[Xccdf-dev] Understanding Profiles and Values in XCCDF

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Xccdf-dev] Understanding Profiles and Values in XCCDF

Snell, James (NE)

To whom it may concern,

 

I am trying to write my own SCAP content using eSCAPe 1.2.2. When I am editing the XCCDF.xml files, I see containers for profiles, groups, and values. I am having a hard time understanding the purpose and use of profiles and values.  For example: when I open “U_Windows_7_V1R26_STIG_SCAP_1-1_Benchmark-xccdf.xml” from iase.disa.mil, there are 11 profiles. Eg: MAC-1_Classified. It makes sense to me that these profiles are used to categorize the severity of findings. However, each Profile contains references to every Group. Furthermore, concerning Values, when looking at the raw text file, or the source in eSCAPe, or even the other configuration tabs (General, References, Attributes, Values, Restrictions), I cannot understand how the values are used. It appears that the each value contains values to be checked for and identified for each group. I can’t find where Values are directly associated with groups, profiles, rules, or href docs in OVAL.xml files.

 

I hope I’m able to coherently express my confusion. Can someone please provide guidance?

 

J. McLain Snell

Systems Security Engineer

GENERAL DYNAMICS - Mission Systems

100 Plastics Ave

Pittsfield, MA 01201

 


_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xccdf-dev] Understanding Profiles and Values in XCCDF

Melvin Steward
James 

First there are limitations in the eSCAP tool which you have unfortunately encountered in your use case.

This is a discussion we best have off the thread 



On Wednesday, January 13, 2016, Snell, James (NE) <[hidden email]> wrote:

To whom it may concern,

 

I am trying to write my own SCAP content using eSCAPe 1.2.2. When I am editing the XCCDF.xml files, I see containers for profiles, groups, and values. I am having a hard time understanding the purpose and use of profiles and values.  For example: when I open “U_Windows_7_V1R26_STIG_SCAP_1-1_Benchmark-xccdf.xml” from iase.disa.mil, there are 11 profiles. Eg: MAC-1_Classified. It makes sense to me that these profiles are used to categorize the severity of findings. However, each Profile contains references to every Group. Furthermore, concerning Values, when looking at the raw text file, or the source in eSCAPe, or even the other configuration tabs (General, References, Attributes, Values, Restrictions), I cannot understand how the values are used. It appears that the each value contains values to be checked for and identified for each group. I can’t find where Values are directly associated with groups, profiles, rules, or href docs in OVAL.xml files.

 

I hope I’m able to coherently express my confusion. Can someone please provide guidance?

 

J. McLain Snell

Systems Security Engineer

GENERAL DYNAMICS - Mission Systems

100 Plastics Ave

Pittsfield, MA 01201

 



--
Sent from my BlackBerry® smartphone with SprintSpeed
++++++CONFIDENTIALITY NOTICE++++++
The information in this email may be confidential and/or privileged. This email is intended to be reviewed only by the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination, storage, or copying of this email and its attachments, if any, or the information contained herein is prohibited.  If you have received this email in error, please immediately notify the sender by return email and delete this email from your system- Thank you.

 

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xccdf-dev] Understanding Profiles and Values in XCCDF

Nicholson, Tony L

Can you include me in this topic I have an interest in the outcome since we are using the same product?

 

Tony L. Nicholson

Richardson, Tx

Desk (972)246-0809

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Melvin Steward
Sent: Monday, January 18, 2016 8:56 AM
To: [hidden email]
Subject: Re: [Xccdf-dev] Understanding Profiles and Values in XCCDF

 

James 

 

First there are limitations in the eSCAP tool which you have unfortunately encountered in your use case.

 

This is a discussion we best have off the thread 

 



On Wednesday, January 13, 2016, Snell, James (NE) <[hidden email]> wrote:

To whom it may concern,

 

I am trying to write my own SCAP content using eSCAPe 1.2.2. When I am editing the XCCDF.xml files, I see containers for profiles, groups, and values. I am having a hard time understanding the purpose and use of profiles and values.  For example: when I open “U_Windows_7_V1R26_STIG_SCAP_1-1_Benchmark-xccdf.xml” from iase.disa.mil, there are 11 profiles. Eg: MAC-1_Classified. It makes sense to me that these profiles are used to categorize the severity of findings. However, each Profile contains references to every Group. Furthermore, concerning Values, when looking at the raw text file, or the source in eSCAPe, or even the other configuration tabs (General, References, Attributes, Values, Restrictions), I cannot understand how the values are used. It appears that the each value contains values to be checked for and identified for each group. I can’t find where Values are directly associated with groups, profiles, rules, or href docs in OVAL.xml files.

 

I hope I’m able to coherently express my confusion. Can someone please provide guidance?

 

J. McLain Snell

Systems Security Engineer

GENERAL DYNAMICS - Mission Systems

100 Plastics Ave

Pittsfield, MA 01201

 



--
Sent from my BlackBerry® smartphone with SprintSpeed
++++++CONFIDENTIALITY NOTICE++++++
The information in this email may be confidential and/or privileged. This email is intended to be reviewed only by the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination, storage, or copying of this email and its attachments, if any, or the information contained herein is prohibited.  If you have received this email in error, please immediately notify the sender by return email and delete this email from your system- Thank you.

 


_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xccdf-dev] Understanding Profiles and Values in XCCDF

ries
In reply to this post by Snell, James (NE)
Hi James,

I don’t know anything about the eSCAP editor, but I can tell you a bit about XCCDF Profiles.

XCCDF Profiles are most typically used to select a subset of the Rules contained in the Benchmark for processing. The Profiles you’re looking at contain <select> elements that reference a group (via the idref attribute) and either include or exclude it from the scan (via the selected attribute). 

For example, this would include all Rules in the Group whose id is “V-1154”:
<select idref="V-1154" selected="true”/>
And, this would exclude those same rules from the scan:
<select idref="V-1154" selected=“false”/>

Profiles are also commonly used to specify Values that are used during processing. Specific Rules can export a Value (via the <check-export> element) to the OVAL processor to be used during the check. If you search the XML file you’re looking at for a specific Value's id, you should see an example of this.

Does that clear it up a bit?

There’s more that can be done with Profiles. See the spec for details:

Best,
David Ries

On Jan 13, 2016, at 2:45 PM, Snell, James (NE) <[hidden email]> wrote:

To whom it may concern, 
 
I am trying to write my own SCAP content using eSCAPe 1.2.2. When I am editing the XCCDF.xml files, I see containers for profiles, groups, and values. I am having a hard time understanding the purpose and use of profiles and values.  For example: when I open “U_Windows_7_V1R26_STIG_SCAP_1-1_Benchmark-xccdf.xml” from iase.disa.mil, there are 11 profiles. Eg: MAC-1_Classified. It makes sense to me that these profiles are used to categorize the severity of findings. However, each Profile contains references to every Group. Furthermore, concerning Values, when looking at the raw text file, or the source in eSCAPe, or even the other configuration tabs (General, References, Attributes, Values, Restrictions), I cannot understand how the values are used. It appears that the each value contains values to be checked for and identified for each group. I can’t find where Values are directly associated with groups, profiles, rules, or href docs in OVAL.xml files.
 
I hope I’m able to coherently express my confusion. Can someone please provide guidance?
 
J. McLain Snell
Systems Security Engineer
GENERAL DYNAMICS - Mission Systems
100 Plastics Ave
Pittsfield, MA 01201
 
_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].

-David

--
David E. Ries
Partner
Farnam Hall Ventures 



_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Loading...