Alex Kuchta
Alex Kuchta
@Gerosolina unfortunately, it is not going to be an automated functionality - users will still have to manually map the ACAS plugin ID back to applicable control(s) by hand. v6.2.0...
@Gerosolina the "tracing" portion is still manual. I have yet to find a way to (reliably) automatically associate the ACAS finding back to a NIST control. Users will have the...
@rkotlarz @CyberSecDef @ibjohn @Gerosolina To address some of the above points: - Vulnerator now pulls *every* cross reference that ACAS has for a plugin, be it a CVE, CPE, BID,...
@Gerosolina It's still in development, but some of the major steps have been implemented: - [x] Import the STIG Compilation Library or STIG that you need a checklist created for...
@CyberSecDef I've addressed the issue of the SCAP not having all of the checks by allowing for the import of the full STIG library. As long as the library is...
All, I am going to leave this open for now just in case it pops up again, but I am going to label it as "On Hold" for now. If...
@pckle-Rick first and foremost, congratulations on the epic GitHub user name - I'm fully appreciative of it :laughing: With regards to your issue report, I can definitely look at throwing...
@akajeremy I haven't properly written the application to import *.nessus scan files for compliance checks - try exporting the compliance output as a SCAP output, then ingest that into the...
@brjones3 The upside to ingesting the SCAP files into Vulnerator directly is that Vulnerator allows you to do a discrepancies comparison between what SCC says ("Ongoing", "Completed") vs. what the...
@vanerj1996 I completely looked over your comment - sorry! As @CyberSecDef stated, the operative word is "compliance"; while *.nessus files parse fine, if the *.nessus is an export of ran...