Scanning OVAL Vulnerabilities
Click here to view navigation pane

Scanning OVAL Vulnerabilities

You can scan OVAL vulnerabilities you've created using the OVAL standard and view the scan results within your account.

Tell me about OVALTell me about OVAL

Open Vulnerability and Assessment Language (OVAL) is an international information security community baseline standard, designed to check for the presence of vulnerabilities and configuration issues on computer systems. Want to learn more? Visit http://oval.mitre.org/

What OVAL versions are supported?What OVAL versions are supported?

OVAL versions 4.0, 4.1 and 4.2 are supported.

What OVAL schemas are supported?What OVAL schemas are supported?

We support the OVAL Definition Schema and the Platform Schema for Windows. These schemas define the structure and vocabulary of the OVAL vulnerability definitions.

Windows OVAL checks are supportedWindows OVAL checks are supported

Only Windows is supported for OVAL based checks. Specifically the wrt test type (Windows Registry test), wft test type (Windows File tests) and cmp test type (Compound test) tests are supported.

 

A few things you need...

Add OVAL vulnerabilitiesAdd OVAL vulnerabilities

Go to VM/VMDR > KnowledgeBase and select New > OVAL Vulnerability. Enter the OVAL vulnerability settings and click Save.

Make these settings: 1) Be sure to provide text for the Impact and Solution fields (these appear in vulnerability details in reports), and 2) In the OVAL section, paste in XML for an OVAL vulnerability definition. Show me samples

What happens next? We'll validate the OVAL XML and then the new vulnerability will be added to the KnowledgeBase. We'll automatically assign it a unique QID starting at 130000. Subsequent QIDs are incremented by one, as in 130001, 130002, 130003, etc.

Configure a Windows authentication recordConfigure a Windows authentication record

Windows host authentication is required for scanning OVAL vulnerabilities. Be sure you have a Windows authentication record for the hosts you want to scan. If not, go to Scans > Authentication and configure one now. Learn more

Configure scan settingsConfigure scan settings

In your option profile: 1) enable Windows authentication, and 2) add a custom search list under Vulnerability Detections as described below.

To scan all OVAL vulnerabilities: add a search list that has QID 105186, and select the check box "OVAL checks" in the Include section.

To scan select OVAL vulnerabilities: add a search list that has the specific OVAL QIDs you want to test plus QID 105186.

Tell me about QID 105186Tell me about QID 105186

QID 105186 "Errors During Execution of User-Provided Detections" is a diagnostic QID that will provide important information about OVAL detections like errors reported and will help you if OVAL detection fails.

Can I use the Complete option?Can I use the Complete option?

Yes you can use this option along with the "OVAL checks" option to scan for all OVAL vulnerabilities but QID 105186 will not be included in the scan. This is why we suggest you use search lists.

 

I'm ready to start my scan. What are the steps?

Go to VM/VMDR > Scans and select New > Scan (or Schedule Scan). Enter your scan settings and click Launch. Be sure to select the option profile you just configured.

 

Still have questions?

What about the scan results?What about the scan results?

OVAL vulnerabilities appear in scan results just like any other vulnerability. You'll notice CVSS Base and Temporal scores for an OVAL vulnerability are displayed with vulnerability details in reports.

Can I create an OVAL scan report?Can I create an OVAL scan report?

Yes you can easily create a report showing your OVAL vulnerabilities: 1) Create a vulnerability search list including the OVAL QIDs as well as the diagnostic QID 105186, 2) Add the search list to a scan report template, and 3) Run the scan template.