After some feedback from the Bandolier alpha release, we are now preparing for a beta release that will include audit files for Telvent and Siemens plus two additional systems. Part of that release will include the online documentation for each application check.

The documentation adds value by helping the asset owner understand the context of the check and provides information on validation and remediation where it is applicable. We are able to include a URL that links directly to the the appropriate page for each one using the “info” field made available through the Nessus policy compliance plugins. Here’s what it looks like in the audit file:

<custom_item>
type: FILE_CONTENT_CHECK
description: “b11008: Determine if permissions are set correctly for the OASyS DNA RealTime Server (bobjAcknowledge)”
info: “http://www.digitalbond.com/index.php/research/bandolier/b11008″
value_type: POLICY_TEXT
value_data: “c:\program files\Telvent\config\BLT\Realtime.txt”
regex: “bobjAcknowledge.*”
expect: “bobjAcknowledge, DNA Permission – Control_SCADA”
</item>

The documentation pages are Digital Bond subscriber content but we have removed that requirement for a couple of them so non-subscribers can see some examples. Here is the link that you see in the authorization check above. And here is one that documents a “supporting application” check, in this case an Apache parameter on a Siemens Spectrum Power TG Web Host.

Because writing the documentation requires a lot of manual review, it has proven to be a great internal QA process. That, combined with vendor feedback on some of the checks, should help us deliver a quality set of audit files for the beta release so stay tuned.