During resolution, the oval-command.zip file is generated. This ZIP file contains the input files necessary to run a particular profile. You can view the files on the Script Detail page. See Configure SCAP schedules.
• |
benchmark.zip: contains the benchmark files, that is, the SCAP Stream that was uploaded to the appliance. (The XCCDF file is not actually used by the device.) |
• |
oval-command.zip: contains the input files generated by the XCCDF. |
• |
ovalref.zip: contains the OVAL scanning engine (ovaldi.exe). |
Each run generates a results file. These files are named according to the run. For example, the file from the first run is named scap-profile-10-result-1.xml and the second is named scap-profile-10-result-2.xml. These files are located in the following directory: C:\Documents and Settings\All Users\Quest\KACE\kbots_cache\packages\kbots\<working directory>.
To find the KACE Agent’s working directory, go to Inventory > Devices > Device Detail > Logs.
These results files are then uploaded to the appliance and collated into a single results file (xccdf-results.xml). You can use this file for reporting the results to a government agency such as the US OMB (United States Office of Management and Budget). The appliance and managed device retain only the latest results files.
In the final step of a run, a subset of the results files is extracted and stored in the Organization database for reporting and displayed on the SCAP Scan Results page for each device.
The database tables that contain this information are SCAP_RESULT, SCAP_RESULT_RULE, and SCAP_RESULT_SCORE. See View SCAP scan results.
You can access SCAP Scan information in the Security section.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
▪ |
Catalog: Shows the status of SCAP benchmarks. Additionally from this page, you can import checklists, delete checklists, and export a checklist to CSV format. |
▪ |
Schedules: Displays the name of the benchmarks and when they are scheduled to run. Additionally from this page, you can add and delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format. |
▪ |
Reporting: Shows the general results of SCAP scans. |
Additionally, you can import benchmarks, delete benchmarks, and export benchmarks to CSV format by selecting Choose Action on the SCAP Catalog page.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
Optional: To sort the benchmarks, click a column heading. |
The SCAP Catalog contains general information about the selected benchmark and the time and date that the SCAP data was uploaded to the appliance. See Download benchmarks from the archive.
You can import and modify benchmarks from the National Checklist Repository as needed.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
4. |
5. |
6. |
NOTE: The default engine is MITRE’s OVAL Interpreter (ovaldi.exe). The appliance automatically downloads updates to this engine when Quest certifies and releases new versions of the engine and OVAL definitions. |
7. |
Optional: Click Browse or Choose File to find and upload a custom engine and its configuration files. |
TIP: Use a custom engine if you need local control of the OVAL engine or if you do not want automatic updates to change the engine. The custom engine must be a ZIP file of a folder containing the custom ovaldi.exe and any necessary configuration files required to run the engine. This ZIP file replaces the ovalref.zip dependency file in the SCAP scan script. See View the resolved XCCDF files. |
8. |
A dialog box appears indicating that the benchmark file is being loaded, followed by the Script Detail page. See Editing SCAP scan schedules.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
Select Choose Action and select an action to add or delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format. |
3. |
4. |
During resolution, the oval-command.zip file is generated. This ZIP file contains the input files necessary to run a particular profile. You can view the files on the Script Detail page. See Configure SCAP schedules.
• |
benchmark.zip: contains the benchmark files, that is, the SCAP Stream that was uploaded to the appliance. (The XCCDF file is not actually used by the device.) |
• |
oval-command.zip: contains the input files generated by the XCCDF. |
• |
ovalref.zip: contains the OVAL scanning engine (ovaldi.exe). |
Each run generates a results file. These files are named according to the run. For example, the file from the first run is named scap-profile-10-result-1.xml and the second is named scap-profile-10-result-2.xml. These files are located in the following directory: C:\Documents and Settings\All Users\Quest\KACE\kbots_cache\packages\kbots\<working directory>.
To find the KACE Agent’s working directory, go to Inventory > Devices > Device Detail > Logs.
These results files are then uploaded to the appliance and collated into a single results file (xccdf-results.xml). You can use this file for reporting the results to a government agency such as the US OMB (United States Office of Management and Budget). The appliance and managed device retain only the latest results files.
In the final step of a run, a subset of the results files is extracted and stored in the Organization database for reporting and displayed on the SCAP Scan Results page for each device.
The database tables that contain this information are SCAP_RESULT, SCAP_RESULT_RULE, and SCAP_RESULT_SCORE. See View SCAP scan results.
You can access SCAP Scan information in the Security section.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
▪ |
Catalog: Shows the status of SCAP benchmarks. Additionally from this page, you can import checklists, delete checklists, and export a checklist to CSV format. |
▪ |
Schedules: Displays the name of the benchmarks and when they are scheduled to run. Additionally from this page, you can add and delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format. |
▪ |
Reporting: Shows the general results of SCAP scans. |
Additionally, you can import benchmarks, delete benchmarks, and export benchmarks to CSV format by selecting Choose Action on the SCAP Catalog page.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
Optional: To sort the benchmarks, click a column heading. |
The SCAP Catalog contains general information about the selected benchmark and the time and date that the SCAP data was uploaded to the appliance. See Download benchmarks from the archive.
You can import and modify benchmarks from the National Checklist Repository as needed.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
4. |
5. |
6. |
NOTE: The default engine is MITRE’s OVAL Interpreter (ovaldi.exe). The appliance automatically downloads updates to this engine when Quest certifies and releases new versions of the engine and OVAL definitions. |
7. |
Optional: Click Browse or Choose File to find and upload a custom engine and its configuration files. |
TIP: Use a custom engine if you need local control of the OVAL engine or if you do not want automatic updates to change the engine. The custom engine must be a ZIP file of a folder containing the custom ovaldi.exe and any necessary configuration files required to run the engine. This ZIP file replaces the ovalref.zip dependency file in the SCAP scan script. See View the resolved XCCDF files. |
8. |
A dialog box appears indicating that the benchmark file is being loaded, followed by the Script Detail page. See Editing SCAP scan schedules.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
Select Choose Action and select an action to add or delete benchmarks, enable or disable benchmarks, and export a benchmark to CSV format. |
3. |
4. |
You can view or edit a benchmark schedule on the Script Detail page. This page allows you to manage and customize scripts for configuring, scheduling, and specifying which devices the SCAP scan runs on. The scripts for SCAP are standard KScripts.
NOTE: This section does not provide information about every feature available on the Script Detail page; it only contains information pertinent to using and understanding a SCAP scan.
|
You can access the Script Detail page from the Benchmark wizard, as described in Access SCAP Scan information and from the SCAP Scan Schedules page, as described in View SCAP scan results.
You can view the input files generated by the SCAP scan resolution process.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
2. |
(Optional) To add any supporting executable files necessary to run the script, scroll down to the Dependencies section, then click Add a new dependency, then click Browse or Choose File. |
3. |
Optional: To view the details of these files, click and download the selected ZIP file. |
4. |
You can view the OVAL timestamp (the time the OVAL document was compiled).
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
2. |
3. |
You can view tasks associated with a particular script.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
2. |
The Task sections are displayed on the Script Detail page.
The Scan Results page shows the results of SCAP scans per device. From this page you can access detailed information about each scan.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
Optional: To display the results for a specific benchmark, select the desired benchmark in the View By drop-down list, which appears above the table on the right. |
The XCCDF specification also defines “not selected”, which is excluded from the results. | |
3. |
Compliance scores for each scoring model as defined for the benchmark. | |||||||||
Pass-fail results by CCE. The FDCC requires that compliance is reported by CCE. | |||||||||
|
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
3. |
You can view or edit a benchmark schedule on the Script Detail page. This page allows you to manage and customize scripts for configuring, scheduling, and specifying which devices the SCAP scan runs on. The scripts for SCAP are standard KScripts.
NOTE: This section does not provide information about every feature available on the Script Detail page; it only contains information pertinent to using and understanding a SCAP scan.
|
You can access the Script Detail page from the Benchmark wizard, as described in Access SCAP Scan information and from the SCAP Scan Schedules page, as described in View SCAP scan results.
You can view the input files generated by the SCAP scan resolution process.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
2. |
(Optional) To add any supporting executable files necessary to run the script, scroll down to the Dependencies section, then click Add a new dependency, then click Browse or Choose File. |
3. |
Optional: To view the details of these files, click and download the selected ZIP file. |
4. |
You can view the OVAL timestamp (the time the OVAL document was compiled).
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
2. |
3. |
You can view tasks associated with a particular script.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
2. |
The Task sections are displayed on the Script Detail page.
The Scan Results page shows the results of SCAP scans per device. From this page you can access detailed information about each scan.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
Optional: To display the results for a specific benchmark, select the desired benchmark in the View By drop-down list, which appears above the table on the right. |
The XCCDF specification also defines “not selected”, which is excluded from the results. | |
3. |
Compliance scores for each scoring model as defined for the benchmark. | |||||||||
Pass-fail results by CCE. The FDCC requires that compliance is reported by CCE. | |||||||||
|
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
3. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center