? someone could use that to then start an API, etc.
I also did want to mention the really great work the people at Wazuh have done in adding Open-Scap data to their OSSEC fork which then outputs data into elasticsearch / Kibana dashboards really nicely. I will continue to use their product gratefully, but as I say - I'm looking for data which I can query without having to master Lucene to get data out of Elasticsearch.
http://wazuh.com https://documentation.wazuh.com/current/user-manual/capabili ties/policy-monitoring/openscap/index.html
On Thu, Feb 1, 2018 at 1:20 PM, Fen Labalme <fen.labalme@civicactions.com
wrote:
... I like https://osquery.io/ (open source at: https://github.com/facebook/osquery)
Also consider InSpec (https://github.com/chef/inspec) - though created by/for Chef, it's entirely self-contained. OpenSCAP integrating with either/both of these would be awesome.
scap-security-guide mailing list -- scap-security-guide@lists. fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@ lists.fedorahosted.org
In case of interest https://github.com/athiasjerome/XORCISM Models are SQL representations of CVE, CWE, CAPEC, OVAL, etc. Plugins/Connectors exchange information with various tools (APIs/formats) to normalize the data in a central way. Making it easy to retrieve and export in your preferred format
Comments welcome
Regards
On Fri 2 Feb 2018 at 04:19, Trevor Vaughan tvaughan@onyxpoint.com wrote:
Fen,
This might help if you want to get started with XCCDF XSLT processing https://github.com/simp/NIST-800-18-SSP_Template/tree/master/docs/references...
There are already the splits for outputting the HIGH/MODERATE/LOW 800-53 controls.
It outputs RST but it should be easy enough to swap those parts out to pretty much anything.
Patches/feedback most welcome!
Thanks,
Trevor
On Thu, Feb 1, 2018 at 5:37 PM, Fen Labalme fen.labalme@civicactions.com wrote:
Would love some XSLT files for parsing the XML files nicely (I've been wanting this, but am not an XSLT sorta guy). If the transform included name, CVE, perhaps RMF controls and result, well, that would be a great start.
Had not seen wuzah - looks awesome. I don't need the PCI DSS but rather the RMF low/mod controls, and I use Graylog instead of ELK, but these should be straightforward issues to resolve. (And if resolved, can contribute the patches - I love open source!)
=Fen
On Thu, Feb 1, 2018 at 4:01 PM, Luke Salsich luke.salsich@gmail.com wrote:
... All of this is to say maybe a first step would be to write some XSLT files for MariaDB and Postgre and then see where that goes? someone could use that to then start an API, etc.
I also did want to mention the really great work the people at Wazuh have done in adding Open-Scap data to their OSSEC fork which then outputs data into elasticsearch / Kibana dashboards really nicely. I will continue to use their product gratefully, but as I say - I'm looking for data which I can query without having to master Lucene to get data out of Elasticsearch.
https://documentation.wazuh.com/current/user-manual/capabilities/policy-moni...
On Thu, Feb 1, 2018 at 1:20 PM, Fen Labalme < fen.labalme@civicactions.com> wrote:
... I like https://osquery.io/ (open source at: https://github.com/facebook/osquery)
Also consider InSpec (https://github.com/chef/inspec) - though created by/for Chef, it's entirely self-contained. OpenSCAP integrating with either/both of these would be awesome.
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788
-- This account not approved for unencrypted proprietary information -- _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
Well, that seems exactly like what we're talking about...
Nice work Jerome!
Trevor
On Fri, Feb 2, 2018 at 2:46 AM, Jerome Athias athiasjerome@gmail.com wrote:
In case of interest https://github.com/athiasjerome/XORCISM Models are SQL representations of CVE, CWE, CAPEC, OVAL, etc. Plugins/Connectors exchange information with various tools (APIs/formats) to normalize the data in a central way. Making it easy to retrieve and export in your preferred format
Comments welcome
Regards
On Fri 2 Feb 2018 at 04:19, Trevor Vaughan tvaughan@onyxpoint.com wrote:
Fen,
This might help if you want to get started with XCCDF XSLT processing https://github.com/simp/NIST-800-18-SSP_Template/ tree/master/docs/references/controls/nist800-53rev4
There are already the splits for outputting the HIGH/MODERATE/LOW 800-53 controls.
It outputs RST but it should be easy enough to swap those parts out to pretty much anything.
Patches/feedback most welcome!
Thanks,
Trevor
On Thu, Feb 1, 2018 at 5:37 PM, Fen Labalme <fen.labalme@civicactions.com
wrote:
Would love some XSLT files for parsing the XML files nicely (I've been wanting this, but am not an XSLT sorta guy). If the transform included name, CVE, perhaps RMF controls and result, well, that would be a great start.
Had not seen wuzah - looks awesome. I don't need the PCI DSS but rather the RMF low/mod controls, and I use Graylog instead of ELK, but these should be straightforward issues to resolve. (And if resolved, can contribute the patches - I love open source!)
=Fen
On Thu, Feb 1, 2018 at 4:01 PM, Luke Salsich luke.salsich@gmail.com wrote:
... All of this is to say maybe a first step would be to write some XSLT files for MariaDB and Postgre and then see where that goes? someone could use that to then start an API, etc.
I also did want to mention the really great work the people at Wazuh have done in adding Open-Scap data to their OSSEC fork which then outputs data into elasticsearch / Kibana dashboards really nicely. I will continue to use their product gratefully, but as I say - I'm looking for data which I can query without having to master Lucene to get data out of Elasticsearch.
http://wazuh.com https://documentation.wazuh.com/current/user-manual/ capabilities/policy-monitoring/openscap/index.html
On Thu, Feb 1, 2018 at 1:20 PM, Fen Labalme < fen.labalme@civicactions.com> wrote:
... I like https://osquery.io/ (open source at: https://github.com/facebook/osquery)
Also consider InSpec (https://github.com/chef/inspec) - though created by/for Chef, it's entirely self-contained. OpenSCAP integrating with either/both of these would be awesome.
scap-security-guide mailing list -- scap-security-guide@lists. fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@ lists.fedorahosted.org
-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 <(410)%20541-6699>
-- This account not approved for unencrypted proprietary information -- _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists. fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@ lists.fedorahosted.org
scap-security-guide mailing list -- scap-security-guide@lists. fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@ lists.fedorahosted.org
Awesome Fen! Can you provide insight into your usage of Graylog instead of ELK or EFK?
On Thu, Feb 1, 2018 at 3:37 PM, Fen Labalme fen.labalme@civicactions.com wrote:
Would love some XSLT files for parsing the XML files nicely (I've been wanting this, but am not an XSLT sorta guy). If the transform included name, CVE, perhaps RMF controls and result, well, that would be a great start.
Had not seen wuzah - looks awesome. I don't need the PCI DSS but rather the RMF low/mod controls, and I use Graylog instead of ELK, but these should be straightforward issues to resolve. (And if resolved, can contribute the patches - I love open source!)
=Fen
On Thu, Feb 1, 2018 at 4:01 PM, Luke Salsich luke.salsich@gmail.com wrote:
... All of this is to say maybe a first step would be to write some XSLT files for MariaDB and Postgre and then see where that goes? someone could use that to then start an API, etc.
I also did want to mention the really great work the people at Wazuh have done in adding Open-Scap data to their OSSEC fork which then outputs data into elasticsearch / Kibana dashboards really nicely. I will continue to use their product gratefully, but as I say - I'm looking for data which I can query without having to master Lucene to get data out of Elasticsearch.
http://wazuh.com https://documentation.wazuh.com/current/user-manual/capabili ties/policy-monitoring/openscap/index.html
On Thu, Feb 1, 2018 at 1:20 PM, Fen Labalme <fen.labalme@civicactions.com
wrote:
... I like https://osquery.io/ (open source at: https://github.com/facebook/osquery)
Also consider InSpec (https://github.com/chef/inspec) - though created by/for Chef, it's entirely self-contained. OpenSCAP integrating with either/both of these would be awesome.
scap-security-guide mailing list -- scap-security-guide@lists. fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@ lists.fedorahosted.org
scap-security-guide@lists.fedorahosted.org