Makes sense for me. I think people realize the need for a CAESARS-like
architecture.
RDF (semantic) makes sense (could be JSON-LD in future)
Just curious to know if you defined your own or use an ontology like ICAS?



On Mon 12 Feb 2018 at 21:00, Geoffry Roberts <
geoffry.robe...@hedronanalytics.com> wrote:

> All,
>
> If I may jump into this thread,  I find myself working on the same problem
> being discussed here.  I thought I'd mention how I have been approaching it
> to see it it resonates with any one else.
>
> Because SCAP results are in XML, I am converting the XML into RDF the
> using RYA (A U.S. Navy project) that is designed to handle large amounts of
> data in an RDF format.  RYA supports SPARQL, which is nice and handy.  I
> believe I can get this into a repeatable workflow.
>
> I am glossing over a lot of details, but thats the gist of it.
>
> On Mon, Feb 12, 2018 at 3:52 AM, Jan Cerny <jce...@redhat.com> wrote:
>
>> Hi,
>>
>> This idea is very interesting.
>>
>> Unfortunately it is not likely that we in Red Hat work on this database,
>> because it will create a strong competition for Red Hat Satellite.
>>
>> But we will be very happy to provide our support and knowledge
>> if there will be a project developed by community.
>>
>> Regards
>>
>> Jan Černý
>> Security Technologies | Red Hat, Inc.
>>
>> ----- Original Message -----
>> > From: "Šimon Lukašík" <sluka...@redhat.com>
>> > To: "Luke Salsich" <luke.sals...@gmail.com>
>> > Cc: "open-scap-list" <open-scap-list@redhat.com>
>> > Sent: Friday, February 2, 2018 9:21:31 PM
>> > Subject: Re: [Open-scap] oscap results stored in central database?
>> >
>> > On 02/02/2018 03:18 PM, Luke Salsich wrote:
>> > > Hi Simon,
>> > >
>> > > I am surprised that SCAPtimony did not get traction as well.
>> > >
>> > > when you say
>> > >
>> > > "To this day, I am surprised there is no lean and functional
>> microservice
>> > > to store, query and postprocess SCAP results.
>> > > ​"
>> > >
>> > > What would you suggest? ​I ask because it seems like there is a
>> > > discussion about a lean microservice (to start with) and then a
>> > > discussion about a larger application or framework which can then make
>> > > use of the stored data. Personally, I don't think these two
>> discussions
>> > > conflict. I think they are describing the first small step to a
>> > > microservice and then maybe to something larger after that.
>> > >
>> >
>> > When I said `that I am surprised that there is no lean and functional
>> > microservice to stre query and postprocess SCAP results` I was trying to
>> > imply that the task is really not that hard.
>> >
>> > Take SCAPtimony and you are pretty close. I think its about 1 month of
>> > fulltime developer time (assuming she really knows what she is doing and
>> > she can afford to not look at mails, ignore sprints, scrums, managers,
>> > re-orgs and other urgent non-important things).
>> >
>> > Cheers,
>> > ~š.
>> >
>> > > But I would be interested to hear your thoughts on this.
>> > >
>> > >
>> > >
>> > >
>> > > ---------------
>> > > Luke Salsich
>> > >
>> > > On Fri, Feb 2, 2018 at 8:21 AM, Šimon Lukašík <sluka...@redhat.com
>> > > <mailto:sluka...@redhat.com>> wrote:
>> > >
>> > >     Hello,
>> > >
>> > >     As original author of SCAPtimony, I feel urged to come in and say
>> here
>> > >     is my $0.02 coin.
>> > >
>> > >     After spending some time on OpenSCAP development, I started
>> wondering
>> > >     where all the results of the scans go. I thought there has to be
>> > >     immense
>> > >     need to make sense of the data organizations have and make a use
>> of it.
>> > >     For instance scan-result-diff in Satellite 5 was highly regarded
>> at the
>> > >     time. The other idea was to waive certain rule on certain system.
>> And
>> > >     there were more ideas like that.
>> > >
>> > >     Unfortunately, SCAPtimony project did not receive a traction I
>> hoped
>> > >     for. And hence the development stopped. Later on, Satellite 6
>> absorbed
>> > >     SCAPtimony code, so community can no longer leverage what they did
>> > >     since.
>> > >
>> > >     To this day, I am surprised there is no lean and functional
>> > >     microservice
>> > >     to store, query and postprocess SCAP results. I am still ready,
>> to make
>> > >     the SCAPtimony fly, but I would need a funding.
>> > >
>> > >     --
>> > >
>> > >     The standardization was also mentioned in the thread, so let me
>> share
>> > >     my
>> > >     view on that as well. I think the standardization is great in
>> theory. I
>> > >     was huge fun of standardizations after coming out from uni.
>> However,
>> > >     after few years I realized that it is extremely hard to write
>> standards
>> > >     that are comprehensive and usable at the same time.
>> > >
>> > >     The way you can write good standard is to learn first. Let the
>> > >     businesses or independent actors come up with few solutions,
>> notice
>> > >     similarities, standardize them. Let the businesses adopt that and
>> > >     iterate again.
>> > >
>> > >     To return back to the topic. Parsing XML to SQL models/tables is
>> great
>> > >     idea and many freshmen would certainly love to jump on it. My gut
>> tells
>> > >     me, however, this is not the best (or sensible) way. I sometimes
>> > >     struggle to describe why my gut says what it says, but consider
>> > >     following: If I were founding start-up on building SCAP database,
>> I
>> > >     would surely not be parsing entities to SQL for sure.
>> > >
>> > >     Best,
>> > >     ~š.
>> > >
>> > >
>> > >
>> > >     On 01/31/2018 10:22 PM, Luke Salsich wrote:
>> > >     > Hey all,
>> > >     >
>> > >     > I've been using OpenSCAP for a while on our servers and really
>> > >     > appreciate what it does.
>> > >     >
>> > >     > I've been looking around for a way to store scan results and
>> then
>> > >     query
>> > >     > them and I can't seem to locate any plugins or apps which do
>> this
>> > >     other
>> > >     > than SCAPTimony.
>> > >     >
>> > >     > SCAPTimony sounds great, but I'm not sure it's currently
>> > >     maintained and
>> > >     > I don't really want to dive into Foreman just to store Oscap
>> results.
>> > >     >
>> > >     > What does the community use for this kind of scan / report
>> storing
>> > >     > and
>> > >     > querying?
>> > >     >
>> > >     > We're currently using Ansible AWX to run scans and to manage
>> > >     > remediation. Love to find a way to pull that XML into a central
>> > >     > database.......
>> > >     >
>> > >     > Thanks very much.
>> > >     >
>> > >     > ---------------
>> > >     > Luke Salsich
>> > >     >
>> > >     >
>> > >     > _______________________________________________
>> > >     > Open-scap-list mailing list
>> > >     > Open-scap-list@redhat.com <mailto:Open-scap-list@redhat.com>
>> > >     > https://www.redhat.com/mailman/listinfo/open-scap-list
>> > >     <https://www.redhat.com/mailman/listinfo/open-scap-list>
>> > >     >
>> > >
>> > >
>> > >     ~š.
>> > >
>> > >
>> >
>> >
>> > ~š.
>> >
>> > _______________________________________________
>> > Open-scap-list mailing list
>> > Open-scap-list@redhat.com
>> > https://www.redhat.com/mailman/listinfo/open-scap-list
>>
>> _______________________________________________
>> Open-scap-list mailing list
>> Open-scap-list@redhat.com
>> https://www.redhat.com/mailman/listinfo/open-scap-list
>>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list@redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to