Open Vulnerability and Assessment Language

The McAfee Hercules Remediation Manager product is available via channel partners and directly from McAfee, Inc.

McAfee Hercules Remediation Manager customers can find OVAL information in the Hercules Vulnerability Remedy data, in the context and on-line help as well as in the product documentation.

Within the Help functionality of the Remediation Manager Console and the product documentation, it states McAfee Hercules Remediation Manager provides support for OVAL 4.0 or later schema. The image below shows a section of the Hercules User's Guide indicating the OVAL Schema version supported.

Additionally, the McAfee V-Flash service is an automated delivery mechanism connecting Hercules customers to the V-Flash server. The V-Flash Server houses the library of vulnerability remedies and policies. Hercules customer sites are updated with new remediations and policy data electronically through this service.

Notifications are included in the V-Flash notification messages indicating the date the OVAL content was last updated. The snippet below is a sample of what is depicted at the end of each V-Flash notification message.

Notes:

This V-Flash uses CVE information from CVE Reference Version 20061101.
The CVE Candidate information was last updated 12/5/2006.
For additional information on the CVE process, see http://cve.mitre.org

This V-Flash uses OVAL content which was last updated 12/5/2006.
For additional information on OVAL, see http://oval.mitre.org

If the problem is an OVAL content issue, the correction will be made within the next business day and made available to customers via the McAfee V-Flash service. If the problem is with the importer software itself we will work with the submitter to understand why they think they have discovered a problem with the software. If an error is encountered we will work to provide an expedient resolution to the issue.

The Hercules User Guide and Hercules Vulnerability Assessment and Remediation Overview both reference the OVAL capabilities of the product. These documents are provided as a part of the response to this questionnaire. They are included with the product for customer usage. It is also included in the context sensitive Help as is shown below.

Currently, Hercules has been tested with the Core, Red Hat Linux, Sun Solaris and Microsoft Windows Definition Schemas. Supporting additional platforms is a data issue at this point. The current importer should be able to support the other specified platform schemas. We will be able to support additional Definition Schemas as they are published and data to test with becomes available.

The Hercules User Guide and Hercules Vulnerability Assessment and Remediation Overview both reference the OVAL capabilities of the product. These documents are provided as a part of the response to this questionnaire. They are included with the Hercules product for customer use.

Customers can also use the Third Party ID Search capabilities of the product to locate a remediation associated with a specific or set of OVAL IDs.

If a specific OVAL ID is entered, the remediation associated with the OVAL ID is selected. The user can then browse the remedy or use it in some other way.

Users can also use other search capabilities to locate sets of remedies corresponding to the search criteria entered. In the example below, simple wildcarding was used.

Keeping OVAL content current is a daily on-going process. The McAfee Avert Labs has dedicated staff members focused on assuring the accuracy and integrity of the data used within the Hercules product line. We have implemented an automated process that pulls down the OVAL content files each day for all platforms available from the MITRE site. The new information is merged into our database each time the process runs. Since we are Certified CVE Compatible, we auto-associate new OVAL checks to the appropriate remediation using the CVE ID as the key. New and updated OVAL content not auto-associated are manually reviewed to assure coverage and accuracy from a Hercules product perspective.

As new officially recognized OVAL repositories are established, McAfee will add automated support for those sites in the same manner as is done for the MITRE OVAL Repository today.

When new OVAL Schemas are released, McAfee will be matching the OVAL release schedule for minor releases so new schemas are supported immediately. For major releases we will have newly supported OVAL importers available in the next release. This is due to testing and integrating with existing product release schedules. We are and plan to continue to be an active part of the OVAL Schema development so we can minimize the time and plan releases to better fit OVAL major release schedules.