Anchor | ||||
---|---|---|---|---|
|
...
covered
...
Anchor | ||||
---|---|---|---|---|
|
Security Analysis Solution SAS supports:
Standard | Supported Versions |
---|---|
SCAP | 1.0 - 1.2 |
OVAL | 5.3 - 5.11 |
XCCDF | 1.0 - 1.2 |
CCE | 5.0 |
CPE | 2.3 |
CVSS | 2.0 |
Security Analysis Solution SAS is SCAP-compliant with these following capabilities:
...
SAS embraces the SCAP standard and can import SCAP content into the Arellia Thycotic Management Server (AMSTMS). For further details, go to[REVIEW] SAS SAS 8.x Overview1 overview.
XCCDF
SAS is compatible with XCCDF benchmarks and other types of checklists that adhere to the XCCDF specification including industry standards from:
...
SCAP elements are correlated within the AMS TMS during the import of these benchmarks. The profiles, used within security configuration policies, perform scheduled assessments and automated remediation to keep the targeted computers in compliance with the policies defined by the computer administrator.
...
For further information, go to Security Configuration Profilesconfiguration profiles.
OVAL
SAS supports OVAL, a public standard for creating vulnerability, configuration, and patch checks using a declarative XML syntax.
SAS imports OVAL content from SCAP data content streams streTMS and evaluates OVAL definitions, generally in the context of XCCDF benchmark profiles, to test configuration settings and vulnerabilities on managed computers. XCCDF adjusts the configuration of these assessments to better suit customer needs, all orchestrated within our user interface.
...
OVAL content is delivered to the endpoints where the assessments are performed resulting in OVAL results being sent back and correlated into the AMSTMS, giving the administrators access to the OVAL and XCCDF compliant XML output as well as numerous reports than can correlate these assessments to the managed elements within the AMSTMS.
CCE
SAS supports the public standard CCE, which provides an identification system for common security configuration issues and vulnerabilities. These identifiers are referenced within the SCAP and OVAL content.
The product shows the relationship of the CCEs to the OVAL checks within the view of a profile and in the results of an assessment performed on computers. These relationships are also modeled within the AMS TMS to provide for cross-profile views of assessment results, allowing administrators to run reports that can filter the results to specific computers or groups of computers that have specific CCE results. There are numerous other reports that can be built based on these relationships, giving administrators full control of the related data within the AMSTMS.
CCE references are also present in the OVAL results product output, as well as a CSV formatted file output, all accessible through the Resource Explorer user interface.
...
Upon import of the XCCDF benchmarks, SAS will extract all CPE references, then analyze and process them against the managed computers to build filters used within the AMSTMS. These filters are maintained and kept up-to-date through various tasks as new computers and profiles are introduced into the system. These targets can be used by other products, but have proven to be a good starting point for targeting assessments within security analysis policies.
...
SAS utilizes CVE identifiers to associate vulnerabilities identified in the imported SCAP data stream as well as the assessment results. When viewing the OVAL definitions within a profile, CVE identifiers are displayed with links to detail on the CVE website. Numerous reports are available within the product that show which computers are susceptible to the vulnerabilities identified by their CVE and combined with CVSS scoring metrics. SAS also stores CVE entities as unique resources within the AMSTMS, leveraging the ability to associate and relate these to other AMS TMS resources, giving the administrator rich reporting and targeting data to work from.
...
CVSS is a public standard that defines methods for scoring and rating computer vulnerabilities. These vulnerabilities are referenced using a CVE identifier and allow the administrator to prioritize and remediate those that pose the greatest risk. The CVSS list is maintained on the NIST website and provides scores for common threats and vulnerabilities.
Arellia Thycotic Security Analysis Solution provides tasks that can be run on managed computers that will gather CVE analysis results and analyze this data to produce CVSS score information for the managed computers. The product also displays CVSS scoring details in reports for managed computers that have been analyzed, including the CVE ID, score level, availability impact, confidentiality impact, integrity impact, and published date information. There are also links to the CVEs in the product output that you can navigate to find additional information on the CVSS scores for vulnerabilities.
Anchor | ||||
---|---|---|---|---|
|
...
links
Create a Security Analysis Policypolicy