This topic explains how to edit the OVAL Definitions for a custom technology knowledge base.
Note that although published knowledge bases or those provided by Modulo cannot be edited, you can create a copy of one. Any existing associations between the controls and the OVAL Definitions will also be copied and can then be edited. When importing existing code that was exported and edited, not all associations will be lost. The system will indicate which definitions will be affected before importing so that you know which mappings will need to be checked.
For details on automated collections and the OVAL standard, see the topics Chapter 5: Risk -> Risk Management Projects -> Risk: The Analysis Phase -> Overview of Automated Collections and Chapter 17: Administration -> Settings -> Collector Servers. For details on OVAL and how to edit OVAL Definitions, visit http://oval.mitre.org or post a request in the MITRE OVAL forums.
Warning! Modulo Security LLC makes no guarantees as to the applicability of the associations between controls and OVAL Definitions created, copied, modified, or removed in custom knowledge bases. These associations should be evaluated as to their applicability before these knowledge bases are used in risk management projects to prevent controls from being answered erroneously, thus distorting or invalidating the results of the analysis. Any alterations to existing associations are the sole responsibility of the client.
1. Access the Knowledge module.
2. Select Knowledge Bases from the Risk Knowledge option on the menu.
3. In the Knowledge Bases section, click Edit next to the knowledge base whose OVAL Definitions you want to edit.
4. Click the OVAL Definitions tab.
5. Click Display Code to view the OVAL Definitions associated with the knowledge base (see figure below).
The system displays the OVAL code in a new window.
6. Click Export OVAL Code to export the code as an XML document so that it can be edited (see figure below). If you want to close the window and return to the main OVAL Definitions tab, click Close.
7. In the dialog box that appears, save the file to your computer and open it using Notepad.
8. Make the necessary changes and save the file.
9. Return to the OVAL Definitions tab and click Import Code (see figure below).
10. In the window that appears, click Browse... to open a dialog box and locate the file you want to import.
11. Once the file has been located, click Upload File so that the system can import and validate the file (see figure below).
If the file imported is updating the current definitions, the system displays an alert indicating that there were differences noted between the existing definitions and those imported from the file. The system will list the differences detected in the IDs of the Definitions Affected section so that you can check the list before importing the file. If the modified or deleted definitions were not associated with any controls, the system will not show any alerts.
12. Click Import OVAL Code to confirm the updates to the existing definitions based on what you edited in the file. If you want to quit the operation, click Cancel.
The edited code is updated in the system. Note that existing associations between the controls and the OVAL Definitions are kept, and any new definitions will be available to associate with controls.
13. To remove the association between a control and an OVAL Definition, click Edit next to the OVAL Definition ID (see figure below).
14. In the area that appears, click Disassociate Control to remove the association. If you want to quit the operation, click Close.
The system removes the association and loads the area where a control can be associated with the OVAL Definition.
15. You can associate a different control with the OVAL Definition, or simply close the area by clicking Close.
The system returns to the main list showing the OVAL Definition no longer associated with the control (see figure below).
16. To remove the OVAL code entirely from the technology knowledge base, click Remove OVAL Code (see figure below).
The system requests confirmation of the removal (see figure below).
17. To confirm removal, click Remove OVAL Code. If you want to quit the operation, click Cancel.
The system removes the OVAL Definitions associated with the knowledge base. Once removed, the associations between the controls and the definitions are lost. If a new XML file containing OVAL definitions is imported, the associations between each control and each definition must be recreated manually.