[Xccdf-dev] XCCDF export for Nessus

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Xccdf-dev] XCCDF export for Nessus

High, Richard A. (SECD) (CON)
XCCDF Dev Team,

Thank you for taking the time to read my email. I'm current assigned with the FBI to conduct security compliancy with federal guidelines using various tools such as Tenable Nessus, WebInspect, and IBM AppScan. I want to inquire if the XCCDF Dev team is involved in developing a Tenable Nessus capability to export xccdf file format to import and use with DISA IASE STIG viewer. Or, if you could provide some references and solution on how to format Nessus exports to xccdf format to import them into DISA IASE's STIG viewer. Thank you.

Very Respectfully,
Richard High

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xccdf-dev] XCCDF export for Nessus

David Solin-3
Hi Richard,

XCCDF is an open specification/XML file format.  The question you’re asking seems like it should be directed to someone at Tenable.

The STIG viewer should be compatible with any “bundle” of SCAP files that includes an XCCDF file (such as those published by IASE).  See the tutorial:

Best regards,
—David Solin

David A. Solin
Co-Founder, Research & Technology
[hidden email]

Joval Continuous Monitoring

Facebook Linkedin


On May 16, 2017, at 2:12 PM, High, Richard A. (SECD) (CON) <[hidden email]> wrote:

XCCDF Dev Team,

Thank you for taking the time to read my email. I'm current assigned with the FBI to conduct security compliancy with federal guidelines using various tools such as Tenable Nessus, WebInspect, and IBM AppScan. I want to inquire if the XCCDF Dev team is involved in developing a Tenable Nessus capability to export xccdf file format to import and use with DISA IASE STIG viewer. Or, if you could provide some references and solution on how to format Nessus exports to xccdf format to import them into DISA IASE's STIG viewer. Thank you.

Very Respectfully,
Richard High

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].


_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xccdf-dev] XCCDF export for Nessus

Roxy Mire
In reply to this post by High, Richard A. (SECD) (CON)
I don't know very much about technology, but I do know someone was in my phone and hacked it and it's not resolved, what should I do

On May 19, 2017 11:05 AM, "High, Richard A. (SECD) (CON)" <[hidden email]> wrote:
XCCDF Dev Team,

Thank you for taking the time to read my email. I'm current assigned with the FBI to conduct security compliancy with federal guidelines using various tools such as Tenable Nessus, WebInspect, and IBM AppScan. I want to inquire if the XCCDF Dev team is involved in developing a Tenable Nessus capability to export xccdf file format to import and use with DISA IASE STIG viewer. Or, if you could provide some references and solution on how to format Nessus exports to xccdf format to import them into DISA IASE's STIG viewer. Thank you.

Very Respectfully,
Richard High

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xccdf-dev] XCCDF export for Nessus

Roxy Mire
In reply to this post by High, Richard A. (SECD) (CON)
My phone was hacked, my Facebook wiped out along with a lot of disabled apps. I got with Google but I'm not impressed. What to do???????

On May 19, 2017 11:05 AM, "High, Richard A. (SECD) (CON)" <[hidden email]> wrote:
XCCDF Dev Team,

Thank you for taking the time to read my email. I'm current assigned with the FBI to conduct security compliancy with federal guidelines using various tools such as Tenable Nessus, WebInspect, and IBM AppScan. I want to inquire if the XCCDF Dev team is involved in developing a Tenable Nessus capability to export xccdf file format to import and use with DISA IASE STIG viewer. Or, if you could provide some references and solution on how to format Nessus exports to xccdf format to import them into DISA IASE's STIG viewer. Thank you.

Very Respectfully,
Richard High

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xccdf-dev] XCCDF export for Nessus

Hardy, Michael F CIV NAVSEA, JXVT
In reply to this post by High, Richard A. (SECD) (CON)
Sir,
The NESSUS Scanner will export in 5 formats; 1) NESSUS files, 2) PDF, 3) HTML, 4) CSV and 5) NESSUS DB.  1 and 5 are no good to you for this effort.  PDF is a format which can be exported but only if the data is non-graphic.  That leaves CSV and HTML.  CVS is Comma Separated Values and so should be very easy to parse into your know XCCDF Format.  What would be important here is to develop a good XSL (think XML stylesheet) which could help to convert to the proper format.  Unlike HTML, XML is strong-typed and you must follow the XCCDF format and naming conventions.  XML is used for content description so you could choose to parse either the HML or the CSV export from NESSUS to the proper XML format to be XCCDF compliant.
V/R,
-Michael

Michael F. Hardy
IT Specialist
Naval Surface Warfare Center, Crane Division, (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
Code JXVT, Bldg. 41N
300 Highway 361
Crane, IN  47522-5001
Ph:  812.854.2371
DSN: 482-2371
Fax:  812.854.2421
Email:  [hidden email]


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of High, Richard A. (SECD) (CON)
Sent: Tuesday, May 16, 2017 3:13 PM
To: [hidden email]
Subject: [Non-DoD Source] [Xccdf-dev] XCCDF export for Nessus

XCCDF Dev Team,

Thank you for taking the time to read my email. I'm current assigned with the FBI to conduct security compliancy with federal guidelines using various tools such as Tenable Nessus, WebInspect, and IBM AppScan. I want to inquire if the XCCDF Dev team is involved in developing a Tenable Nessus capability to export xccdf file format to import and use with DISA IASE STIG viewer. Or, if you could provide some references and solution on how to format Nessus exports to xccdf format to import them into DISA IASE's STIG viewer. Thank you.

Very Respectfully,
Richard High

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xccdf-dev] XCCDF export for Nessus

David Adler
unsubscribe

Dave Adler, CISSP
Senior Vice President
Information Security Officer

TEL: (760) 699-6757
CELL: (858) 342-5960
EXT:  1166757

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Hardy, Michael F CIV NAVSEA, JXVT
Sent: Friday, May 19, 2017 10:36 AM
To: [hidden email]
Subject: Re: [Xccdf-dev] XCCDF export for Nessus

Sir,
The NESSUS Scanner will export in 5 formats; 1) NESSUS files, 2) PDF, 3) HTML, 4) CSV and 5) NESSUS DB.  1 and 5 are no good to you for this effort.  PDF is a format which can be exported but only if the data is non-graphic.  That leaves CSV and HTML.  CVS is Comma Separated Values and so should be very easy to parse into your know XCCDF Format.  What would be important here is to develop a good XSL (think XML stylesheet) which could help to convert to the proper format.  Unlike HTML, XML is strong-typed and you must follow the XCCDF format and naming conventions.  XML is used for content description so you could choose to parse either the HML or the CSV export from NESSUS to the proper XML format to be XCCDF compliant.
V/R,
-Michael

Michael F. Hardy
IT Specialist
Naval Surface Warfare Center, Crane Division, (NSWC Crane) Harnessing the Power of Technology for the Warfighter Code JXVT, Bldg. 41N
300 Highway 361
Crane, IN  47522-5001
Ph:  812.854.2371
DSN: 482-2371
Fax:  812.854.2421
Email:  [hidden email]


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of High, Richard A. (SECD) (CON)
Sent: Tuesday, May 16, 2017 3:13 PM
To: [hidden email]
Subject: [Non-DoD Source] [Xccdf-dev] XCCDF export for Nessus

XCCDF Dev Team,

Thank you for taking the time to read my email. I'm current assigned with the FBI to conduct security compliancy with federal guidelines using various tools such as Tenable Nessus, WebInspect, and IBM AppScan. I want to inquire if the XCCDF Dev team is involved in developing a Tenable Nessus capability to export xccdf file format to import and use with DISA IASE STIG viewer. Or, if you could provide some references and solution on how to format Nessus exports to xccdf format to import them into DISA IASE's STIG viewer. Thank you.

Very Respectfully,
Richard High

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].


Sending an unencrypted email is not a secure method of transmitting confidential information. If you intend to transmit confidential information to us, please visit our website: http://www.pacificwesternbank.com and click on the “Banking Tools” link on the top right side of our Home Page. Then using the “Send Secure Email” feature, Secure Mail will encrypt any emails addressed to Pacific Western Bank personnel. Note: This message contains information which may be confidential and/or privileged. If you received this email by mistake, please notify the sender of the error by return email and delete this message.

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Loading...