All,

If I may jump into this thread,  I find myself working on the same problem
being discussed here.  I thought I'd mention how I have been approaching it
to see it it resonates with any one else.

Because SCAP results are in XML, I am converting the XML into RDF the using
RYA (A U.S. Navy project) that is designed to handle large amounts of data
in an RDF format.  RYA supports SPARQL, which is nice and handy.  I believe
I can get this into a repeatable workflow.

I am glossing over a lot of details, but thats the gist of it.

On Mon, Feb 12, 2018 at 3:52 AM, Jan Cerny <jce...@redhat.com> wrote:

> Hi,
>
> This idea is very interesting.
>
> Unfortunately it is not likely that we in Red Hat work on this database,
> because it will create a strong competition for Red Hat Satellite.
>
> But we will be very happy to provide our support and knowledge
> if there will be a project developed by community.
>
> Regards
>
> Jan Černý
> Security Technologies | Red Hat, Inc.
>
> ----- Original Message -----
> > From: "Šimon Lukašík" <sluka...@redhat.com>
> > To: "Luke Salsich" <luke.sals...@gmail.com>
> > Cc: "open-scap-list" <open-scap-list@redhat.com>
> > Sent: Friday, February 2, 2018 9:21:31 PM
> > Subject: Re: [Open-scap] oscap results stored in central database?
> >
> > On 02/02/2018 03:18 PM, Luke Salsich wrote:
> > > Hi Simon,
> > >
> > > I am surprised that SCAPtimony did not get traction as well.
> > >
> > > when you say
> > >
> > > "To this day, I am surprised there is no lean and functional
> microservice
> > > to store, query and postprocess SCAP results.
> > > ​"
> > >
> > > What would you suggest? ​I ask because it seems like there is a
> > > discussion about a lean microservice (to start with) and then a
> > > discussion about a larger application or framework which can then make
> > > use of the stored data. Personally, I don't think these two discussions
> > > conflict. I think they are describing the first small step to a
> > > microservice and then maybe to something larger after that.
> > >
> >
> > When I said `that I am surprised that there is no lean and functional
> > microservice to stre query and postprocess SCAP results` I was trying to
> > imply that the task is really not that hard.
> >
> > Take SCAPtimony and you are pretty close. I think its about 1 month of
> > fulltime developer time (assuming she really knows what she is doing and
> > she can afford to not look at mails, ignore sprints, scrums, managers,
> > re-orgs and other urgent non-important things).
> >
> > Cheers,
> > ~š.
> >
> > > But I would be interested to hear your thoughts on this.
> > >
> > >
> > >
> > >
> > > ---------------
> > > Luke Salsich
> > >
> > > On Fri, Feb 2, 2018 at 8:21 AM, Šimon Lukašík <sluka...@redhat.com
> > > <mailto:sluka...@redhat.com>> wrote:
> > >
> > >     Hello,
> > >
> > >     As original author of SCAPtimony, I feel urged to come in and say
> here
> > >     is my $0.02 coin.
> > >
> > >     After spending some time on OpenSCAP development, I started
> wondering
> > >     where all the results of the scans go. I thought there has to be
> > >     immense
> > >     need to make sense of the data organizations have and make a use
> of it.
> > >     For instance scan-result-diff in Satellite 5 was highly regarded
> at the
> > >     time. The other idea was to waive certain rule on certain system.
> And
> > >     there were more ideas like that.
> > >
> > >     Unfortunately, SCAPtimony project did not receive a traction I
> hoped
> > >     for. And hence the development stopped. Later on, Satellite 6
> absorbed
> > >     SCAPtimony code, so community can no longer leverage what they did
> > >     since.
> > >
> > >     To this day, I am surprised there is no lean and functional
> > >     microservice
> > >     to store, query and postprocess SCAP results. I am still ready, to
> make
> > >     the SCAPtimony fly, but I would need a funding.
> > >
> > >     --
> > >
> > >     The standardization was also mentioned in the thread, so let me
> share
> > >     my
> > >     view on that as well. I think the standardization is great in
> theory. I
> > >     was huge fun of standardizations after coming out from uni.
> However,
> > >     after few years I realized that it is extremely hard to write
> standards
> > >     that are comprehensive and usable at the same time.
> > >
> > >     The way you can write good standard is to learn first. Let the
> > >     businesses or independent actors come up with few solutions, notice
> > >     similarities, standardize them. Let the businesses adopt that and
> > >     iterate again.
> > >
> > >     To return back to the topic. Parsing XML to SQL models/tables is
> great
> > >     idea and many freshmen would certainly love to jump on it. My gut
> tells
> > >     me, however, this is not the best (or sensible) way. I sometimes
> > >     struggle to describe why my gut says what it says, but consider
> > >     following: If I were founding start-up on building SCAP database, I
> > >     would surely not be parsing entities to SQL for sure.
> > >
> > >     Best,
> > >     ~š.
> > >
> > >
> > >
> > >     On 01/31/2018 10:22 PM, Luke Salsich wrote:
> > >     > Hey all,
> > >     >
> > >     > I've been using OpenSCAP for a while on our servers and really
> > >     > appreciate what it does.
> > >     >
> > >     > I've been looking around for a way to store scan results and then
> > >     query
> > >     > them and I can't seem to locate any plugins or apps which do this
> > >     other
> > >     > than SCAPTimony.
> > >     >
> > >     > SCAPTimony sounds great, but I'm not sure it's currently
> > >     maintained and
> > >     > I don't really want to dive into Foreman just to store Oscap
> results.
> > >     >
> > >     > What does the community use for this kind of scan / report
> storing
> > >     > and
> > >     > querying?
> > >     >
> > >     > We're currently using Ansible AWX to run scans and to manage
> > >     > remediation. Love to find a way to pull that XML into a central
> > >     > database.......
> > >     >
> > >     > Thanks very much.
> > >     >
> > >     > ---------------
> > >     > Luke Salsich
> > >     >
> > >     >
> > >     > _______________________________________________
> > >     > Open-scap-list mailing list
> > >     > Open-scap-list@redhat.com <mailto:Open-scap-list@redhat.com>
> > >     > https://www.redhat.com/mailman/listinfo/open-scap-list
> > >     <https://www.redhat.com/mailman/listinfo/open-scap-list>
> > >     >
> > >
> > >
> > >     ~š.
> > >
> > >
> >
> >
> > ~š.
> >
> > _______________________________________________
> > Open-scap-list mailing list
> > Open-scap-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/open-scap-list
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list@redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
>
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to