What does the community use for this kind of scan / report storing and querying?
This isn't ideal -- but I generally use an oscap cron with "brief" results going to centralized syslog. Query the centralized syslog for results as needed. I also have the HTML reports archived on an NFS share, which is what the ISSO/ISSM prefer to review. This works well for anything automated, but the manual check XCCDF stuff is a mess to manage.
-- Paul Arnold, CISSP Cole Engineering Services, Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
