Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tenable Nessus Format #6

Open
5 tasks
aj-stein-gsa opened this issue Oct 3, 2024 · 0 comments · May be fixed by #7
Open
5 tasks

Tenable Nessus Format #6

aj-stein-gsa opened this issue Oct 3, 2024 · 0 comments · May be fixed by #7
Assignees
@aj-stein-gsa
Labels
enhancement New feature or request

Comments

@aj-stein-gsa
Copy link
Contributor

User Story

As a developer or engineer writing or integrating Metaschema-aware software, in order to better cross-reference and analyze data vulnerability data from relevant software, systems, or services, I would like an information model for processing the Tenable Nessus XML format.

Goals

  • Allow validation, analysis and cross-reference of vulnerability data in Tenable data instances (specifically in the .nessus XML format by Tenable)
  • Allow cross-reference analysis and validation with Nessus XML vulnerability data (target model instances) to a source model instance, preferably OSCAL

Dependencies

N/A

Acceptance Criteria

  • All website and readme documentation affected by the changes in this issue have been updated.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
  • The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

Revisions

No response
@aj-stein-gsa aj-stein-gsa added the enhancement New feature or request label Oct 3, 2024
@aj-stein-gsa aj-stein-gsa self-assigned this Oct 4, 2024
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 4, 2024
@aj-stein-gsa
[skip ci] Add README for Nessus module for metaschema-framework#6
bf8ae6a
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 4, 2024
@aj-stein-gsa
Set up Nessus module with model metadata for metaschema-framework#6
ad6b275
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 4, 2024
@aj-stein-gsa
Add root assembly to Nessus model for metaschema-framework#6
1cf28f2
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 4, 2024
@aj-stein-gsa
Start Policy assembly for Nessus module in metaschema-framework#6
45e09c5
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 4, 2024
@aj-stein-gsa
Set up Report assembly for Nessus model in metaschema-framework#6
b4c809c
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 4, 2024
@aj-stein-gsa
Add policy and report to Nessus model root for metaschema-framework#6
4709f69
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 4, 2024
@aj-stein-gsa
Correct Report name from field to flag for metaschema-framework#6
ace12d6 
A weird modeling choice, but ok, that is how the XML model diverges in
the upstream Tenable Nessus docs.
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 4, 2024
@aj-stein-gsa
Add policyComments field to Nessus model for metaschema-framework#6
9c96bc3
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 4, 2024
@aj-stein-gsa
Add Nessus preferences assembly hierarchy for metaschema-framework#6
9a92433
@aj-stein-gsa aj-stein-gsa linked a pull request Oct 4, 2024 that will close this issue
Draft
8 tasks
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 5, 2024
@aj-stein-gsa
Plugin and ServerPrefs not the same for metaschema-framework#6
749479c 
It turns out that PluginPreferences and ServerPreferences do not have
the same structure internally with preferences, so we need to stop with
the generalization.
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 5, 2024
@aj-stein-gsa
Correct PluginPrefs internal structure for metaschema-framework#6
3d72ba8 
Properly add the "preferences" assembly and embed it into the item
assembly like the docs require for PluginPreferences.
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 5, 2024
@aj-stein-gsa
Add FamilyItem for metaschema-framework#6
dd4ab23
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 5, 2024
@aj-stein-gsa
Add PluginItem to Nessus model for metaschema-framework#6
5dbee16
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 5, 2024
@aj-stein-gsa
Hook up Preferences to Policy assembly for metaschema-framework#6
fcbd07d
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 5, 2024
@aj-stein-gsa
Properly nest Policy in Policies for metaschema-framework#6
ee3b3c0
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 5, 2024
@aj-stein-gsa
Add PluginSelection to Nessus model for metaschema-framework#6
b4eaebd
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 5, 2024
@aj-stein-gsa
Add HostProperties tag to Nessus model for metaschema-framework#6
03c3ba5
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 5, 2024
@aj-stein-gsa
Add ReportItem to Nessus model for metaschema-framework#6
054ee66
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 5, 2024
@aj-stein-gsa
Must add see_also and xref group-as to work for metaschema-framework#6
f642f84 
You need to add the group-as to the definition of these fields because
they can be zero to unbounded cardinality, which means in JSON we need
to be explicit about serializing in the case of 1 .. N elements, even if
not zero. If not, we rightfully get the following exception from the
Metaschema module compiler when executing the command `metaschema-cli
validate-content ...`:

> Caused by: java.lang.IllegalStateException: Unable to derive the property name, due to missing group as name, for 'field-inline-definition:nessus:ReportItem/see_also@235154585'
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 6, 2024
@aj-stein-gsa
Generalize plugin_output to string datatype for metaschema-framework#6
58f0709 
The data as-is in real-world data doesn't use markup as guessed, so we
must consume the data as a long multiline string without markup and only
process it as a string to start.

Error messaging:

[ERROR] cvc-complex-type.2.4.b: The content of element 'plugin_output' is not complete. One of '{"http://www.nessus.org/cm":h1, "http://www.nessus.org/cm":h2, "http://www.nessus.org/cm":h3, "http://www.nessus.org/cm":h4, "http://www.nessus.org/cm":h5, "http://www.nessus.org/cm":h6, "http://www.nessus.org/cm":ul, "http://www.nessus.org/cm":ol, "http://www.nessus.org/cm":pre, "http://www.nessus.org/cm":hr, "http://www.nessus.org/cm":blockquote, "http://www.nessus.org/cm":p, "http://www.nessus.org/cm":table, "http://www.nessus.org/cm":img}' is expected. [file:/home/me/example.xml{2738,17}]
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 6, 2024
@aj-stein-gsa
Datatype plugin_modification_date to string for metaschema-framework#6
634ff5e 
The data as-is in real-world data doesn't use date as guessed, so we
must consume the data as a long multiline string without markup and only
process it as a string to start.

Error messaging:

[ERROR] cvc-type.3.1.3: The value '2011/04/05' of element 'plugin_modification_date' is not valid. [file:/home/me/example.xml{2746,64}]
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 6, 2024
@aj-stein-gsa
Add undocumented fname to ReportItem for metaschema-framework#6
65abd73
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 6, 2024
@aj-stein-gsa
Fix PluginPreferences->PluginsPreferences in metaschema-framework#6
c4d9f85
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 6, 2024
@aj-stein-gsa
Many corrections from Nessus test data for metaschema-framework#6
df9ddd3
aj-stein-gsa added a commit to aj-stein-gsa/metaschema-modules that referenced this issue Oct 6, 2024
@aj-stein-gsa
DefectDojo test fixture to start for Nessus in metaschema-framework#6
1986364
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aj-stein-gsa aj-stein-gsa

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
1 participant
@aj-stein-gsa