How to Import and Associate OVAL Definitions

This topic explains how to import OVAL Definitions and map them to controls in a custom technology knowledge base.

A file containing OVAL code is a script with OVAL Definitions that queries a specific system. To find out if a certain system is in accordance with the controls from a certain knowledge base, OVAL is used as a language to ask the system if the control is implemented or not by associating an OVAL Definition with it. OVAL Definitions can be mapped to controls so that controls can be answered automatically using the results of an automated collection.

In this section you can import a file containing OVAL code to the system, which will then read the code uploaded and provide a list of the OVAL Definitions from the file. These OVAL Definitions should then be mapped to controls from the knowledge base in question.

When importing code for the first time (for example, for a knowledge base created from scratch), the code will only be imported. The associations between the controls and the OVAL Definitions must then be mapped manually by editing each.

For details on automated collections and the OVAL standard, see the topics Chapter 5: Risk -> Risk Management Projects -> Risk: The Analysis Phase -> Overview of Automated Collections and Chapter 17: Administration -> Settings -> Collector Servers. For details on OVAL and how to edit OVAL Definitions, visit http://oval.mitre.org or post a request in the MITRE OVAL forums.

Warning! Modulo Security LLC makes no guarantees as to the applicability of the associations between controls and OVAL Definitions created, copied, modified, or removed in custom knowledge bases. These associations should be evaluated as to their applicability before these knowledge bases are used in risk management projects to prevent controls from being answered erroneously, thus distorting or invalidating the results of the analysis. Any alterations to existing associations are the sole responsibility of the client.

 

1.    Access the Knowledge module.

2.    Select Knowledge Bases from the Risk Knowledge option on the menu.

3.    In the Knowledge Bases section, click Edit next to the knowledge base whose OVAL Definitions you want to edit.

4.    Click the OVAL Definitions tab.

5.    Click Import Code to select a previously created XML file containing the script with the OVAL Definitions that you want to import (see figure below).

 

 

6.    In the window that appears, click Browse... to open a dialog box and locate the file you want to import.

7.    Once the file has been located, click Upload File so that the system can import and validate the file (see figure below).

 

 

If no errors are encountered with the file selected, the system displays a success message.

 

8.    Click Import OVAL Code to confirm and import the file. If you want to quit the operation, click Cancel.

 

The system displays the list of OVAL definitions that were imported. Note that none are associated with controls yet.

 

9.    To view details on an OVAL Definition, click its name.

 

The system displays details on the OVAL Definition selected in a new window (see figure below).

 

 

10. To associate a control with an OVAL Definition, click Edit next to the OVAL Definition with which you want to associate a control (see figure below).

 

 

11. In the area that appears, select the control you want to associate from the drop-down list and click Associate Control. Only controls not yet associated with an OVAL Definition will appear. If you want to quit the operation, click Close (see figure below).

 

 

12. Click Disassociate Control if you want to undo the association between the OVAL Definition and the control. Otherwise, click Close once finished.

 

The system returns to the main list showing the OVAL Definition associated with the control (see figure below).