Oval Repository and vDNA Update

Yeah, it’s done! We have finally added to our website / Services and vDNA API full Oval Definitions information. You can now browse definitions (Inventory, Vulnerability, Compliance, Patch..) directly on our Website, access on a machine way with our vDNA API and read the definition while browsing an Alert or a Product !

After some works, you can now access to a full Oval Repository here. We use an api to provide you all information and you can search, sort and see definitions.

You can also access to a definition directly here by using this link

https://www.security-database.com/ovalid.php?detail=REPLACE_BY_OVALDEFINITIONS.

We only provide on the search page, "definitions", but we manage all objects, class, definitions, states. For example, on a vulnerability, you can browse all associated patch, states recursively...

With this repository, we can now provide better information for Alerts and Products (CPE). For example, on this Alert CVE-2010-0436 you will see "oval:org.mitre.oval:def:9999" (Vulnerabity) and be able to fully understand (we hope) this definition.

And for a product (Ex : Oracle JRE you will see all associated definitions (Vulnerabilities), but not a full description.

We have also extended our vDNA API with vDNAOvalID (Doc here) that is Free to try with the Free subscription). This API produce full Oval definitions (For a vulnerabity, you will have the vulnerability definition with all inventory, patch, states, objects...).

Of course, we also have modified vDNA API for Alerts, that now produce only Oval Vulnerabilities.

Also, we would like to thanks Mitre and Oval Team, Matt, Dan and David that have help us to really understand the Oval Definitions !

For those how love specifications, we browse, check, insert or update the oval.xml (80Mb+ File) in less than 5 minutes on our server (130.000 Oval Definitions, Objects, States, Tests, and more that 300.000 Crosslinks). It could take a little bit more time (10 minutes) on the first insert. We love that !

A note to members : For the actual Security-Database Oval Repository (available here), we are monitoring it to see how you use it. We think it will be replaced by our new repository (no calendar). Let us know if you don’t want to evolve ;).

Hope you will love this work !


Comments

Related Articles

Documentations
OVAL
vDNA