STIG Viewing Tools Dashboard is one such tool. This dashboard aggregates systems at an overview level before leading users through specific compliance details. Cybersecurity can present numerous complex puzzles and formidable threats; as security professionals we possess an arsenal of tools available to us for use against such attacks.
Vulnerability Browser
Utilizing the Vulnerability Browser, you can access a table of vulnerabilities found on a target machine. Each row displays detailed information for a vulnerability found, including identification details, fix test, discussion topic and check text fields as applicable. In addition, date range selection provides insight into changes over time for any given vulnerability.
This table can be filtered by system, target machine, STIG and status. The target health score displayed here is calculated based on compliance data for selected targets; while selecting one of the rows displays how their status has evolved over the selected time frame.
When you select a specific STIG in the Vulnerability Browser, you can import its checklist file from Edit Checklists dashboard and use this data to display all available vulnerabilities meeting that STIG’s criteria as well as its status on target machines.
Click any column heading in the Vulnerability Browser to sort results according to its value, making it easy to quickly identify and examine details about particular vulnerabilities or to locate top-ranked vulnerabilities on a target machine.
The STIG Viewer is a free tool available through DoD Public Cyber Exchange website that operates like any web browser and allows you to open any STIG’s XCCDF formatted content, useful for reviewing system compliance posture. Although not as powerful as SCAP Checker (also found here), it still may prove beneficial in helping determine your system’s compliance status.
To use the STIG Viewer, first select a system in the Targets dashboard, then click on the STIG Viewer icon in the upper-left corner of your screen. This will launch a new tab displaying its user interface; its contents will include any checklist files imported for that system and the individual findings that have been identified during your review, such as expanding Vulnerability tables or taking steps to Verify Findings on Target Machine sections. You can progressively review them within this STIG Viewer tab until all have been reviewed individually reviewed within its pages!
Vulnerability Display
The Vulnerability Display is an extremely helpful tool, providing you with an overview of vulnerabilities within your network that are your responsibility. Use it to assess compliance posture and follow up on non-compliant systems until they have been fixed; find it in the Tools tab of STIG Viewer; this tool may not provide as comprehensive a picture as using a vulnerability scanner but still helps determine which vulnerabilities need immediate attention.
STIG (Security Technical Implementation Guide) is a set of configuration standards designed to assist in the security of any product. They offer an approach for protecting protocols on networks, servers, computers, hardware and logical designs while decreasing vulnerabilities present in computer systems.
Download a STIG from the DoD Public Cyber Exchange website in either XML format or as part of a zip bundle with additional files for implementation such as OVAL and XCCDF templates. When your STIG arrives, import it into your STIG Viewer to begin reading it.
Once an imported STIG has been successfully imported into Splunk, select it from the STIG Explorer to display its vulnerabilities in a separate tab of the STIG Viewer. A table listing these vulnerabilities for that STIG along with their statuses are presented under its Vulnerability Display table; Status column displays how new data has ingested into Splunk; while its Status_Override field allows you to assign custom status values; this value will then be applied across your app and exported from Splunk.
If the scan results for a vulnerability are mixed (green, red and grey), a half green/half red indicator appears in the Vulnerability Display to indicate that some tests passed, yet there remain vulnerabilities that need addressing. Clicking Update in that column opens an Update Vulnerability modal where you can make necessary changes.
The Vulnerability Display presents information about each identified vulnerability, such as its Impact and Proof of Exploitation. The STIG Viewer also provides you with a list of remedial actions you can take to minimize or prevent exploitation; some require installing software patches; while others simply involve changing passwords or setting alarms.
Checklist Browser
If you want to view a specific checklist, the Checklist Browser is where to go. Simply choose from its menu of checklists, and the browser will open with an overview of vulnerabilities covered by that particular checklist.
If you want to limit the number of vulnerabilities displayed, your browser provides filters to assist. For instance, if you only wish to review Category I rules, using filters will help narrow the display.
Additionally, the Browser displays a table at the bottom of the screen that lists all vulnerabilities found on your system, with each vulnerability listed according to status, severity and source. This table can help quickly assess what needs to be done to address each vulnerability found.
The browser offers an easy-to-use search bar that makes finding vulnerabilities or STIGs within its window swift and efficient, which can be especially beneficial when working through large lists.
Once you’ve identified a specific vulnerability, modifying its status can be simple and straightforward. For example, if reviewing CAT I vulnerabilities and decide to change them to CAT III status simply click on each vulnerability in question and select from the drop-down menu to make your selection. Add any notes regarding rationale.
Checklist Editor allows you to easily create and modify custom checklists. Once created, save it for reuse later; either create it from scratch or import one from an external source such as XCCDF or OVAL files.
Traditional methods for unifying technical/machine data produced by endpoint scans with human/documented information documented by security/IA personnel required a great deal of manual effort, however SteelCloud’s ConfigOS automation makes the task simpler by automating this tedious manual work by automatically importing checklist data into eMASS.
Checklist Display
Checklists are used to track and document progress against set of requirements. When selected, five expandable menus become accessible.
Overview – Provides a pie chart which graphically represents the status of competencies (passed, not passed, and yet assessed). This view can be updated as more data becomes available.
Questions – Contain questions for each step in the checklist, designed with Question Types such as Text, Date, Number, Dropdown and Multiple Choice. Users can answer these questions either by choosing one of their answer choices from within a drop-down or typing their response directly; by default they’re set up with “None”, but you can change this setting and display other results instead.
Detailed Checklist View – Gives an in-depth view of a checklist file’s contents, filterable by system, target machine, STIG and severity or status or severity. Each row in the Detailed Checklist View gives information for that specific checklist file selected such as description, host address, time of last import and how many instances of missing Comments or Missing Fix Text have occurred since last import.
Co-Planners – This section lists any managers or verifiers added to a checklist who are authorized. In addition, any attachments associated with that checklist will also be listed here if it repeats in future instances of itself.
Checklist Progress – Displays a progress bar which indicates what percentage of the checklist has been completed, followed by numeric percentage completion for all competencies (passed, not passed or unassessed). Progress bars are calculated based on competency validation rather than individual skill validation.
Clicking Update Checklist when viewing a vulnerability on the Vulnerability Display dashboard will ensure that its current state on target machines is reflected in the resultant checklist, while any missing data will also be captured.
Checklists can be exported in xml format for use in other applications, and then reimported at any time – you can even import an entire collection at once!