Skip to content
This repository has been archived by the owner on Oct 8, 2020. It is now read-only.

jorritfolmer/TA-oscap-oval

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Splunk TA for evaluating OpenSCAP OVAL definitions from Red Hat and SuSE Enterprise Linux

This Splunk TA is meant as a reporting control for patch management on Red Hat and SuSE Enterprise Linux servers. Both Red Hat and SuSE provide OVAL definitions that can be used to enumerate patched and unpatched vulnerabilities:

This is a work in progress, currently only the data collection is working.

Prerequisites on every Universal Forwarder:

  • openscap-utils
  • wget
  • libxslt

Installation

  1. Install this Splunk TA on your deployment server:
cd $SPLUNK_HOME/etc/deployment-apps
git clone https://github.com/jorritfolmer/splunk_ta_oscap_oval.git
  1. Edit the RHELOVAL and SLESOVAL urls in bin/oscap_oval.sh

  2. Mirror the Red Hat and SuSE OVAL files to a local webserver

wget -q https://support.novell.com/security/oval/suse.linux.enterprise.server.11.xml
wget -q http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml

About

TA for evaluating RHEL and SLES OVAL definitions for Splunk

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published