Splunk TA for evaluating OpenSCAP OVAL definitions from Red Hat and SuSE Enterprise Linux

This Splunk TA is meant as a reporting control for patch management on Red Hat and SuSE Enterprise Linux servers. Both Red Hat and SuSE provide OVAL definitions that can be used to enumerate patched and unpatched vulnerabilities:

This is a work in progress, currently only the data collection is working.

Prerequisites on every Universal Forwarder:

openscap-utils
wget
libxslt

Installation

Install this Splunk TA on your deployment server:

cd $SPLUNK_HOME/etc/deployment-apps
git clone https://github.com/jorritfolmer/splunk_ta_oscap_oval.git

Edit the RHELOVAL and SLESOVAL urls in bin/oscap_oval.sh
Mirror the Red Hat and SuSE OVAL files to a local webserver

wget -q https://support.novell.com/security/oval/suse.linux.enterprise.server.11.xml
wget -q http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
bin		bin
default		default
local		local
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bin

bin

default

default

local

local

LICENSE

LICENSE

README.md

README.md

Repository files navigation

Splunk TA for evaluating OpenSCAP OVAL definitions from Red Hat and SuSE Enterprise Linux

Prerequisites on every Universal Forwarder:

Installation

About

Releases

Packages

Languages

License

jorritfolmer/TA-oscap-oval

Folders and files

Latest commit

History

Repository files navigation

Splunk TA for evaluating OpenSCAP OVAL definitions from Red Hat and SuSE Enterprise Linux

Prerequisites on every Universal Forwarder:

Installation

About

Topics

Resources

License

Stars

Watchers

Forks

Languages