OSCAP OVAL Finding Parsing

Background

The OpenSCAP scan performs a security check on the versions installed of some packages using OVAL definitions. If there are packages that are out of date, the CCE identifier is the same for each package that is found to be out of date. There is an accompanying XML file from Red Hat where the failure can be tracked back to which piece of software is out of date and the related CVEs. If we were to parse this XML file to pull out the CVE IDs, and use these as the identifiers for the OpenSCAP findings, adding justifications to the VAT would be easier to manage.

AC

• Write script to parse Red Hat XML file
• Pull CVE ID from XML and use this in place of the CCE ID for OVAL findings