Skip to content

Module Functions

Jump to bottom
Ziviz edited this page Apr 4, 2019 · 3 revisions

These are the functions located within the module itself.

Convert-ManualXCCDFToCKL

Converts an XCCDF as downloaded from the DISA stig repository into a blank CKL file. (Similiar to open a STIG with Stig Viewer and saving a blank CKL)

Convert-ManualXCCDFToCKL -XCCDFPath "C:\Data\U_MyApp_Manual.xccdf" -SaveLocation "C:\Data\MyChecklist.ckl"

Export-StigCKL

Saves a loaded CKL file to disk

Export-StigCKL -CKLData $CKLData -Path "C:\CKLs\MyCKL.ckl"

or

Export-StigCKL -CKLData $CKLData -Path "C:\CKLs\MyCKL.ckl" -AddHostData

Get-CKLHostData

Gets the host information from the CKLData (IP, MAC, etc)

Get-CKLHostData -CKLData $CKLData

Get-StigInfoAttribute

Gets a stig info attribute, literally value of a "SI_DATA" under the "STIG_INFO" elements from the XML data of the CKL. This contains general information on the STIG file itself. (Version, Date, Name)

Get-StigInfoAttribute -CKLData $CKLData -Attribute "Version"

Get-StigMetrics

Returns a complex object of metrics on the status of the checks in the specified directory.

Get-StigMetrics -CKLDirectory "C:\CKLS\"

The output object of this function would look like:

#This is an example showing the format of this function's output. This function will display different views of the same data.
@{
   IndividualVulnScores=@(
      [PSCustomObject]@{NotAFinding=1;Open=0;NotReviewed=0;NotApplicable=0;VulnID="V-00000"},
      [PSCustomObject]@{NotAFinding=0;Open=1;NotReviewed=0;NotApplicable=0;VulnID="V-00001"},
      [PSCustomObject]@{NotAFinding=0;Open=0;NotReviewed=0;NotApplicable=1;VulnID="V-00002"}
   );
   CategoryScores=@{
      Cat1=[PSCustomObject]@{Total=200; NotApplicable=50; NotReviewed=50; Open=50; NotAFinding=50;UniqueTotal=200};
      Cat2=[PSCustomObject]@{Total=200; NotApplicable=50; NotReviewed=50; Open=50; NotAFinding=50;UniqueTotal=200};
      Cat3=[PSCustomObject]@{Total=200; NotApplicable=50; NotReviewed=50; Open=50; NotAFinding=50;UniqueTotal=200};
   };
   TotalFindingScores=[PSCustomObject]@{Total=200; NotApplicable=50; NotReviewed=50; Open=50; NotAFinding=50}
}

Get-VulnCheckResult

Gets the status of a single vuln check, or an array of the status of all vuln checks in a CKL

Get-VulnCheckResult -CKLData $CKLData -VulnID "V-11111"

Get-VulnFindingAttribute

Gets a vuln's finding attribute (Status, Comments, Details, etc)

Get-VulnFindingAttribute -CKLData $CKLData -VulnID "V-1111" -Attribute "COMMENTS"

Get-VulnIDs

Returns all VulnIDs contained in the CKL

Get-VulnIDs -CKLData $CKLData

Get-VulnInfoAttribute

Gets a vuln's informational attribute

Get-VulnInfoAttribute -CKLData $CKLData -Attribute "Version"

Get-XCCDFHostData

Gets host info from XCCDF

Get-XCCDFHostData -XCCDF $XCCDFData

Get-XCCDFResults

Returns stig results from an XCCDF file

Get-XCCDFResults -XCCDF (Import-XCCDF -Path C:\XCCDF\Results.xml)

Import-StigCKL

Load a CKL file as an [XML] element. This can then be passed to other functions in this module.

$CKLData = Import-StigCKL -Path "C:\CKLs\MyCKL.ckl"

Import-XCCDF

Load an XCCDF file into a [xml]

$XCCDFData = Import-XCCDF -Path C:\XCCDF\Results.xml

Merge-CKLData

Merges two loaded CKLs, entries in source will overwrite entries in destination.

Merge-CKLData -SourceCKL $OriginalInfo -DestinationCKL $NewCKL

Merge-CKLs

Merges two CKL files and saves it as a new CKL. Largely a wrapper around Merge-CKLData. By default, this does not merge items marked Not_Reviewed. The idea here is if you have a check that will be the same for all checklists of the same type, this can be used to bulk answer those questions. (For example, checks concerning physical security of your datacenter will likely be the same for all checklists for servers that reside in the same datacenter)

Merge-CKLs -DestinationCKLFile "C:\CKLS\Blank.ckl" -DestinationCKLFile "C:\CKLS\Answered.ckl" -SaveFilePath "C:\CKLS\Merged.ckl"

or, to also merge over things marked Not_Reviewed

Merge-CKLs -DestinationCKLFile "C:\CKLS\Blank.ckl" -DestinationCKLFile "C:\CKLS\Answered.ckl" -SaveFilePath "C:\CKLS\Merged.ckl" -IncludeNR

Merge-XCCDFHostDataToCKL

Adds XCCDF host info into a loaded CKL data (IP, Mac, etc)

Merge-XCCDFHostDataToCKL -CKLData $CKLData -XCCDF $XCCDFData

Merge-XCCDFToCKL

Adds XCCDF results into a loaded CKL data (Same as using STIG Viewer to import SCAP results into a manual checklist, but this can be used to do it in bulk)

Merge-XCCDFToCKL -CKLData $CKLData -XCCDF $XCCDFData

Repair-StigCKL

Opens and re-saves a CKL, may fix formatting issues

Repair-StigCKL -Path "C:\CKLs\MyCKL.ckl"

Set-CKLHostData

Sets host data in CKL. If any parameters are blank, they will be set to running machine

Set-CKLHostData -CKLData $CKLData -Host "SomeMachine" -FQDN "SomeMachine.Some.Domain.com" -Mac "00-00-00-..." -IP "127.0.0.1"

or to set to the running host

Set-CKLHostData -CKLData $CKLData

Set-VulnCheckResult

Sets the findings information for a single vuln

Set-VulnCheckResult -CKLData $CKLData -VulnID "V-11111" -Details "Not set correctly" -Comments "Checked by xyz" -Result Open

Set-VulnCheckResultFromRegistry

Sets a vuln status based on a registry check

Set-VulnCheckResultFromRegistry -CKLData $CKLData -RegKeyPath "HKLM:\SOFTWARE\COMPANY\DATA" -RequiredKey "PortStatus" -RequiredValue "Closed" -Comments "Checked by asdf"

Set-VulnFindingAttribute

Sets a vuln's finding attribute (Status, Comments, Details, etc)

Set-VulnFindingAttribute -CKLData $CKLData -VulnID "V-1111" -Attribute "COMMENTS" -Value "This was checked by script"

Get-CheckListInfo

Gets general info from the checklist (Release, Title, Description)

Get-CheckListInfo -CKLData $CKLData

The output object of this function would look like:

[PSObject]@{Title="";Description="";Release="";}

Get-XCCDFInfo

Gets general info from the xccdf (Release, Title, Description)

Get-XCCDFInfo -XCCDF $XCCDFData

The output object of this function would look like:

[PSObject]@{Title="";Description="";Release="";}

Get-XCCDFVulnInformation

Returns an array of the vulns in the xccdf file (ID, Title, Version, Description/VulnDiscussion, FixText, CheckText)

Get-XCCDFVulnInformation -XCCDF $XCCDFData

The output object of this function would look like:

@{ID="";Title="";Version="";Description="";FixText="";CheckText=""}

Get-CKLVulnInformation

OBSOLETE - Use Get-VulnInformation Returns an array of the vulns in the CKL file (ID, Title, Version, Description/VulnDiscussion, FixText, CheckText)

Get-CKLVulnInformation -CKLData $CKLData

The output object of this function would look like:

@{ID="";Title="";Version="";Description="";FixText="";CheckText=""}

Import-CCIList

Imports the CCIList XML from DISA, this list can be downloaded from the DISA IASE page

Import-CCIList -Path "C:\Test\U_CCI_List.xml"

Get-CCIReferences

Gets the references for the specified CCI ID (Generally IA Control Policies)

Get-CCIReferences -CCIData $CCIData -CCIID "CCI-000001"

The output object is in the format of

@(
    [psobject]@{Title; Version; Index; Location; Definition},
    [psobject]@{Title; Version; Index; Location; Definition},
    [psobject]@{Title; Version; Index; Location; Definition}
    #etc, one entry for each reference found and each version of the reference
)

If you need a specific version of the NIST reference, you can filter the result such as, to get NIST revision 4 data

Get-CCIReferences -CCIData $CCIData -CCIID "CCI-000001" | Where-Object -FilterScript {$_.Version -eq 4}

Get-CCIVulnReferences

A wrapper around Get-CCIReferences, Gets the references for the specified CCI IDs associated with the specified VulnID

Get-CCIVulnReferences -CCIData $CCIData -CKLData $CKLData -VulnID "V-11111"

The output object is in the format of

@(
    [psobject]@{Title; Version; Index; Location; Definition},
    [psobject]@{Title; Version; Index; Location; Definition},
    [psobject]@{Title; Version; Index; Location; Definition}
    #etc, one entry for each reference found and each version of the reference
)

If you need a specific version of the NIST reference, you can filter the result such as, to get NIST revision 4 data

Get-CCIVulnReferences -CCIData $CCIData -CKLData $CKLData -VulnID "V-11111" | Where-Object -FilterScript {$_.Version -eq 4}

Get-VulnInformation

Returns an array of the vulns in the CKL file and all it's associated informational properties (Vuln_ID, Rule_ID, CCI_REF etc) Backwards compatible with Get-CKLVulnInformation

Get-VulnInformation -CKLData $CKLData

to remove backwards compatible aliases

Get-VulnInformation -CKLData $CKLData -NoAliases

The output object is in the format of

@(
    [psobject]@{Vuln_Num=""; Rule_Ver=""; <# etc #>},
    [psobject]@{Vuln_Num=""; Rule_Ver=""; <# etc #>},
    [psobject]@{Vuln_Num=""; Rule_Ver=""; <# etc #>}
    #etc, one entry for each vuln in checklist file
)

The properties of the objects returned by this cmdlet are dynamic based on the properties of the vulns in the checklist file, if new properties are added, they will show here. If a property has duplicates (Such as CCI_REF may have), the property on the returned object will be an array of all instances of that property.

This function allows for one to create a filter to find vulns based on their attributes. For example, to find all vulns who have a CCI_REF of "CCI-000001" you can now do

Get-VulnInformation -CKLData $CKLData -NoAliases | Where-Object {$_.CCI_REF -contains "CCI-000001"}

Clone this wiki locally