Scanning OVAL Vulnerabilities

Open Vulnerability and Assessment Language (OVAL) is an international information security community baseline standard, designed to check for the presence of vulnerabilities and configuration issues on computer systems. Want to learn more? Visit http://oval.mitre.org/

OVAL versions 4.0, 4.1 and 4.2 are supported.

We support the OVAL Definition Schema and the Platform Schema for Windows. These schemas define the structure and vocabulary of the OVAL vulnerability definitions.

Only Windows is supported for OVAL based checks. Specifically the wrt test type (Windows Registry test), wft test type (Windows File tests) and cmp test type (Compound test) tests are supported.

Go to VM/VMDR > KnowledgeBase and select New > OVAL Vulnerability. Enter the OVAL vulnerability settings and click Save.

Make these settings: 1) Be sure to provide text for the Impact and Solution fields (these appear in vulnerability details in reports), and 2) In the OVAL section, paste in XML for an OVAL vulnerability definition. Show me samples

What happens next? We'll validate the OVAL XML and then the new vulnerability will be added to the KnowledgeBase. We'll automatically assign it a unique QID starting at 130000. Subsequent QIDs are incremented by one, as in 130001, 130002, 130003, etc.

Windows host authentication is required for scanning OVAL vulnerabilities. Be sure you have a Windows authentication record for the hosts you want to scan. If not, go to Scans > Authentication and configure one now. Learn more

In your option profile: 1) enable Windows authentication, and 2) add a custom search list under Vulnerability Detections as described below.

To scan all OVAL vulnerabilities: add a search list that has QID 105186, and select the check box "OVAL checks" in the Include section.

To scan select OVAL vulnerabilities: add a search list that has the specific OVAL QIDs you want to test plus QID 105186.

Tell me about QID 105186

Can I use the Complete option?

OVAL vulnerabilities appear in scan results just like any other vulnerability. You'll notice CVSS Base and Temporal scores for an OVAL vulnerability are displayed with vulnerability details in reports.

Yes you can easily create a report showing your OVAL vulnerabilities: 1) Create a vulnerability search list including the OVAL QIDs as well as the diagnostic QID 105186, 2) Add the search list to a scan report template, and 3) Run the scan template.