openscap filters
I would like to know if it is possible to generate an openscap's report that includes only the security critical patches.
The report generated with:
$ oscap oval eval --verbose INFO --verbose-log-file=output.log --results rhsa-results-oval.xml --report oval-report.html Red_Hat_Enterprise_Linux_6.xml
Is quite good, but I would like to filter the report based on the severity field.
Any thoughts?
Thanks.
Responses
Red Hat
Community Member
69 points
Hello Carlo,
my colleague made a feature request for the needed customization of reports: https://github.com/OpenSCAP/openscap/issues/438
You can edit the XML file with OVAL definitions (Red_Hat_Enterprise_Linux_6.xml in your example) and customize the report this way.
Have a nice day, --Mirek
I suggest using the source datastreams instead of plain OVAL files. The HTML report you can generate from the datastreams is interactive and you can filter the results based on various criteria, including grouping them by severity.
$ wget https://www.redhat.com/security/data/metrics/ds/com.redhat.rhsa-RHEL6.ds.xml
$ oscap xccdf eval --verbose INFO --verbose-log-file=output.log --results-arf rhsa-results-arf.xml --report sds-report.html com.redhat.rhsa-RHEL6.ds.xml
Read more about HTML report group-by feature at http://www.jan-cerny.cz/2015/07/29/group-by-feature-in-openscap-report/
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.