Skip to content
This repository has been archived by the owner on Oct 8, 2020. It is now read-only.

jorritfolmer/TA-oscap-oval

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
bin
bin
 
 
default
default
 
 
local
local
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Splunk TA for evaluating OpenSCAP OVAL definitions from Red Hat and SuSE Enterprise Linux

This Splunk TA is meant as a reporting control for patch management on Red Hat and SuSE Enterprise Linux servers. Both Red Hat and SuSE provide OVAL definitions that can be used to enumerate patched and unpatched vulnerabilities:

This is a work in progress, currently only the data collection is working.

Prerequisites on every Universal Forwarder:

  • openscap-utils
  • wget
  • libxslt

Installation

  1. Install this Splunk TA on your deployment server:
cd $SPLUNK_HOME/etc/deployment-apps
git clone https://github.com/jorritfolmer/splunk_ta_oscap_oval.git

  1. Edit the RHELOVAL and SLESOVAL urls in bin/oscap_oval.sh

  2. Mirror the Red Hat and SuSE OVAL files to a local webserver

wget -q https://support.novell.com/security/oval/suse.linux.enterprise.server.11.xml
wget -q http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml

About

TA for evaluating RHEL and SLES OVAL definitions for Splunk

Topics

splunk oval oscap

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages