Importing new SCAP packages


SCAP packages can be added to BMC Client Management at any time. Before you can import packages into BMC Client Management you need to download them, for example from the NVD (National Vulnerability Database) of the NIST (National Institute of Standards and Technology) http://web.nvd.nist.gov/view/ncp/repository website.

Note

To use the SCAP packages on the Linux devices, you must have libnsl (network services library) packages installed on it.

Click Edit > Import SCAP Package import_pkg.png.To import SCAP packages, proceed as follows:

  1. The Select an SCAP Package window opens on the screen.
  2. Browse to the directory into which you downloaded the package and select it.
  3. Click Open.

The imported file (zip or xml) is send to the master, which unzips and parses it. It then creates the new SCAP package in the CM database with its associated components (data streams, benchmarks, profiles, OVAL checks, etc.). The imported files are saved in a subdirectory with the ID of the newly created package as its name, in the <master_installation_path>/data/Vision64Database/scap/packages/<package_id> directory.

You can view the package components in the respective tabs and sub-nodes.

To import SCAP 1.0 and 1.1 packages

SCAP 1.0 and 1.1 contents are made of multiple standalone XML documents (XCCDF benchmark, XCCDF tailoring, OVAL definitions, CPE dictionary). To import such packages, the XML files must be bundled into a ZIP file, and the archive must be imported.

To provide a consistent user experience, SCAP 1.0 and 1.1 packages are imported as SCAP data stream collections. Therefore, some virtual items are automatically created to bind the standalone documents together. The data stream collection name and the data stream name are both derived from the benchmark’s identifier.

To import SCAP 1.2 and 1.3 packages

SCAP 1.2 and 1.3 contents are bundles. From now, all the documents that were previously separated in SCAP 1.0 and 1.1 are merged into a single XML document. Consequently, importing a single XML file is enough in most cases.

Nevertheless, some SCAP 1.2 and 1.3 contents have references to external documents (CPE dictionary, XCCDF benchmark or OVAL definitions). In this case, the external documents must be imported along with the SCAP content itself. BMC Client Management will recognize and extract these external references, but it will not try to acquire the documents. This behavior is more secure because the administrator keeps control on the processed documents. Besides, some BMC Client Management environments do not have a direct access to the internet, in which case external documents cannot be acquired autonomously. To import a SCAP 1.2 or 1.3 package with external references, a ZIP file must be created and imported. This archive must include the package to import and all the external dependencies. All the files should be added at the root of the ZIP archive. It's important to note that BMC Client Management rejects SCAP 1.2 and 1.3 packages if one or more external dependencies cannot be found in the imported item.

The following SCAP 1.3 content r3005-datastream-03.xml makes reference to the external r3005-datastream-01.xml document twice. Importing this single XML file fails with an error. 

scap_error.png

The master log file provides more information about the missing files.

master_log.png

The log file displays the missing files (r3005-datastream-01.xml) and the uniform resource identifier under which they are referenced (file:r3005-datastream-01.xml, the URI fragment can be ignored). This information makes it possible for the administrator to acquire the external documents. Then, the two r3005-datastream-03.xml and r3005-datastream-01.xml files must be bundled into a ZIP file and the archive must be imported.

SCAP 1.2 and 1.3 packages can also be imported in batches. In order to import multiple SCAP 1.2 and 1.3 documents at the same time, make a ZIP archive including all the files to import. BMC Client Management automatically creates multiple SCAP packages, one for each imported SCAP content. The SCAP packages name is derived from their data stream collection identifier. Notice that SCAP 1.2 and 1.3 files that are detected to be external dependencies for other contents are not imported as SCAP packages, but are imported along with their referencing package.

BMC Client Management tries to group the XML files extracted from an imported ZIP archive. For instance, it detects SCAP 1.2 and 1.3 packages with external dependencies and one additional SCAP 1.0 or 1.1 package. Nevertheless, it is recommended to avoid this type of association. A ZIP archive to import should only include related content: all the files of an SCAP 1.0 or 1.1 package, one SCAP 1.2 or 1.3 data stream collection file with its external dependencies or multiple standalone SCAP 1.2 or 1.3 data stream collection files.

To import OVAL only documents

It is possible to import a single OVAL definitions document. Similar to the import of SCAP 1.0 and 1.1 packages, BMC Client Management automatically creates virtual items to provide a consistent user experience. In this case, a virtual data stream collection, data stream and XCCDF benchmark are automatically created. The benchmark is populated with rules, one for each definition extracted from the OVAL document. The rules description makes reference to the OVAL definitions identifier they are associated with. Notice that no XCCDF profile gets created since all the XCCDF rules are selected by default. To get more information about OVAL only contents, please check the corresponding OVAL-Only-SCAP-Content.

To import XCCDF tailoring documents

XCCDF tailoring documents can be imported directly from SCAP 1.2 or 1.3 contents by the means of data stream collection components. They can also be imported as external documents. To import external XCCDF tailoring documents, make a ZIP archive including the SCAP package files and the XCCDF tailoring documents, and import the archive. XCCDF tailoring documents may include information about the benchmark for which they provide one or more profiles, but this is purely informational. Therefore, all the profiles from the XCCDF tailoring documents are automatically added to all the benchmarks detected during the import operation. The BMC Client Management user interface distinguishes standard profiles and tailoring profiles using a trailing (tailoring) pattern in the profiles name:

tailoring.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*