This is a proof-of-concept that translates successful Actions recorded in a MAEC Package or Bundle XML document into their respective OVAL checks for assessing whether the artifacts that these Objects operated on are present on a system.
As before, it is Windows-centric and only handles Files and Registry Keys that were reported as created or modified in the Action. Besides updating to support MAEC v4.0.1 and CybOX v2.0.1, we’ve also fixed a few bugs and added support for dereferencing Associated
Objects in Actions that may be specified by reference.
We welcome your feedback and thoughts with regards to this and other MAEC tools.