Importing SCAP content

To create an SCAP Benchmark object that you can use in an SCAP Compliance Job, you must import Security Content Automation Protocol (SCAP) content into the TrueSight Server Automation console.

Before you begin

Before importing SCAP content, ensure that you have prepared the folder that contains this content:

  • For SCAP 1.3 and 1.2 content, do not store the content files in your root drive. For best results, keep the content files all together in a single folder, and do not store any other (irrelevant) files or folders in this folder.
  • For SCAP 1.0 content, ensure that all SCAP content files that are referenced by the XCCDF file are in the same folder as the XCCDF file.

For information, see Obtaining SCAP content.

To import SCAP content

Do the following:

  1. Log in to the TrueSight Server Automation console.

  2. In the left pane, right-click a folder under Depot and select one of the following options depending on the SCAP content version that you want to import:

    • New > SCAP 1.3
    • New > SCAP 1.2
    • New > SCAP 1.0

    scap13_import_option.png

    You can import both SCAP 1.2 and 1.3 content after selecting SCAP 1.3.

  3. Provide the SCAP content and permission-related details.
    For SCAP 1.3 and 1.2 content:

    • New SCAP Content - General

      The General panel lets you select the SCAP source data stream collection that contains all the SCAP objects that you want to import.

      Field definitions

      Field

      Description

      Select a SCAP Content File

      The SCAP source data stream collection that you want to import. Click Browse to navigate to the server and select the SCAP data stream collection (an XML file).

      An SCAP source data stream collection is composed of SCAP data streams and SCAP source components. The data streams, in turn, contain SCAP benchmarks.

      Save in

      The Depot folder name where you want to save the imported SCAP objects.

    • New SCAP Content - Permissions

      Using the Permissions panel, you can add individual permissions to an object. You can also set permissions by adding ACL templates or ACL policies. The Permissions list is an access control list (ACL) granting roles access to any objects created in the system, such as depot objects. ACLs control access to all objects, including the sharing of objects between roles. For more information, see the following table:

      Task

      Description

      Adding an authorization

      An authorization grants permission to a role to perform a certain type of action on this object.

      To add authorization to this object, click Add Entry g_V95_AddIcon.gif in the Access Control List area. Then use the Add New Entry dialog box to specify the role and authorization you want to add.

      Adding an ACL template

      An ACL template is a group of predefined authorizations granted to roles. Using an ACL template, you can add a group of authorizations to the object.

      To add an ACL template to the object, click Use ACL Template g_V95_TemplateIcon.gif in the Access Control List area. Then use the Select ACL Template dialog box to specify an ACL template that you want to add to this object.

      To set the contents of the selected ACL templates so that they replace all entries in the access control list, select Replace ACL with selected templates. If you do not select this option, the contents of the selected ACL templates are appended to existing entries in the access control list.

      Adding an ACL policy

      An ACL policy is a group of authorizations that can be applied to this object but can be managed from one location.

      To add an ACL policy to this object, click Use ACL Policy g_V95_ACLPolicyIcon.gif in the ACL Policies area. Then use the Select ACL Policy dialog box to specify an ACL policy that you want to add to the object.

      To set the contents of the selected ACL policies so they replace all entries in the access control list, select Replace ACL with selected policies. If you do not select this option, the contents of the selected ACL policies are appended to existing entries in the access control list.

    For SCAP 1.0 content:

    • New XCCDF Benchmark - General

      The General panel lets you select the XCCDF file that defines the new Security Content Automation Protocol (SCAP) benchmark.

      Field definitions

      Field

      Description

      Select XCCDF file

      The XCCDF file that defines the new benchmark. Click Browse to navigate to the server and select the XCCDF file that defines the benchmark you want to import. The import process imports all files, such as OVAL, CPE, and patch files, that are referenced in the selected XCCDF file. All of the referenced files must be in the same directory with the XCCDF file.

      cpe-dictionary file

      The cpe-dictionary file that defines the platform-specific information for the benchmark. Typically, the wizard finds and supplies the name of the cpe-dictionary file that is in the same directory as the XCCDF file that you specified in the previous field. However, if you have more than one cpe-dictionary files in the directory, you must provide the name of the file.

      Save in

      The Depot folder name where you want to save the imported benchmark object.

      Note

      The benchmark object name used by the TrueSight Server Automation Console is an element in the XCCDF file and is typically supplied by the benchmark author.

    • New XCCDF Benchmark - Permissions

      Using the Permissions panel, you can add individual permissions to an object. You can also set permissions by adding ACL templates or ACL policies. The Permissions list is an access control list (ACL) granting roles access to any objects created in the system, such as depot objects. ACLs control access to all objects, including the sharing of objects between roles. For more information, see the following table:

      Task

      Description

      Adding an authorization

      An authorization grants permission to a role to perform a certain type of action on this object.

      To add authorization to this object, click Add Entry g_V95_AddIcon.gif in the Access Control List area. Then use the Add New Entry dialog box to specify the role and authorization you want to add.

      Adding an ACL template

      An ACL template is a group of predefined authorizations granted to roles. Using an ACL template, you can add a group of authorizations to the object.

      To add an ACL template to the object, click Use ACL Template g_V95_TemplateIcon.gif in the Access Control List area. Then use the Select ACL Template dialog box to specify an ACL template that you want to add to this object.

      To set the contents of the selected ACL templates so that they replace all entries in the access control list, select Replace ACL with selected templates. If you do not select this option, the contents of the selected ACL templates are appended to existing entries in the access control list.

      Adding an ACL policy

      An ACL policy is a group of authorizations that can be applied to this object but can be managed from one location.

      To add an ACL policy to this object, click Use ACL Policy g_V95_ACLPolicyIcon.gif in the ACL Policies area. Then use the Select ACL Policy dialog box to specify an ACL policy that you want to add to the object.

      To set the contents of the selected ACL policies so they replace all entries in the access control list, select Replace ACL with selected policies. If you do not select this option, the contents of the selected ACL policies are appended to existing entries in the access control list.

  4. Click Finish.
    The import process runs in the background. If the import is successful, a new SCAP collection object appears in the TrueSight Server Automation console. You can expand the SCAP collection object to view its child SCAP data stream objects. You can then expand an SCAP data stream object to display its child SCAP benchmark objects.
    Validation errors are written to the Application Server log.

Where to go from here

After completing the import, you might want to perform the following actions:

  • Open the Application Server log and check for validation errors that were detected during the import. For more information, see Viewing-SCAP-schema-errors.
  • Open imported SCAP objects and view a summary of details for each object. For more information, see Viewing-imported-SCAP-objects.
  • Generate an Open Checklist Interactive Language (OCIL) Results file for association with SCAP 1.3 or 1.2 content. The OCIL Results file contains server-specific answers to the questions in an OCIL Input file (or OCIL questionnaire). The OCIL Input file is either imported to the depot within a benchmark or you can add a standalone OCIL Input file to the depot manually. For more information, see Generating-an-OCIL-Results-file.

You can now proceed to perform an SCAP compliance analysis based on the imported SCAP benchmark by creating an SCAP Compliance Job.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*