Nipper Parsers¶ ↑
This part contains all Nipper Studio Plugins/Sections that might be selected during the configuration audit. Each parser is divided in a separate class and file.
General Report Information¶ ↑
General Report Information Contains: - Introduction.….….….….. - Report Conventions.….….…[not yet implemented - PR is welcome] - Network Filtering Actions.….[not yet implemented - PR is welcome] - Object Filter Types.….……[not yet implemented - PR is welcome]
Usage¶ ↑
require 'nipper_parser' nipper_parser = NipperParser::Config.open('network-devices.xml') # - Introduction puts nipper_parser.information.title puts nipper_parser.information.author puts nipper_parser.information.date puts nipper_parser.information.devices # - Report Conventions # - Network Filtering Actions # - Object Filter Types
Security Audit¶ ↑
Perform a “best practice” security audit that combines checks from many different sources including penetration testing experience.
Security Audit Section Contains: - Introduction.….….….….. - Findings.….….….….….. - Conclusions.….….….…… - Recommendations.….….…… - Mitigation Classification.….
Usage¶ ↑
pp security_audit = nipper_parser.security_audit # - Introduction pp security_audit.introduction.class pp security_audit.introduction.title pp security_audit.introduction.date pp security_audit.introduction.security_issue_overview # - Findings pp security_audit.findings finding = security_audit.findings[0] # Play wit a finding pp finding.class pp finding.index pp finding.title pp finding.rating pp finding.ref pp finding.affected_devices pp finding.finding pp finding.impact pp finding.recommendation # - Conclusions pp security_audit.conclusions.class pp security_audit.conclusions.per_device pp security_audit.conclusions.list_critical # - Recommendations pp security_audit.recommendations.list # - Mitigation Classification pp security_audit.mitigation_classification.class pp security_audit.mitigation_classification.list_by.fixing[:involved] pp security_audit.mitigation_classification.list_by.fixing[:involved][0].rating[:rating] pp security_audit.mitigation_classification.list_by.rating[:high] pp security_audit.mitigation_classification.list_by.rating[:high][0].rating[:fix] pp security_audit.mitigation_classification.statistics.class pp security_audit.mitigation_classification.statistics.findings pp security_audit.mitigation_classification.statistics.report
Vulnerability Audit¶ ↑
A report detailing publically known software vulnerabilities in the device firmware/software versions, including to manufacturer and third-party references.
Vulnerability Audit Section Contains: - Introduction.….….….….. - CVEs list.….….….….…. - Conclusions.….….….…… - Recommendations.….….……
Usage¶ ↑
vulnerability_audit = nipper_parser.vulnerability_audit # - Introduction pp vulnerability_audit.class pp vulnerability_audit.introduction pp vulnerability_audit.introduction.excluded_devices # - CVEs cve = vulnerability_audit.cves[0] pp cve.title pp cve.rating pp cve.summary pp cve.affected_devices pp cve.vendor_sec_advisories pp cve.references # - Conclusions pp vulnerability_audit.conclusions.class pp vulnerability_audit.conclusions.list_critical # - Recommendations pp vulnerability_audit.recommendations.list
CIS Benchmarks¶ ↑
A CIS Benchmarks audit using select profile. Note, support is currently limited to specific devices, any included in the report that are not supported will be ignored.
CIS Benchmarks Section Contains: - Introduction.….….….…..[not yet implemented - PR is welcome] - Conclusions.….….….……[not yet implemented - PR is welcome]
Usage¶ ↑
# - Introduction # - Conclusions
STIG Compliance¶ ↑
A DISA STIG compliance audit against specific STIG checklist.
STIG Compliance Section Contains: - Introduction.….….….…..[not yet implemented - PR is welcome] - Compliance Observations list..[not yet implemented - PR is welcome] - Conclusions.….….….……[not yet implemented - PR is welcome] - Recommendations.….….……[not yet implemented - PR is welcome]
Usage¶ ↑
# - Introduction # - Observations # - Conclusions # - Recommendations
SANS Policy Compliance¶ ↑
A SANS policy compliance audit against specific SANS policy document.
SANS Policy Compliance Section Contains: - Introduction.….….….…..[not yet implemented - PR is welcome] - Compliance Observations list..[not yet implemented - PR is welcome]
Usage¶ ↑
# - Introduction # - Observations # - Conclusions # - Recommendations
PCI Audit¶ ↑
An audit of Requirement and Security Assessment Procedures against PCI DSS 3.2.
PCI Audit Section Contains: - Introduction.….….….…..[not yet implemented - PR is welcome] - Compliance Requirements list..[not yet implemented - PR is welcome]
Usage¶ ↑
# - Introduction # - Requirements
Filtering Complexity¶ ↑
A report examining the network filtering rules and objects, highlighting unused objects, overlapping or contradictory rules, group recursion and more.
Filtering Complexity Section Contains: - Introduction.….….….….. - Observations.….….….…..
Usage¶ ↑
# - Introduction filtering = nipper_parser.filtering_complexity pp filtering.title pp filtering.introduction pp filtering.introduction.devices # - Observations observations = filtering.observations puts "Number of observations: #{observations.size}" observation = observations[0] pp observation.title pp observation.index pp observation.ref pp observation.overview pp observation.affected_devices pp observation.affected_devices[0].title pp observation.affected_devices[0].details pp observation.affected_devices[0].details_tables[0].title pp observation.affected_devices[0].details_tables[0].tables
Configuration Report¶ ↑
A detailed report on how the device has been configured.
Configuration Report Section Contains: - Introduction.….….….…..[not yet implemented - PR is welcome] - Devices Config Audit.….…..[not yet implemented - PR is welcome]
Usage¶ ↑
# - Introduction # - Configuration
Raw Configuration¶ ↑
The raw configuration reporting details the actual device configuration data(excluding directory-based configurations).
Raw Configuration Section Contains: - Introduction.….….….…..[not yet implemented - PR is welcome] - Devices configuration raw.….[not yet implemented - PR is welcome]
Usage¶ ↑
# - Introduction # - configuration
Raw Change Tracking¶ ↑
The raw change tracking reporting will detail all the configuration lies that have changes since the previous report.
Raw Change Tracking Section Contains: - Introduction.….….….…..[not yet implemented - PR is welcome]
Usage¶ ↑
# - Introduction
Appendix¶ ↑
Appendix report section which can include a list of abbreviations, references and other information related to the report contents.
Appendix Section Contains: - Introduction.….….….…..[not yet implemented - PR is welcome] - Logging Severity Levels.……[not yet implemented - PR is welcome] - Common Time Zones.….….….[not yet implemented - PR is welcome] - IP Protocols.….….….…..[not yet implemented - PR is welcome] - ICMP Types.….….….….…[not yet implemented - PR is welcome] - Abbreviations.….….….….[not yet implemented - PR is welcome] - Nipper Studio Version.….….[not yet implemented - PR is welcome]
Usage¶ ↑
# - Introduction # - Requirements