An automated collection is a feature used to collect data on technology assets included in the scope of a risk project and, based on this information, automatically answer controls in the knowledge base associated with the technology asset component under analysis.
Automated collections use OVAL as the standard for storing information on the configurations of technology asset components as well as the results of the collections. The collection process is based on three file standards: OVAL Definitions (expected state of the target machine), OVAL System Characteristics (reported state of the target machine), and OVAL Results (results of the collection). Described below are the main steps necessary to run an automated collection.
First, some parameters need to be provided to guide the collection process (see Step 1 in the figure below). In addition to information about the organization’s infrastructure – such as host addresses for the target machines included in the scope of the project –, the collector server and the credentials necessary to access and obtain data from the target machines must be configured.
Once the organizational data and the configurations for the collection have been provided, the automated collection must be scheduled so that it can be executed. The date and time you want to execute the collection are indicated in the scheduling process, as well as the technology assets to be analyzed, the collector server, and the credentials to access the target machines.
When a collection is activated, the collection service recovers the collection data together with the OVAL Definitions file and sends them to the collection engine (see Step 2 in the figure below). Next, the engine initiates the search for data in the asset components spread across the network. Note that the collection engine is agentless, and does not require the installation of any programs in the target machines. The data is obtained remotely by the engine without requiring any modifications to the target machines (see Step 3 in the figure below). When finished collecting the necessary data, an OVAL System Characteristics file is created for each target machine analyzed and is sent back to the system (see Step 4 in the figure below).
Once the OVAL System Characteristics file is received, the system initiates the final step of processing the results. To do so, the OVAL Definitions file (expected state of the machine) and the OVAL System Characteristics file (reported state of the machine) are processed, thus producing the OVAL Results file (see Step 5 in the figure below). Based on this file, the system is able to automatically answer controls in the knowledge base referring to the asset analyzed in the collection. However, there are controls which, due to their nature, cannot be answered automatically by the system and, in this case, some data collected will be displayed as evidence in the questionnaire to assist the analyst in answering the controls manually.
At the end of the entire collection process, the results of the analysis in technology assets included in the scope of the project will be available for use in reports and for treating risks.