Making Security Measurable › OVAL › OVAL Repository Forum

Oval Interpreter - -e option

5 messages

Sridhar Chebrolu, TLS-Chennai

Oval Interpreter - -e option

Reply Threaded

Some javascript/style in this post has been disabled (why?)

Hello,

I have two queries of ‘-e’ option usage in oval interpreter. ( -e <string> = evaluate the specified list of definitions. Supply definition ids as a comma separated list like: oval:com.example:def:123)

1. Even after giving specific policies to be evaluated oval interpreter gathers data about all available objects. Is it expected behavior?

2. I am trying to evaluate only specific policies (oval:org.mitre.oval:def:5524,oval:org.mitre.oval:def:6334) however in case of vulnerability class, it evaluates many more policies and skips some.

Thanks,

Sridhar

DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. 
It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in 
this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. 
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of 
this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have 
received this email in error please delete it and notify the sender immediately. Before opening any mail and 
attachments please check them for viruses and defect.

-----------------------------------------------------------------------------------------------------------------------

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

Danny Haynes

Re: Oval Interpreter - -e option

Reply Threaded

Some javascript/style in this post has been disabled (why?)

Hi Sridhar,

Yes, it is the expected behavior to collect all of the objects even though you only specified particular definitions. Also, the reason that additional definitions are evaluated is because the definitions that you specified with the '-e' option contain extend_definition constructs which reference other definitions. In order to successfully evaluate the definitions that you specified, the definitions referenced in the extend_definition constructs will also need to be evaluated. Please let me know if you have any other questions.

Thanks,

Danny

From: Sridhar Chebrolu, ERS-HCLTech [[hidden email]]
Sent: Friday, November 06, 2009 8:20 AM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] Oval Interpreter - -e option

Hello,

1. Even after giving specific policies to be evaluated oval interpreter gathers data about all available objects. Is it expected behavior?

2. I am trying to evaluate only specific policies (oval:org.mitre.oval:def:5524,oval:org.mitre.oval:def:6334) however in case of vulnerability class, it evaluates many more policies and skips some.

Thanks,

Sridhar

DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. 
It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in 
this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. 
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of 
this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have 
received this email in error please delete it and notify the sender immediately. Before opening any mail and 
attachments please check them for viruses and defect.

-----------------------------------------------------------------------------------------------------------------------

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

Sridhar Chebrolu, TLS-Chennai

Re: Oval Interpreter - -e option

Reply Threaded

Some javascript/style in this post has been disabled (why?)

Dan,

Thanks for quick response. That really helps.

1. Which option is optimal: Use extend_definition or directly using test?

2. Does object collection depend on network connectivity. I observed this activity being completed quicker when network connection is disabled than when it is enabled.

Thanks,

Sridhar

From: Haynes, Dan [mailto:[hidden email]]
Sent: Friday, November 06, 2009 11:34 PM
To: [hidden email]
Subject: Re: [OVAL-DISCUSSION-LIST] Oval Interpreter - -e option

Hi Sridhar,

Thanks,

Danny

Hello,

1. Even after giving specific policies to be evaluated oval interpreter gathers data about all available objects. Is it expected behavior?

2. I am trying to evaluate only specific policies (oval:org.mitre.oval:def:5524,oval:org.mitre.oval:def:6334) however in case of vulnerability class, it evaluates many more policies and skips some.

Thanks,

Sridhar

DISCLAIMER:

-----------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.

It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in

this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates.

Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of

this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have

received this email in error please delete it and notify the sender immediately. Before opening any mail and

attachments please check them for viruses and defect.

-----------------------------------------------------------------------------------------------------------------------

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

bakerj

Re: Oval Interpreter - -e option

Reply Threaded

Some javascript/style in this post has been disabled (why?)

We tend to recommend creating inventory definitions and then referencing them through the extend_definition element for logical groups of tests like:

- Is the applicable os installed

- Is the applicable application installed

The OVAL Interpreter uses standard windows API’s when running through the data collection process. Some of these api’s will try to connect to the domain server if the system is online and in a domain.

Jon

============================================

Jonathan O. Baker

G022 - IA Industry Collaboration

The MITRE Corporation

Email: [hidden email]

From: Sridhar Chebrolu, ERS-HCLTech [mailto:[hidden email]]
Sent: Monday, November 09, 2009 12:21 AM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: Re: [OVAL-DISCUSSION-LIST] Oval Interpreter - -e option

Dan,

Thanks for quick response. That really helps.

1. Which option is optimal: Use extend_definition or directly using test?

2. Does object collection depend on network connectivity. I observed this activity being completed quicker when network connection is disabled than when it is enabled.

Thanks,

Sridhar

From: Haynes, Dan [mailto:[hidden email]]
Sent: Friday, November 06, 2009 11:34 PM
To: [hidden email]
Subject: Re: [OVAL-DISCUSSION-LIST] Oval Interpreter - -e option

Hi Sridhar,

Thanks,

Danny

Hello,

1. Even after giving specific policies to be evaluated oval interpreter gathers data about all available objects. Is it expected behavior?

2. I am trying to evaluate only specific policies (oval:org.mitre.oval:def:5524,oval:org.mitre.oval:def:6334) however in case of vulnerability class, it evaluates many more policies and skips some.

Thanks,

Sridhar

DISCLAIMER:

-----------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.

It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in

this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates.

Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of

this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have

received this email in error please delete it and notify the sender immediately. Before opening any mail and

attachments please check them for viruses and defect.

-----------------------------------------------------------------------------------------------------------------------

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

Sridhar Chebrolu, TLS-Chennai

Re: Oval Interpreter - -e option

Reply Threaded

Some javascript/style in this post has been disabled (why?)

Thanks Jon.

Sridhar

From: Baker, Jon [mailto:[hidden email]]
Sent: Tuesday, November 10, 2009 6:02 PM
To: [hidden email]
Subject: Re: [OVAL-DISCUSSION-LIST] Oval Interpreter - -e option

We tend to recommend creating inventory definitions and then referencing them through the extend_definition element for logical groups of tests like:

- Is the applicable os installed

- Is the applicable application installed

Jon

============================================

Jonathan O. Baker

G022 - IA Industry Collaboration

The MITRE Corporation

Email: [hidden email]

Dan,

Thanks for quick response. That really helps.

1. Which option is optimal: Use extend_definition or directly using test?

2. Does object collection depend on network connectivity. I observed this activity being completed quicker when network connection is disabled than when it is enabled.

Thanks,

Sridhar

From: Haynes, Dan [mailto:[hidden email]]
Sent: Friday, November 06, 2009 11:34 PM
To: [hidden email]
Subject: Re: [OVAL-DISCUSSION-LIST] Oval Interpreter - -e option

Hi Sridhar,

Thanks,

Danny

Hello,

1. Even after giving specific policies to be evaluated oval interpreter gathers data about all available objects. Is it expected behavior?

2. I am trying to evaluate only specific policies (oval:org.mitre.oval:def:5524,oval:org.mitre.oval:def:6334) however in case of vulnerability class, it evaluates many more policies and skips some.

Thanks,

Sridhar

DISCLAIMER:

-----------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.

It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in

this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates.

Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of

this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have

received this email in error please delete it and notify the sender immediately. Before opening any mail and

attachments please check them for viruses and defect.

-----------------------------------------------------------------------------------------------------------------------

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].