Hi
I'm a little confused re the NIST files for Security Profile view that uses core_el_security_posture.xsl. I have downloaded the CVE files for each year from https://nvd.nist.gov/vuln/data-feeds but I can only get one file to be read at a time. How do I configure the page to use all the CVE files? I cannot seem to find a tutorial.
Many thanks
NIST CVE file for Security Profile View
Hi Ben
Sorry, you have to do them one by one for now. We are looking at removing the need for this step by pulling from the NIST API, we've done a PoC and got it working but there are some potential limitations we're looking at. Unfortunately we have no date for release for this yet.
John
Sorry, you have to do them one by one for now. We are looking at removing the need for this step by pulling from the NIST API, we've done a PoC and got it working but there are some potential limitations we're looking at. Unfortunately we have no date for release for this yet.
John
-
ben.ralph.nmc
- Posts: 31
- Joined: 11 Apr 2022, 11:50
Hi John
That would be a great update. Let me know if you want us to pilot/test the new view.
Regards
Ben
That would be a great update. Let me know if you want us to pilot/test the new view.
Regards
Ben
-
ben.ralph.nmc
- Posts: 31
- Joined: 11 Apr 2022, 11:50
Hi John
Have the Developers managed to interface with the NIST API? This would be really helpful.
I've also notice that Version slot in the Technology Product must be defined (see attached) however, I cannot see the Version slot in the protege UI and it's not included in the meta model - https://enterprise-architecture.org/doc ... oduct.html
Many thanks
Ben
Have the Developers managed to interface with the NIST API? This would be really helpful.
I've also notice that Version slot in the Technology Product must be defined (see attached) however, I cannot see the Version slot in the protege UI and it's not included in the meta model - https://enterprise-architecture.org/doc ... oduct.html
Many thanks
Ben
You do not have the required permissions to view the files attached to this post.
Hi Ben,
We're looking to drop the files as very early beta (labs) in 6.18, currently in UAT. It has limitations, which is when it calls the NIST API, NIST throttle it to one request every 6 seconds (so with lots of tech prods it is a leave it and let it run at the moment). We're looking to address that, but it is lower down the priority list for the developers at the moment. For this reason, it won't be set-up in the repository or the baseline, but we'll provide instructions on how to do it, if you are willing to accept the limitations.
In summary, the first version will be helpful, but a little slow (we decided it was better to help people who are willing to accept that for now than delay it)
John
We're looking to drop the files as very early beta (labs) in 6.18, currently in UAT. It has limitations, which is when it calls the NIST API, NIST throttle it to one request every 6 seconds (so with lots of tech prods it is a leave it and let it run at the moment). We're looking to address that, but it is lower down the priority list for the developers at the moment. For this reason, it won't be set-up in the repository or the baseline, but we'll provide instructions on how to do it, if you are willing to accept the limitations.
In summary, the first version will be helpful, but a little slow (we decided it was better to help people who are willing to accept that for now than delay it)
John
-
ben.ralph.nmc
- Posts: 31
- Joined: 11 Apr 2022, 11:50
Hi John
I'm willing to accept the limitations because it will be really helpful as we improve our security posture. Let me know how I can an early adopter.
Thanks
Ben
I'm willing to accept the limitations because it will be really helpful as we improve our security posture. Let me know how I can an early adopter.
Thanks
Ben
Yes, no problem. Sorry, I forgot to answer your question re version, I suspect it is hidden. To unhide it.
1) In Protege (I'm assuming you are using OS), go to Project > Configure and click the FormsTab checkbox, a new tab will appear. Close the pop-up box.
2) Go to the Technology_Product class and click on the forms tab
3) Above the class tree you will see a small magnifying glass with two small lines beneath it. Click that.
4) In the window scroll down to technology_product_version and it will probably say <none>. click the none and make that a TextFieldWidget. It will now appear at the bottom of the page (drag it where you want it)
5) Switch back to the instances tab and you can now use the field
1) In Protege (I'm assuming you are using OS), go to Project > Configure and click the FormsTab checkbox, a new tab will appear. Close the pop-up box.
2) Go to the Technology_Product class and click on the forms tab
3) Above the class tree you will see a small magnifying glass with two small lines beneath it. Click that.
4) In the window scroll down to technology_product_version and it will probably say <none>. click the none and make that a TextFieldWidget. It will now appear at the bottom of the page (drag it where you want it)
5) Switch back to the instances tab and you can now use the field
You do not have the required permissions to view the files attached to this post.
Sorry for the delay, this is in the 6.18 release in a labs folder and is early beta. You will need to be on at least 6.16 to use these views.
The file has instructions, the import spec and the report set up (look in View Library > Support)
Big caveats:
1) Do your NIST product ID import first
2) Open the manager and let it run, it takes 6 secs per product due to the NIST API throttling, so if there are lots of products it will take a while. The API occasionally fails, check the console if it seems to have hung
3) It's really targeted at smaller organisations for now - if you have lots of technology products then we suggest you don't use this for now.
4) The NIST API structure has changed a couple of times, so we needed to update the code, if it stops working then drop us a note here and we'll take a look.
NOTE: This was a side of desk project, and we've parked development on this for now. We're looking at a more efficient way of managing this - allowing batch calls, but there are cost implications on us to do that and some dev is needed too - it's on the stack but not a priority at the moment.
We will support this in Labs and make some changes, we've had some ideas already, but please provide any you have
The file has instructions, the import spec and the report set up (look in View Library > Support)
Big caveats:
1) Do your NIST product ID import first
2) Open the manager and let it run, it takes 6 secs per product due to the NIST API throttling, so if there are lots of products it will take a while. The API occasionally fails, check the console if it seems to have hung
3) It's really targeted at smaller organisations for now - if you have lots of technology products then we suggest you don't use this for now.
4) The NIST API structure has changed a couple of times, so we needed to update the code, if it stops working then drop us a note here and we'll take a look.
NOTE: This was a side of desk project, and we've parked development on this for now. We're looking at a more efficient way of managing this - allowing batch calls, but there are cost implications on us to do that and some dev is needed too - it's on the stack but not a priority at the moment.
We will support this in Labs and make some changes, we've had some ideas already, but please provide any you have
You do not have the required permissions to view the files attached to this post.
-
ben.ralph.nmc
- Posts: 31
- Joined: 11 Apr 2022, 11:50
Hi John
I finally got some time to try this. It's working perfectly thank you!!
I finally got some time to try this. It's working perfectly thank you!!
