www.scaprepo.com is a cloud-based SCAP content delivery platform hosted using SecPod SCAP Repo, the first of its kind SCAP content repository. The repository supports natural language based searching, with a web service interface for automated binding to any SCAP based scanner.
The repository hosts SCAP content (OVAL, XCCDF, CVE, CPE, CCE, CWE, CVSS), professionally developed and tested, standards based content for detecting vulnerabilities, missing patches, device compliance, and asset inventory. Future releases will include content for remediation, malware characterization and incident management.
Supports natural language based searching. Search based on SCAP ID, a string in the metadata or intelligent queries. Example queries are listed here.
Allows searching based on each metadata item for accurate search results.
Supports SCAP Feed subscription. Subscribers will be provided with authenticated access to the repo for single-click content download. A web service interface access is also enabled through password less authentication and authorization schemes.
Multiple scanner subscriptions enable subscribers to create different content profiles to assign to the scanners. Each scanner would then download relevant content through the web service interface.
Future enhancements include repository-repository synchronization protocol for supporting organizational content repository deployments for continuous security monitoring.
Supports downloading the subscribed content or downloading search results with or without the related SCAP entities. The download type is either XML or an SCAP data bundle or an SCAP datastream.
View metadata for all SCAP entities. A preview link in the search results page provides a quick way to look at the details. Alternatively, click on the search result to go to the relation page, where SCAP entity relation along with the content metadata is shown for a particular SCAP entity identifier.
Asset identifiers (CPE) are mapped to all other SCAP entities (OVAL, XCCDF, CCE and CVE). You can search for the particular CPE and go to the relation page, where all the vulnerabilities (CVE), configuration checks (CCE), corresponding OVAL definitions and XCCDF based benchmarks are listed. This helps you create an alert and report for an asset or download the entire SCAP content for that asset.
RESTful interfaces provide easy access to the SCAP content for automated integration into any SCAP enabled security solutions.
You can create an RSS based alert for any of the search queries. An alert can be created by clicking on the Alerts link in the results page to save an alert. The saved alert will provide an option to subscribe to the alert using any RSS client.
You can create a chart as well as a CSV downloadable report based on any of the search queries. A report can be viewed by clicking on the Reports link in the results page. A Report can then be downloaded by manipulating the charts. Filters can be applied filters to fine-tune the search query.