godsgood33
commented
6 years ago Yes, probably bad regex or incorrect info on the sw_name_match table. What are the steps to reproducing?
Closed JeffOdegard closed 5 years ago
godsgood33
commented
6 years ago Yes, probably bad regex or incorrect info on the sw_name_match table. What are the steps to reproducing?
JeffOdegard
commented
6 years ago Load the Nessus vulnerability scan. Manually add the McAfee local client STIG
On Thu, Dec 6, 2018, 11:15 AM Ryan P <notifications@github.com wrote:
Yes, probably bad regex or incorrect info on the sw_name_match table. What are the steps to reproducing?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/cyberperspectives/sagacity/issues/79#issuecomment-444973983, or mute the thread https://github.com/notifications/unsubscribe-auth/AoyyhzGqnzraVJFKhplvGXz_7fJwmW9Iks5u2V7AgaJpZM4ZHBX2 .
JeffOdegard
commented
5 years ago Matt is certain that this is happening on eChecklist import. For example, an eChecklist with the Solaris Sparc STIG, will produce a host with both the Sparc and x86 STIG applied. That makes sense, since that is one of the last things you were working on. I'd start there.
JeffOdegard
commented
5 years ago Import this file, and you will get multiple different Windows checklists applied.
godsgood33
commented
5 years ago After looking at that eChecklist this is what is listed in the 'Orphan' tab.
Windows Server 2008 R2 Domain Controller STIG V1R28 (manual), Orphan V1R1 (manual), Windows Vista STIG V6R42 (manual), Windows 2003 Domain Controller STIG V6R37 (manual), Windows XP STIG V6R1.32 (manual), Windows 2008 Domain Controller STIG V6R41 (manual), Microsoft Access 2013 STIG V1R6 (manual), Microsoft Excel 2016 STIG V1R2 (manual), Microsoft Office System 2016 STIG V1R1 (manual), Microsoft PowerPoint 2016 STIG V1R1 (manual), Microsoft Word 2016 STIG V1R1 (manual)
So that is why it is adding all those extra checklists. Changing the code to exclude the orphan tab completely should fix a lot of issues at least until we get the 'Orphan Only' export done.
godsgood33
commented
5 years ago After making the changes to the code to exclude the orphan worksheet, it appears as though this file is importing correctly. All the finding statuses are correct, the correct checklists are applied. Attached is the resulting eChecklist Export from that import. No other files were imported. (and on my system it only took 14 seconds to import)
JeffOdegard
commented
5 years ago Fixed.
I noticed that my Windows 7 targets have a bunch of unrelated checklists being assigned. Don't know if this is happening in post processing, or where. Could this be a bad regex somewhere?
Should have: Windows 7 Windows Firewall McAfee AV Local Client (manually applied)
Has: Windows 7 Server 2003 Server 2008 Server 2008 R2 Windows Vista Windows Firewall Mcafee Local Client McAfee Managed Client