I separately emailed Martin this same question. He was kind enough to send me a link so sharing here.
The below link provides an example of using OpenSCAP to consume RedHat data on vulnerabilities in RedHat Linux. http://www.open-scap.org/page/Documentation#How_to_run_vulnerability_scan_on_Red_Hat_Enterprise_Linux This may seem terribly obvious to experienced Scappers, but it is only obvious once you see it. I know this because some colleagues some colleagues of mine need to do a "vulnerability scan" for a government client and were looking at Nessus because they thought OpenSCAP was just for checking configuration. It took me a bit, too, to make the connection. Looking for more examples and documentation as this would be a useful thread for us newbies... Greg Elin On Sun, Mar 22, 2015 at 6:40 AM, Greg Elin <[email protected]> wrote: > To date, I've used OpenSCAP to check the configuration of Unix operating > systems against government baselines. > > But I assume OpenSCAP can consume any SCAP content including daily CVE > feeds? I have not tried that yet. And superficial searching did not reveal > any obvious documentation. > > Does anyone know of a good example that would get a person started with > using OpenSCAP to consume CVE feeds? Any recommendations of freely > available feeds? > > Thanks! > > Greg Elin >
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
