SCAP 1.0 and 1.1 only. A checklist consists of a ZIP file that contains several XML files called a SCAP Stream. The primary file in the Stream is the XCCDF file. The XCCDF file is a structured collection of security configuration rules for a set of target devices. Essentially, it is a list of OVAL tests that should be run. The other XML files contain the OVAL tests specified in the XCCDF file. For detailed information on the XCCDF Specification, go to http://scap.nist.gov/specifications/xccdf/.
SCAP 1.2 and later only. These versions use a single file containing all required streams.
During resolution, the oval-command.zip file is generated. This ZIP file contains the input files necessary to run a particular profile. You can view the files on the Script Detail page. See Configure SCAP schedules.
• |
benchmark.zip: contains the benchmark files, that is, the SCAP Stream that was uploaded to the appliance. (The XCCDF file is not actually used by the device.) |
• |
oval-command.zip: contains the input files generated by the XCCDF. |
• |
ovalref.zip: contains the OVAL scanning engine (ovaldi.exe). |
Each run generates a results file. These files are named according to the run. For example, the file from the first run is named scap-profile-10-result-1.xml and the second is named scap-profile-10-result-2.xml. These files are located in the following directory: C:\Documents and Settings\All Users\Quest\KACE\kbots_cache\packages\kbots\<working directory>.
To find the KACE Agent’s working directory, go to Inventory > Devices > Device Detail > Logs.
These results files are then uploaded to the appliance and collated into a single results file (xccdf-results.xml). You can use this file for reporting the results to a government agency such as the US OMB (United States Office of Management and Budget). The appliance and managed device retain only the latest results files.
In the final step of a run, a subset of the results files is extracted and stored in the Organization database for reporting and displayed on the SCAP Scan Results page for each device.
The database tables that contain this information are SCAP_RESULT, SCAP_RESULT_RULE, and SCAP_RESULT_SCORE. See View SCAP scan results.
You can access SCAP Scan information in the Security section.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
▪ |
Catalog: Shows the status of SCAP benchmarks. Additionally from this page, you can import checklists, delete checklists, and export a checklist to CSV format. |
▪ |
Schedules: Displays the name of the benchmarks and when they are scheduled to run. Additionally from this page, you can add and delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format. |
▪ |
Reporting: Shows the general results of SCAP scans. |
Additionally, you can import benchmarks, delete benchmarks, and export benchmarks to CSV format by selecting Choose Action on the SCAP Catalog page.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
Optional: To sort the benchmarks, click a column heading. |
The SCAP Catalog contains general information about the selected benchmark and the time and date that the SCAP data was uploaded to the appliance. See Download benchmarks from the archive.
You can import and modify benchmarks from the National Checklist Repository as needed.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
4. |
5. |
6. |
NOTE: The default engine is MITRE’s OVAL Interpreter (ovaldi.exe). The appliance automatically downloads updates to this engine when Quest certifies and releases new versions of the engine and OVAL definitions. |
7. |
Optional: Click Browse or Choose File to find and upload a custom engine and its configuration files. |
TIP: Use a custom engine if you need local control of the OVAL engine or if you do not want automatic updates to change the engine. The custom engine must be a ZIP file of a folder containing the custom ovaldi.exe and any necessary configuration files required to run the engine. This ZIP file replaces the ovalref.zip dependency file in the SCAP scan script. See View the resolved XCCDF files. |
8. |
A dialog box appears indicating that the benchmark file is being loaded, followed by the Script Detail page. See Editing SCAP scan schedules.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
Select Choose Action and select an action to add or delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format. |
3. |
4. |
During resolution, the oval-command.zip file is generated. This ZIP file contains the input files necessary to run a particular profile. You can view the files on the Script Detail page. See Configure SCAP schedules.
• |
benchmark.zip: contains the benchmark files, that is, the SCAP Stream that was uploaded to the appliance. (The XCCDF file is not actually used by the device.) |
• |
oval-command.zip: contains the input files generated by the XCCDF. |
• |
ovalref.zip: contains the OVAL scanning engine (ovaldi.exe). |
Each run generates a results file. These files are named according to the run. For example, the file from the first run is named scap-profile-10-result-1.xml and the second is named scap-profile-10-result-2.xml. These files are located in the following directory: C:\Documents and Settings\All Users\Quest\KACE\kbots_cache\packages\kbots\<working directory>.
To find the KACE Agent’s working directory, go to Inventory > Devices > Device Detail > Logs.
These results files are then uploaded to the appliance and collated into a single results file (xccdf-results.xml). You can use this file for reporting the results to a government agency such as the US OMB (United States Office of Management and Budget). The appliance and managed device retain only the latest results files.
In the final step of a run, a subset of the results files is extracted and stored in the Organization database for reporting and displayed on the SCAP Scan Results page for each device.
The database tables that contain this information are SCAP_RESULT, SCAP_RESULT_RULE, and SCAP_RESULT_SCORE. See View SCAP scan results.
You can access SCAP Scan information in the Security section.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
▪ |
Catalog: Shows the status of SCAP benchmarks. Additionally from this page, you can import checklists, delete checklists, and export a checklist to CSV format. |
▪ |
Schedules: Displays the name of the benchmarks and when they are scheduled to run. Additionally from this page, you can add and delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format. |
▪ |
Reporting: Shows the general results of SCAP scans. |
Additionally, you can import benchmarks, delete benchmarks, and export benchmarks to CSV format by selecting Choose Action on the SCAP Catalog page.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
Optional: To sort the benchmarks, click a column heading. |
The SCAP Catalog contains general information about the selected benchmark and the time and date that the SCAP data was uploaded to the appliance. See Download benchmarks from the archive.
You can import and modify benchmarks from the National Checklist Repository as needed.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
4. |
5. |
6. |
NOTE: The default engine is MITRE’s OVAL Interpreter (ovaldi.exe). The appliance automatically downloads updates to this engine when Quest certifies and releases new versions of the engine and OVAL definitions. |
7. |
Optional: Click Browse or Choose File to find and upload a custom engine and its configuration files. |
TIP: Use a custom engine if you need local control of the OVAL engine or if you do not want automatic updates to change the engine. The custom engine must be a ZIP file of a folder containing the custom ovaldi.exe and any necessary configuration files required to run the engine. This ZIP file replaces the ovalref.zip dependency file in the SCAP scan script. See View the resolved XCCDF files. |
8. |
A dialog box appears indicating that the benchmark file is being loaded, followed by the Script Detail page. See Editing SCAP scan schedules.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
Select Choose Action and select an action to add or delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format. |
3. |
4. |
During resolution, the oval-command.zip file is generated. This ZIP file contains the input files necessary to run a particular profile. You can view the files on the Script Detail page. See Configure SCAP schedules.
• |
benchmark.zip: contains the benchmark files, that is, the SCAP Stream that was uploaded to the appliance. (The XCCDF file is not actually used by the device.) |
• |
oval-command.zip: contains the input files generated by the XCCDF. |
• |
ovalref.zip: contains the OVAL scanning engine (ovaldi.exe). |
Each run generates a results file. These files are named according to the run. For example, the file from the first run is named scap-profile-10-result-1.xml and the second is named scap-profile-10-result-2.xml. These files are located in the following directory: C:\Documents and Settings\All Users\Quest\KACE\kbots_cache\packages\kbots\<working directory>.
To find the KACE Agent’s working directory, go to Inventory > Devices > Device Detail > Logs.
These results files are then uploaded to the appliance and collated into a single results file (xccdf-results.xml). You can use this file for reporting the results to a government agency such as the US OMB (United States Office of Management and Budget). The appliance and managed device retain only the latest results files.
In the final step of a run, a subset of the results files is extracted and stored in the Organization database for reporting and displayed on the SCAP Scan Results page for each device.
The database tables that contain this information are SCAP_RESULT, SCAP_RESULT_RULE, and SCAP_RESULT_SCORE. See View SCAP scan results.
You can access SCAP Scan information in the Security section.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
▪ |
Catalog: Shows the status of SCAP benchmarks. Additionally from this page, you can import checklists, delete checklists, and export a checklist to CSV format. |
▪ |
Schedules: Displays the name of the benchmarks and when they are scheduled to run. Additionally from this page, you can add and delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format. |
▪ |
Reporting: Shows the general results of SCAP scans. |
Additionally, you can import benchmarks, delete benchmarks, and export benchmarks to CSV format by selecting Choose Action on the SCAP Catalog page.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
Optional: To sort the benchmarks, click a column heading. |
The SCAP Catalog contains general information about the selected benchmark and the time and date that the SCAP data was uploaded to the appliance. See Download benchmarks from the archive.
You can import and modify benchmarks from the National Checklist Repository as needed.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
4. |
5. |
6. |
NOTE: The default engine is MITRE’s OVAL Interpreter (ovaldi.exe). The appliance automatically downloads updates to this engine when Quest certifies and releases new versions of the engine and OVAL definitions. |
7. |
Optional: Click Browse or Choose File to find and upload a custom engine and its configuration files. |
TIP: Use a custom engine if you need local control of the OVAL engine or if you do not want automatic updates to change the engine. The custom engine must be a ZIP file of a folder containing the custom ovaldi.exe and any necessary configuration files required to run the engine. This ZIP file replaces the ovalref.zip dependency file in the SCAP scan script. See View the resolved XCCDF files. |
8. |
A dialog box appears indicating that the benchmark file is being loaded, followed by the Script Detail page. See Editing SCAP scan schedules.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
Select Choose Action and select an action to add or delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format. |
3. |
4. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center