Makes sense for me. I think people realize the need for a CAESARS-like architecture. RDF (semantic) makes sense (could be JSON-LD in future) Just curious to know if you defined your own or use an ontology like ICAS?
On Mon 12 Feb 2018 at 21:00, Geoffry Roberts < [email protected]> wrote: > All, > > If I may jump into this thread, I find myself working on the same problem > being discussed here. I thought I'd mention how I have been approaching it > to see it it resonates with any one else. > > Because SCAP results are in XML, I am converting the XML into RDF the > using RYA (A U.S. Navy project) that is designed to handle large amounts of > data in an RDF format. RYA supports SPARQL, which is nice and handy. I > believe I can get this into a repeatable workflow. > > I am glossing over a lot of details, but thats the gist of it. > > On Mon, Feb 12, 2018 at 3:52 AM, Jan Cerny <[email protected]> wrote: > >> Hi, >> >> This idea is very interesting. >> >> Unfortunately it is not likely that we in Red Hat work on this database, >> because it will create a strong competition for Red Hat Satellite. >> >> But we will be very happy to provide our support and knowledge >> if there will be a project developed by community. >> >> Regards >> >> Jan Černý >> Security Technologies | Red Hat, Inc. >> >> ----- Original Message ----- >> > From: "Šimon Lukašík" <[email protected]> >> > To: "Luke Salsich" <[email protected]> >> > Cc: "open-scap-list" <[email protected]> >> > Sent: Friday, February 2, 2018 9:21:31 PM >> > Subject: Re: [Open-scap] oscap results stored in central database? >> > >> > On 02/02/2018 03:18 PM, Luke Salsich wrote: >> > > Hi Simon, >> > > >> > > I am surprised that SCAPtimony did not get traction as well. >> > > >> > > when you say >> > > >> > > "To this day, I am surprised there is no lean and functional >> microservice >> > > to store, query and postprocess SCAP results. >> > > " >> > > >> > > What would you suggest? I ask because it seems like there is a >> > > discussion about a lean microservice (to start with) and then a >> > > discussion about a larger application or framework which can then make >> > > use of the stored data. Personally, I don't think these two >> discussions >> > > conflict. I think they are describing the first small step to a >> > > microservice and then maybe to something larger after that. >> > > >> > >> > When I said `that I am surprised that there is no lean and functional >> > microservice to stre query and postprocess SCAP results` I was trying to >> > imply that the task is really not that hard. >> > >> > Take SCAPtimony and you are pretty close. I think its about 1 month of >> > fulltime developer time (assuming she really knows what she is doing and >> > she can afford to not look at mails, ignore sprints, scrums, managers, >> > re-orgs and other urgent non-important things). >> > >> > Cheers, >> > ~š. >> > >> > > But I would be interested to hear your thoughts on this. >> > > >> > > >> > > >> > > >> > > --------------- >> > > Luke Salsich >> > > >> > > On Fri, Feb 2, 2018 at 8:21 AM, Šimon Lukašík <[email protected] >> > > <mailto:[email protected]>> wrote: >> > > >> > > Hello, >> > > >> > > As original author of SCAPtimony, I feel urged to come in and say >> here >> > > is my $0.02 coin. >> > > >> > > After spending some time on OpenSCAP development, I started >> wondering >> > > where all the results of the scans go. I thought there has to be >> > > immense >> > > need to make sense of the data organizations have and make a use >> of it. >> > > For instance scan-result-diff in Satellite 5 was highly regarded >> at the >> > > time. The other idea was to waive certain rule on certain system. >> And >> > > there were more ideas like that. >> > > >> > > Unfortunately, SCAPtimony project did not receive a traction I >> hoped >> > > for. And hence the development stopped. Later on, Satellite 6 >> absorbed >> > > SCAPtimony code, so community can no longer leverage what they did >> > > since. >> > > >> > > To this day, I am surprised there is no lean and functional >> > > microservice >> > > to store, query and postprocess SCAP results. I am still ready, >> to make >> > > the SCAPtimony fly, but I would need a funding. >> > > >> > > -- >> > > >> > > The standardization was also mentioned in the thread, so let me >> share >> > > my >> > > view on that as well. I think the standardization is great in >> theory. I >> > > was huge fun of standardizations after coming out from uni. >> However, >> > > after few years I realized that it is extremely hard to write >> standards >> > > that are comprehensive and usable at the same time. >> > > >> > > The way you can write good standard is to learn first. Let the >> > > businesses or independent actors come up with few solutions, >> notice >> > > similarities, standardize them. Let the businesses adopt that and >> > > iterate again. >> > > >> > > To return back to the topic. Parsing XML to SQL models/tables is >> great >> > > idea and many freshmen would certainly love to jump on it. My gut >> tells >> > > me, however, this is not the best (or sensible) way. I sometimes >> > > struggle to describe why my gut says what it says, but consider >> > > following: If I were founding start-up on building SCAP database, >> I >> > > would surely not be parsing entities to SQL for sure. >> > > >> > > Best, >> > > ~š. >> > > >> > > >> > > >> > > On 01/31/2018 10:22 PM, Luke Salsich wrote: >> > > > Hey all, >> > > > >> > > > I've been using OpenSCAP for a while on our servers and really >> > > > appreciate what it does. >> > > > >> > > > I've been looking around for a way to store scan results and >> then >> > > query >> > > > them and I can't seem to locate any plugins or apps which do >> this >> > > other >> > > > than SCAPTimony. >> > > > >> > > > SCAPTimony sounds great, but I'm not sure it's currently >> > > maintained and >> > > > I don't really want to dive into Foreman just to store Oscap >> results. >> > > > >> > > > What does the community use for this kind of scan / report >> storing >> > > > and >> > > > querying? >> > > > >> > > > We're currently using Ansible AWX to run scans and to manage >> > > > remediation. Love to find a way to pull that XML into a central >> > > > database....... >> > > > >> > > > Thanks very much. >> > > > >> > > > --------------- >> > > > Luke Salsich >> > > > >> > > > >> > > > _______________________________________________ >> > > > Open-scap-list mailing list >> > > > [email protected] <mailto:[email protected]> >> > > > https://www.redhat.com/mailman/listinfo/open-scap-list >> > > <https://www.redhat.com/mailman/listinfo/open-scap-list> >> > > > >> > > >> > > >> > > ~š. >> > > >> > > >> > >> > >> > ~š. >> > >> > _______________________________________________ >> > Open-scap-list mailing list >> > [email protected] >> > https://www.redhat.com/mailman/listinfo/open-scap-list >> >> _______________________________________________ >> Open-scap-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/open-scap-list >> > > _______________________________________________ > Open-scap-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/open-scap-list
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
