Analyzing SCAP results
The Security Content Automation Protocol (SCAP) analyzer creates a report that helps you identify the underlying reasons for failed rules in an SCAP Compliance Job for a selected target server.
Features
The SCAP analyzer combines information from both the XCCDF and the OVAL result files for the selected target. The analyzer produces a customized XML report that is unique to TrueSight Server Automation, and not compliant to any SCAP schemas. The report includes:
- The benchmark rules and the resulting OVAL state for each one.
- Information about the state of the target system during the SCAP Compliance Job Run.
- Information and tips to help system administrators identify ways to manually remediate the problems.
The SCAP analyzer is available for SCAP Benchmarks for Windows, Linux, HP-UX, AIX, and Solaris platforms.
Prerequisites
The SCAP analyzer examines the results of an SCAP Compliance Job. Before running the SCAP analyzer, make sure that your results satisfy the following prerequisites:
- The SCAP Compliance Job whose results you want to analyze must run in Certification Mode. Certification mode retains the OVAL result and system characteristics files, which are required by the SCAP analyzer.
- The OVAL result and system characteristics files must be present on the target server whose results you want to analyze at the time that you run the SCAP analyzer. (Do not delete those files from the target server if you intend to run the SCAP analyzer on that server's SCAP results.)
- The target server must not be marked as failed or completed with warning in the SCAP Compliance Job Run.
Related topic
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*