Custom Update Server

[godsgood33]

Had the brilliant idea to create our own update server. Basically, here's the process

• Create a couple scripts that would download the reference material from the various services (NIST, DISA, OpenVAS, etc). So once we get it working then it continues to work, and won't stop people from downloading content
• Either store them in file format (STIGs) or in a database table (rest)
• Alter Sagacity update_db.php to download from us using a custom build REST API (helps with issues of them changing the file formats, and we can remove all the extraneous data and files)
• The API would create a custom download for the user depending on what they are asking for
• The API would compile a file, zip it up, and allow the user to download it. Also, gives us the opportunity to compile more than one library into 1 file for much simpler downloading.

The added benefit of doing this is that it allows us to control updates for when we migrate to a professional subscription. We can add a flag for --direct or something similar that will bypass us and download directly from the source.

[godsgood33]

I've gotten a really good beta ready for this. Server-side at least. So right now, you can see it at
http://sagacity-update.cyberperspectives.com/ (cpe | cve | stigs) - to see some basic info about that download. Then you can prepend /download/ to the url (e.g. /download/cpe), to actually download the file.

It will take a little bit to integrate this into Sagacity itself. And then we are going to need to figure out how often we update. I think we should update CPE and CVE's daily. STIGs...probably weekly. Thoughts?

[JeffOdegard]

As long as it's automated, I don't see why that schedule shouldn't work.

…

On Wed, Nov 14, 2018 at 11:06 AM Ryan P ***@***.***> wrote: I've gotten a really good beta ready for this. Server-side at least. So right now, you can see it at http://sagacity-update.cyberperspectives.com/ (cpe | cve | stigs) - to see some basic info about that download. Then you can prepend /download/ to the url (e.g. /download/cpe), to actually download the file. It will take a little bit to integrate this into Sagacity itself. And then we are going to need to figure out how often we update. I think we should update CPE and CVE's daily. STIGs...probably weekly. Thoughts? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#68 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/Aoyyh9LE5UmZYIHdfCI-T1jsYNOTexiYks5uvFuMgaJpZM4YYJN4> .

-- - Jeff

---------------------- Jeff Odegard [email protected] [image: LinkedIn] <https://www.linkedin.com/in/jeffodegard/> [image: Fakebook] <https://www.facebook.com/jeff.odegard.98> [image: YouTube] <https://www.youtube.com/user/OdegardOnline>