Vulnerability Scan Results in XML



Similar documents
Vulnerability Scan Results in XML

Qualys API V1. User Guide. Version 8.6

Managing Qualys Scanners

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

Vulnerability Scans Remote Support 15.1

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

Qualys Scanning for PCI Devices University of Minnesota

Tenable for CyberArk

Security and Compliance Suite

GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3. May 1, 2008

Security and Compliance Suite Evaluator s Guide. August 11, 2015

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

Qualys PC/SCAP Auditor

Policy Compliance. Getting Started Guide. January 22, 2016

Qualys API. Network Support Qualys Version 8.2

EFFECTIVE VULNERABILITY SCANNING DEMYSTIFYING SCANNER OUTPUT DATA

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Security and Compliance Suite Rollout Guide. August 4, 2015

Web Application Firewall

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

Payment Card Industry (PCI) Executive Report 08/04/2014

How To Use Qqsguard At The University Of Minneapolis

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

QualysGuard Asset Management

PCI Compliance. Network Scanning. Getting Started Guide

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

Secret Server Qualys Integration Guide

Qualys API Release Notes

IT Security & Compliance. On Time. On Budget. On Demand.

Assets, Groups & Networks

Payment Card Industry (PCI) Executive Report 10/27/2015

User s Guide. Skybox Risk Control Revision: 11

UBIqube: guide de démarrage. UBIqube : starter guide. Setting up a vulnerability assessment profile. April / 7

rating of 5 out 5 stars

Network Detective. Network Detective Inspector RapidFire Tools, Inc. All rights reserved Ver 3D

Configuration Information

McAfee Vulnerability Manager 7.0.2

Microsoft Baseline Security Analyzer (MBSA)

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

How To Use A Policy Auditor (Macafee) To Check For Security Issues

Dynamic DNS How-To Guide

IBM Security QRadar SIEM Version (MR1) Tuning Guide

Sophos XG Firewall v Release Notes. Sophos XG Firewall Reports Guide v

Advanced Event Viewer Manual

Review: McAfee Vulnerability Manager

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

The BELNET Vulnerability Scanner. TF-CSIRT Sept 2008, Vienna

Security Content Automation Protocol for Governance, Risk, Compliance, and Audit

Installing and Configuring Nessus by Nitesh Dhanjani

IBM Security QRadar Version Vulnerability Assessment Configuration Guide IBM

PayPal PRO Sandbox Testing

Information Security Office

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

Qualys API Limits. July 10, Overview. API Control Settings. Implementation

GFI White Paper PCI-DSS compliance and GFI Software products

Using the QualysGuard Ticket Notification Engine (TNE) to Integrate with Remedy Ticketing Systems (v1.0)

Web Application Vulnerability Testing with Nessus

Payment Card Industry (PCI) Data Security Standard

Firewalls and Software Updates

My FreeScan Vulnerabilities Report

Product Guide. McAfee Vulnerability Manager 7.5

An Oracle Technical White Paper January How to Configure the Trend Micro IWSA Virus Scanner for the Oracle ZFS Storage Appliance

April 11, (Revision 2)

Management, Logging and Troubleshooting

1 Scope of Assessment

NETWRIX EVENT LOG MANAGER

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

ASV Scan Report Attestation of Scan Compliance

Running a Default Vulnerability Scan SAINTcorporation.com

Extreme Networks Security Vulnerability Assessment Configuration Guide

Citrix Receiver for Mobile Devices Troubleshooting Guide

Symantec Security Information Manager 4.5 Reporting Guide

AppSentry Application and Database Security Auditing

Vulnerability Scan. January 6, 2015

CRYPTUS DIPLOMA IN IT SECURITY

How To Protect Your Cloud Computing Resources From Attack

Criticial Need for Stronger Network Security. QualysGuard SaaS-based Vulnerability Management for Stronger Security and Verification of Compliance

Payment Card Industry (PCI) Executive Report. Pukka Software

WildFire Cloud File Analysis

Cyber Security Scan Report

Configuration Information

Setting Up Scan to SMB on TaskALFA series MFP s.

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

WildFire Cloud File Analysis

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

User Management Guide

enicq 5 System Administrator s Guide

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

How To Set Up A Xerox Econcierge Powered By Xerx Account

Introduction to Directory Services

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

Netwrix Auditor for Windows Server

Discovery Guide. Secret Server. Table of Contents

Easy CramBible Lab DEMO ONLY VERSION Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0

IBM. Vulnerability scanning and best practices

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

Transcription:

Vulnerability Scan Results in XML Vulnerability scan results may be downloaded in XML format from the scan history list. The vulnerability scan results in XML format contains the same content as the vulnerability scan results in other supported formats (PDF, HTML, MHT and CSV). The scan results report includes summary and host-based results. The report summary in the header section provides summary information about the scan, including the user who requested the scan, the time when the scan was initiated, the target hosts, and how long the scan took to complete. Host-based results include detailed information on vulnerabilities detected for each scanned host. The service associates the scan-1.dtd with vulnerability scan results XML output. The scan-1.dtd describes the markup declarations for the report elements (element types, attribute lists, entities, and notations). This DTD can be found at the API Server URL appropriate for your account location. Account Location US Platform EU Platform @Customer Platform API Server URL https://qualysapi.qualys.com/scan-1.dtd https://qualysapi.qualys.eu/scan-1.dtd https://qualysapi.<customerbaseurl/scan-1.dtd DTD for Vulnerability Scan Results A recent scan-1.dtd is shown below. <!-- QUALYS SCAN DTD -- <!ELEMENT SCAN ((HEADER ERROR IP)+) <!ATTLIST SCAN value CDATA #REQUIRED <!ELEMENT ERROR <!ATTLIST ERROR number CDATA #IMPLIED <!-- INFORMATION ABOUT THE SCAN -- <!ELEMENT HEADER (KEY+, ASSET_GROUPS?, OPTION_PROFILE?) <!ELEMENT KEY <!ATTLIST KEY value CDATA #IMPLIED <!-- NAME of the asset group with the TYPE attribute with possible values of (DEFAULT EXTERNAL ISCANNER) -- <!ELEMENT ASSET_GROUP (ASSET_GROUP_TITLE) <!ELEMENT ASSET_GROUPS (ASSET_GROUP+) <!ELEMENT ASSET_GROUP_TITLE <!ELEMENT OPTION_PROFILE (OPTION_PROFILE_TITLE) <!ELEMENT OPTION_PROFILE_TITLE <!ATTLIST OPTION_PROFILE_TITLE option_profile_default CDATA #IMPLIED <!-- IP -- <!ELEMENT IP (OS?, OS_CPE?, NETBIOS_HOSTNAME?, INFOS?, SERVICES?, VULNS?, PRACTICES?) <!ATTLIST IP value CDATA #REQUIRED name CDATA #IMPLIED status CDATA #IMPLIED <!ELEMENT OS <!ELEMENT OS_CPE Vulnerability Scan Results in XML 1

<!ELEMENT NETBIOS_HOSTNAME <!-- CATEGORIES OF INFO, SERVICE, VULN or PRACTICE -- <!ELEMENT CAT (INFO+ SERVICE+ VULN+ PRACTICE+) <!ATTLIST CAT value CDATA #REQUIRED fqdn CDATA #IMPLIED port CDATA #IMPLIED protocol CDATA #IMPLIED misc CDATA #IMPLIED <!-- IP INFORMATIONS -- <!ELEMENT INFOS (CAT)+ <!ELEMENT INFO (TITLE, LAST_UPDATE?, PCI_FLAG, VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?, DIAGNOSIS?, CONSEQUENCE?, SOLUTION?, COMPLIANCE?, CORRELATION?, RESULT?) <!ATTLIST INFO severity CDATA #IMPLIED standard-severity CDATA #IMPLIED number CDATA #IMPLIED <!-- MAP OF SERVICES -- <!ELEMENT SERVICES (CAT)+ <!ELEMENT SERVICE (TITLE, LAST_UPDATE?, PCI_FLAG, VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?, DIAGNOSIS?, CONSEQUENCE?, SOLUTION?, COMPLIANCE?, CORRELATION?, RESULT?) <!ATTLIST SERVICE severity CDATA #REQUIRED standard-severity CDATA #IMPLIED number CDATA #IMPLIED <!-- VULNERABILITIES -- <!ELEMENT VULNS (CAT)+ <!ELEMENT VULN (TITLE, LAST_UPDATE?, CVSS_BASE?, CVSS_TEMPORAL?, PCI_FLAG, VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?, DIAGNOSIS?, CONSEQUENCE?, SOLUTION?, COMPLIANCE?, CORRELATION?, RESULT?) <!-- number is Qualys numeric ID -- <!-- cveid is the CVE identification code (if any) -- <!-- severity is Qualys severity level 1 to 5 (possibly customized) -- <!-- standard-severity is the original Qualys severity level 1 to 5 if it has been customized by the user -- <!ATTLIST VULN number CDATA #REQUIRED cveid CDATA #IMPLIED severity CDATA #REQUIRED standard-severity CDATA #IMPLIED <!-- Required Element -- <!ELEMENT TITLE <!-- Optional Elements -- <!ELEMENT LAST_UPDATE <!ELEMENT CVSS_BASE <!ATTLIST CVSS_BASE source CDATA #IMPLIED <!ELEMENT CVSS_TEMPORAL <!ELEMENT PCI_FLAG <!ELEMENT VENDOR_REFERENCE_LIST (VENDOR_REFERENCE+) Vulnerability Scan Results in XML 2

<!ELEMENT VENDOR_REFERENCE (ID,URL) <!ELEMENT ID <!ELEMENT URL <!ELEMENT CVE_ID_LIST (CVE_ID+) <!ELEMENT CVE_ID (ID,URL) <!ELEMENT BUGTRAQ_ID_LIST (BUGTRAQ_ID+) <!ELEMENT BUGTRAQ_ID (ID,URL) <!ELEMENT DIAGNOSIS <!ELEMENT CONSEQUENCE <!ELEMENT SOLUTION <!ELEMENT COMPLIANCE (COMPLIANCE_INFO+) <!ELEMENT COMPLIANCE_INFO (COMPLIANCE_TYPE, COMPLIANCE_SECTION, COMPLIANCE_DESCRIPTION) <!ELEMENT COMPLIANCE_TYPE <!ELEMENT COMPLIANCE_SECTION <!ELEMENT COMPLIANCE_DESCRIPTION <!ELEMENT CORRELATION (EXPLOITABILITY?,MALWARE?) <!ELEMENT EXPLOITABILITY (EXPLT_SRC)+ <!ELEMENT EXPLT_SRC (SRC_NAME, EXPLT_LIST) <!ELEMENT SRC_NAME <!ELEMENT EXPLT_LIST (EXPLT)+ <!ELEMENT EXPLT (REF, DESC, LINK?) <!ELEMENT REF <!ELEMENT DESC <!ELEMENT LINK <!ELEMENT MALWARE (MW_SRC)+ <!ELEMENT MW_SRC (SRC_NAME, MW_LIST) <!ELEMENT MW_LIST (MW_INFO)+ <!ELEMENT MW_INFO (MW_ID, MW_TYPE?, MW_PLATFORM?, MW_ALIAS?, MW_RATING?, MW_LINK?) <!ELEMENT MW_ID <!ELEMENT MW_TYPE <!ELEMENT MW_PLATFORM <!ELEMENT MW_ALIAS <!ELEMENT MW_RATING <!ELEMENT MW_LINK <!-- if format is set to "table" -- <!-- tab '\t' is the col separator -- <!-- and new line '\n' is the end of row -- <!ELEMENT RESULT <!ATTLIST RESULT format CDATA #IMPLIED <!-- SECURITY TIPS -- <!ELEMENT PRACTICES (CAT+) <!ELEMENT PRACTICE (TITLE, LAST_UPDATE?, CVSS_BASE?, CVSS_TEMPORAL?, PCI_FLAG, VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?, DIAGNOSIS?, CONSEQUENCE?, SOLUTION?, COMPLIANCE?, CORRELATION?, RESULT?) <!ATTLIST PRACTICE number CDATA #REQUIRED cveid CDATA #IMPLIED severity CDATA #REQUIRED standard-severity CDATA #IMPLIED <!-- EOF -- Vulnerability Scan Results in XML 3

s for Vulnerability Scan Results This section describes the s in the XML scan results, which includes several sections. Header Information HEADER and IP Elements /SCAN /SCAN/HEADER /SCAN/HEADER/KEY element specification / notes ((HEADER ERROR IP)+) value is required and is the reference number for the scan (KEY+, ASSET_GROUPS?, OPTION_PROFILE?) value is implied and, if present, will be one of the following: USERNAME... The QualysGuard user login name for the user that initiated the scan request. COMPANY... The company associated with the QualysGuard user. DATE... The date when the scan was started. The date appears in YYYY-MM-DDTHH:MM:SSZ format (in UTC/GMT) like this: "2002-06-08T16:30:15Z" TITLE... A descriptive title. When the user specifies a title for the scan request, the user-supplied title appears. When unspecified, a standard title is assigned. TARGET... The target host(s). DURATION... The time it took to complete the scan. SCAN_HOST... The host name of the host that processed the scan. NBHOST_ALIVE... The number of hosts found to be alive. NBHOST_TOTAL... The total number of hosts. REPORT_TYPE... The report type: API for an on-demand scan request launched from the API, On-demand for an on-demand scan launched from the QualysGuard user interface, and Scheduled for a scheduled task. OPTIONS... The options settings in the options profile that was applied to the scan. Note the options information provided may be incomplete. DEFAULT_SCANNER.. The value 1 indicates that the default scanner was enabled for the scan. ISCANNER_NAME... The scanner appliance name or external (for external scanner) used for the scan. /SCAN/HEADER/KEY STATUS... The job status reported for the scan. FINISHED is returned when the scan completed and there were vulnerabilities found. NOVULNSFOUND is returned when the scan completed and no vulnerabilities were found. CANCELED is returned when the scan was canceled. NOHOSTALIVE is returned when the scan completed and the target hosts were down (not alive). PAUSED is returned when a scan was paused. INTERRUPTED is returned when the scan was interrupted and did not complete. /SCAN/ERROR attribute: number number is implied and, if present, is an error code /SCAN/HEADER/ASSET_GROUPS (ASSET_GROUP+) /SCAN/HEADER/ASSET_GROUPS/ASSET_GROUP (ASSET_GROUP_TITLE) /SCAN/HEADER/ASSET_GROUPS/ASSET_GROUP/ASSET_GROUP_TITLE The title of an asset group that was included in the scan target. Vulnerability Scan Results in XML 4

HEADER and IP Elements (continued) /SCAN/HEADER/OPTION_PROFILE (OPTION_PROFILE_TITLE) /SCAN/HEADER/OPTION_PROFILE/OPTION_PROFILE_TITLE The title of the option profile, as defined in the QualysGuard user interface, that was applied to the scan. attribute: option_profile_default /SCAN/IP attribute: name attribute: status element specification / notes option_profile_default is implied and, if present, is a code that specifies whether the option profile was defined as the default option profile in the user account. A value of 1 is returned when this option profile is the default. A value of 0 is returned when this option profile is not the default. (OS?, OS_CPE?, NETBIOS_HOSTNAME?, INFOS?, SERVICES?, VULNS?, PRACTICES?) value is required and is an IP address name is implied and, if present, is an Internet DNS host name status is implied and, if present, will be one of the following: down...the host was down (appears in live scan results only). Finish...The scan finished (appears in live scan results only). no vuln...no vulnerabilities were found on the host (appears in saved scan reports and live scan results). Note: The down or Finish element appears online in live scan results only, the results returned directly from the scanner. These elements are not present in saved scan reports, retrieved using the scan_report.php function. /SCAN/IP/OS The operating system name detected on the host. /SCAN/IP/OS_CPE The OS CPE name assigned to the operating system detected on the host. (The OS CPE name appears only when the OS CPE feature is enabled for the subscription, and an authenticated scan was run on this host after enabling this feature.) /SCAN/IP/NETBIOS_HOSTNAME The NetBIOS host name, when available. Information Gathered Information gathered vulnerabilities are grouped under the <INFOS element. INFOS Element /SCAN/IP/INFOS /SCAN/IP/INFOS/CAT attribute: fqdn attribute: port attribute: protocol attribute: misc element specification / notes (CAT)+ (INFO+) Note: When CAT is a child of INFOS, it can only contain INFO elements. value is required and will be one vulnerability category name fqdn is implied and, if present, is the fully qualified Internet host name port is implied and, if present, is the port number the information gathered was detected on protocol is implied and, if present, is the protocol used to detect the information gathered, such as TCP or UDP misc is implied and, if present, will be over ssl, indicating the information gathered was detected using SSL Vulnerability Scan Results in XML 5

Services Services vulnerabilities are grouped under the <SERVICES element. SERVICES Element /SCAN/IP/SERVICES /SCAN/IP/SERVICES/CAT attribute: fqdn attribute: port attribute: protocol attribute: misc element specification / notes (CAT)+ (SERVICE+) Note: When CAT is a child of SERVICES, it can only contain SERVICE elements. value is required and will be one vulnerability category name fqdn is implied and, if present, is the fully qualified Internet host name port is implied and, if present, is the port number the service was detected on protocol is implied and, if present, is the protocol used to detect the service, such as TCP or UDP misc is implied and, if present, will contain over ssl, indicating the service was detected using SSL Confirmed Vulnerabilities Confirmed vulnerabilities are grouped under the <VULNS element. VULNS Element /SCAN/IP/VULNS /SCAN/IP/VULNS/CAT attribute: fqdn attribute: port attribute: protocol attribute: misc (CAT)+ (VULN+) Note: When CAT is a child of VULNS, it can only contain VULN elements. value is required and will be one vulnerability category name fqdn is implied and, if present, is the fully qualified Internet host name port is implied and, if present, is the port number the confirmed vulnerability was detected on protocol is implied and, if present, is the protocol used to detect the confirmed vulnerability, such as TCP or UDP misc is implied and, if present, will contain over ssl, indicating the confirmed vulnerability was detected using SSL Potential Vulnerabilities Potential vulnerabilities are grouped under the <PRACTICES element. PRACTICES Element /SCAN/IP/PRACTICES /SCAN/IP/PRACTICES/CAT attribute: fqdn attribute: port attribute: protocol attribute: misc (CAT)+ (PRACTICE+) Note: When CAT is a child of PRACTICES, it can only contain PRACTICE elements. A practice is a potential vulnerability. value is required and will be one vulnerability category name fqdn is implied and, if present, is the fully qualified Internet host name port is implied and, if present, is the port number the potential vulnerability was detected on protocol is implied and, if present, is the protocol used to detect the potential vulnerability, such as TCP or UDP misc is implied and, if present, will contain over ssl, indicating the potential vulnerability was detected using SSL Vulnerability Scan Results in XML 6

Vulnerability Details Vulnerability details are provided for each detected vulnerability using the vulnerability elements. The details for each vulnerability instance appear under grouping and category elements: confirmed vulnerability (VULNS/CAT/VULN), potential vulnerability (PRACTICES/CAT/PRACTICE), information gathered (INFOS/CAT/INFO), and service (SERVICES/CAT/SERVICE). Vulnerability Elements /SCAN/IP/vulnerability_elements/CAT/vulnerability_element (TITLE, LAST_UPDATE, CVSS_BASE?, CVSS_TEMPORAL?, PCI_FLAG, VENDOR_REFERENCE_LIST?, BUGTRAQ_ID_LIST?, CVE_ID_LIST, DIAGNOSIS?, CONSEQUENCE?, SOLUTION?, COMPLIANCE?, CORRELATION?, RESULT?) The vulnerability element, where the variable vulnerability_elements represents a vulnerability element grouping: VULNS for confirmed vulnerabilities, PRACTICES for potential vulnerabilities, INFOS for information gathered, or SERVICES for services. The variable vulnerability_element represents a vulnerability element for a single vulnerability instance: VULN for confirmed vulnerability, PRACTICE for potential vulnerability, INFO for information gathered, or SERVICE for service. attribute: number number is required and is the Qualys ID number assigned to the vulnerability attribute: cveid cveid is implied and, if present, is the CVE ID (name) for the vulnerability attribute: severity severity is required and is the severity level assigned to the vulnerability, an integer between 1 and 5 attribute: standard-severity standard-severity is implied and, if present, is the standard severity level assigned to the vulnerability by QualysGuard, an integer between 1 and 5 /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/TITLE The title of the vulnerability, from the QualysGuard KnowledgeBase. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/LAST_UPDATE The date and time when the vulnerability was last updated in the QualysGuard KnowledgeBase, in YYYY-MM-DDTHH:MM:SSZ format (UTC/GMT). /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CVSS_BASE The CVSS base score assigned to the vulnerability. attribute: source Note: This attribute is never present in XML output for this release. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CVSS_TEMPORAL The CVSS temporal score assigned to the vulnerability. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/PCI_FLAG A flag indicating whether this vulnerability must be fixed to pass a PCI compliance scan. This information helps users to determine whether the vulnerability must be fixed to meet PCI compliance goals, without having to run additional PCI compliance scans. The value 1 is returned when the vulnerability must be fixed to pass PCI compliance; the value 0 is returned when the vulnerability does not need to be fixed to pass PCI compliance. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/DIAGNOSIS A description of the threat posed by the vulnerability, from the QualysGuard KnowledgeBase. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CONSEQUENCE A description of the impact, or consequences, that may occur if the vulnerability is successfully exploited, from the QualysGuard KnowledgeBase. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/SOLUTION A verified solution to fix the vulnerability, from the QualysGuard KnowledgeBase. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/COMPLIANCE (COMPLIANCE_INFO+) /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/COMPLIANCE/COMPLIANCE_INFO (COMPLIANCE_TYPE, COMPLIANCE_SECTION, COMPLIANCE_DESCRIPTION) Vulnerability Scan Results in XML 7

Vulnerability Elements (continued) /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/COMPLIANCE/COMPLIANCE_INFO/COMPLIANCE_TYPE The type of a compliance policy or regulation that is associated with the vulnerability. A valid value is: -HIPAA (Health Insurance Portability and Accountability Act) -GLBA (Gramm-Leach-Bliley Act) -CobIT (Control Objectives for Information and related Technology -SOX (Sarbanes-Oxley Act) /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/COMPLIANCE/COMPLIANCE_INFO/COMPLIANCE_SECTION The section of a compliance policy or regulation associated with the vulnerability. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/COMPLIANCE/COMPLIANCE_INFO/COMPLIANCE_DESCRIPTION The description of a compliance policy or regulation associated with the vulnerability. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION (EXPLOITABILITY?,MALWARE?) /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/EXPLOITABILITY (EXPLT_SRC)+ /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/EXPLOITABILITY/EXPLT_SRC (SRC_NAME, EXPLT_LIST) /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/EXPLOITABILITY/EXPLT_SRC/SRC_NAME The name of the third party vendor or publicly available source of the exploitability information. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/EXPLOITABILITY/EXPLT_SRC/EXPLT_LIST (EXPLT)+ /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/EXPLOITABILITY/EXPLT_SRC/EXPLT_LIST/ EXPLT (REF, DESC, LINK?) /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/EXPLOITABILITY/EXPLT_SRC/EXPLT_LIST/ EXPLT/REF The CVE reference for the exploitability information. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/EXPLOITABILITY/EXPLT_SRC/EXPLT_LIST/ EXPLT/DESC The description provided by the source of the exploitability information (third party vendor or publicly available source). /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/EXPLOITABILITY/EXPLT_SRC/EXPLT_LIST/ EXPLT/LINK A link to the exploit, when available. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/MALWARE (MW_SRC)+ /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/MALWARE/MW_SRC (SRC_NAME, MW_LIST) /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/MALWARE/MW_SRC/SRC_NAME The name of the source of the malware information: Trend Micro. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/MALWARE/MW_SRC/MW_LIST (MW_INFO)+ /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CORRELATION/MALWARE/MW_SRC/MW_LIST/MW_INFO (MW_ID, MW_TYPE?, MW_PLATFORM?, MW_ALIAS?, MW_RATING?, MW_LINK?) Vulnerability Scan Results in XML 8

Vulnerability Elements (continued) MW_ID The malware name/id assigned by Trend Micro. MW_TYPE The type of malware, such as Backdoor, Virus, Worm or Trojan. MW_PLATFORM A list of the platforms that may be affected by the malware. MW_ALIAS A list of other names used by different vendors and/or publicly available sources to refer to the same threat. MW_RATING The overall risk rating as determined by Trend Micro: Low, Medium or High. MW_LINK A link to malware details. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/RESULT Specific scan test results for the vulnerability, from the host assessment data. attribute: format format is implied and, if present, will be table to indicate that the results are a table that has columns separated by tabulation characters and rows separated by new-line characters /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/VENDOR_REFERENCE_LIST (VENDOR_REFERENCE+) /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/VENDOR_REFERENCE_LIST/VENDOR_REFERENCE (ID, URL) The name of a vendor reference, and the URL to this vendor reference. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/reference_list/reference/ID The name of a vendor reference, CVE name, or Bugtraq ID. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/reference_list/reference/URL The URL to the vendor reference, CVE name, or Bugtraq ID. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CVE_ID_LIST (CVE_ID+) /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/CVE_ID_LIST/CVE_ID (ID, URL) A CVE name assigned to the vulnerability, and the URL to this CVE name. CVE (Common Vulnerabilities and Exposures) is a list of common names for publicly known vulnerabilities and exposures. Through open and collaborative discussions, the CVE Editorial Board determines which vulnerabilities or exposures are included in CVE. If the CVE name starts with CAN (candidate) then it is under consideration for entry into CVE. /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/BUGTRAQ_LIST (BUGTRAQ_ID+) /SCAN/IP/vulnerability_elements/CAT/vulnerability_element/BUGTRAQ_LIST/BUGTRAQ_ID (ID, URL) A Bugtraq ID assigned to the vulnerability, and the URL to this Bugtraq ID. Vulnerability Scan Results in XML 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information