5 Replies Latest reply on Aug 14, 2019 11:00 AM by Patrick Berrigan

    Scap Job executed but Rules are not checked

    Patrick Berrigan
      Share This:

      I am able to load up relevant SCAP packages into BMC and execute SCAP jobs, they run successfully however none of the rules are checked. I have tried executing the job as the system user as well as my credentialed privileged account but the results are the same.

       

      I have attached the SCAP log from one of the machines

        • 1. Re: Scap Job executed but Rules are not checked
          Christopher Luce

          Hello Patrick.   I noticed this in your logs:
          2019/08/08 15:14:14 ScapLib I   [208] Processing SCAP file (C:/Program Files/BMC Software/Client Management/Client/data/ScapInventory/jobs/1000/package/U_MS_Windows_10_STIG_V1R18_Manual-xccdf.xml)

           

          I pulled down the same STIG and noticed it will only validate with CONFIGURATION as the use case, vs VULNERABILITY_XCCDF_OVAL.

           

          Are you running the STIG with appropriate permissions? Any reason you're not using the V1R15 benchmark instead of the STIG?

           

          I can confirm the V1R15 STIG benchmark is working correctly with the necessary MAC profile settings, where as the V1R18 STIG is showing Not Compliant on test devices and Not Scanned under SCAP rules.

          • 2. Re: Scap Job executed but Rules are not checked
            Steve Gibbs

            Thank you CJ for responding to Patrick...  You both are customers I have worked with and so glad you were able to assist with your expert and very knowledgeable experience with the Compliance SCAP section.  Feel free to offer up solutions like you did here...  Make me very proud!

             

            Actually, I may need to take a lesson or two from you CJ now that you have been in there a while.

            • 3. Re: Scap Job executed but Rules are not checked
              Christopher Luce

              Patrick, I forgot to add this piece until after I made my first reply.  Just as a reminder and hopeful benefit for other's future use:

               

              Benchmarks are used in conjunction with SCAP tools. I.E. BCM, DISA's SCAP Tool, ACAS/NESSUS/TENABLE scanners.  When loaded correctly you will get a compliance score as the tool's directly reference the STIG items for comparison.

               

              STIGs (like your Manual-xccdf) are used as visual references with STIG checklists or viewers only and do not interface with SCAP tools like mentioned above.  You CAN load them into CM as you see, but you will never receive a score as the systems aren't checked against the items for compliance.

              • 4. Re: Scap Job executed but Rules are not checked
                Christopher Luce

                Always a pleasure Steve, learned it all from you young'n!

                • 5. Re: Scap Job executed but Rules are not checked
                  Patrick Berrigan

                  I cant validate any benchmark packages that I currently have which are fairly old.

                  How does it validate the package? Does it reach out to some site for validation or is the process internal to the Master server?

                  Ill download the latest benchmarks and try those. Stay tuned. Thanks for the help.