XCCDF-Results to HDF - Githubissues

mitre / heimdall_tools

DEPRECATED: A set of utilities for converting and working with compliance data for viewing in the heimdall applications

https://heimdall-tools.mitre.org

Other

35 stars 20 forks source link

XCCDF-Results to HDF #103

Closed zacharylc-mitre closed 3 years ago

zacharylc-mitre commented 3 years ago

Added hyperlinks to README.md
Added mapping tool for SCC XCCDF-Results to HDF
Made changes to heimdall_tools.rb and cli.rb to account for xccdf_mapper

Fixes #95

Signed-off-by: zacharylc zacharylc@mitre.org

Bialogs commented 3 years ago

needs a rebase

ejaronne commented 3 years ago

The SCC xml sample doesn't seem to produce the check-content field, as seen in the base (non-results) xccdf of the STIG. Otherwise, mappings look correct. Is it possible to see a generic expected xccdf results xml that isn't generated by any particular client? Otherwise, I fear this has been tailored to SCC's own special XML interpretation, and therefore should be renamed "SCC-xxcdf-mapper"

Actual STIG:

Sample from SCC (lacks Check Text):

rx294 commented 3 years ago

@zacharylc-mitre Please resolve merge conflicts on the Readme

rx294 commented 3 years ago

@zacharylc-mitre I agree with @ejaronne that the scope should be limited to SCC xccdf type.

Possibly scc_xccdf_mapper is the correct title ... @aaronlippold @Bialogs please add you thoughts.

Besides xccdf_results_mapper breaks your current naming pattern, we don't specify results in our other mappers.

Bialogs commented 3 years ago

It was originally named xccdf_mapper which I renamed to xccdf_results because the XCCDF schema and the XCCDF-results schema are different. Can we point to a SCC XCCDF-Results schema? I'm trying to call it what it is. Maybe we just call it an SCC mapper.

ejaronne commented 3 years ago

Eventually, @aaronlippold wanted this to translate any client that generates the xccdf_results format. This has only been tested to convert SCC output. I agree though that leading with xccdf_results_mapper will go over the heads of many non-data-schema folks who just want that "SCAP mapper", but won't see it. How about we revamp:

The upper list should have links to the converters later in the README.

In the upper list, put in an entry called "SCC (SCAP Compliance Checker) results mapper", but link it to the xccdf_results_mapper later in the README. As the xccdf_results_mapper adapts to work with other SCAP validated tools such as OpenSCAP, place a new entry in the upper list, but link it to the same xcddf_results_mapper lower on the list.

rx294 commented 3 years ago

Adding some notes for info

looks like test-system field identifies the test tool that generated xccdf

openscap `

` **scc** ` ` `test-system` seems to be universal field https://csrc.nist.rip/library/alt-SP800-126r3.pdf _section: 4.5 XCCDF Results_

rx294 commented 3 years ago

Taking back my objection re xccdf_results_mapper

Bialogs commented 3 years ago

Okay so it seems the way ahead should just update the README to be clear