Arctic Wolf Risk Scan Engine compatibility

Arctic Wolf® Risk Scan Engine has advanced remote-scanning capabilities and broad platform coverage, so you can scan virtually any device on the network from any other Java-enabled device.

With the Risk Scan Engine, you receive out-of-the-box support for various databases, schema standards, platforms, and content.

Note: This information only applies to Risk Scan Engine. It does not apply to any Managed Risk services. For more information about Managed Risk services, see Managed Risk.

Scan target platform support

Risk Scan Engine can scan these platforms:

  • Windows:
    • Windows XP SP3 or newer
    • Windows Server 2003 SP2 or newer
  • Linux:
    • RHEL 5 or newer
    • Fedora 14 or newer
    • SUSE Desktop 10 or newer
    • SUSE Enterprise Server 9 or newer
    • Ubuntu 8.10 or newer
    • Debian 6.0 or newer
  • Apple:
    • OSX Snow Leopard or newer
    • iOS 5.1 or newer
  • Cisco:
    • IOS 12.2 or newer
    • IOS-XE 12.2 or newer
    • ASA 9.0 or newer
    • NX-OS 7 or newer.
      Note:

      Cisco NX-OS support requires a special license. Contact joval-licensing@arcticwolf.com for more information.

  • Juniper JunOS 8.5R1 or newer
  • IBM AIX 6.1 or newer, RHEL 6 or newer on System Z
  • Oracle Solaris 8 or newer
  • Palo Alto Networks PAN-OS 7 or newer.
  • HP-UX 11.23 or newer
  • FreeBSD 8.4 or newer
  • VMWare ESXi 5.0 or newer

Java VM compatibility

Risk Scan Engine versions 6.5 and newer are compatible with any Java virtual machine (VM) version 11 and newer. Risk Scan Engine versions older than 6.5 are compatible with any Java virtual machine between version 1.6 and version 16.

Arctic Wolf Risk Scan Engine drivers

Risk Scan Engine has Oracle, jTDS, and PostgreSQL drivers installed.

To add IBM Db2 and MySQL support:

  1. Download the required drivers.
  2. Save the drivers in the lib/ directory.

Database engine support

Risk Scan Engine supports SQL tests for these database engines, using the associated Java Database Connectivity (JDBC) drivers:

Engine

Version

JDBC Driver

DB2

≥8.1

IBM

MSSQL

Azure, 2005, 2008, 2008 R2, 2012, 2014, 2016, 2017, 2019

jTDS

MySQL

≥4.1

Connector/J

Oracle

≥9.0.1

Oracle

PostgreSQL

≥7.2

PostgreSQL

Sybase

10, 11, 12, 15, 16

jTDS

Standards support

Risk Scan Engine supports these schema versions:

  • SCAP (Security Content Automation Protocol) Datastream 1.2 and 1.3
  • XCCDF (eXtensible Configuration Checklist Definition Format) 1.2
  • OVAL (Open Vulnerability Assessment Language) 5.11.2
  • OCIL (Open Checklist Interactive Language) 2.0
  • CPE (Common Product Enumeration) 2.3
  • ARF (Asset Reporting Format) 1.1
  • AI (Asset Information) 1.2
  • SCE (Script Check Engine) 1.0

Content support

Risk Scan Engine can use content from many organizations:

Risk Scan Engine has wide adoption and large schema support. The SCAP family of specifications has a lot of freely-available content written in compatible formats. A SCAP-based continuous monitoring solution can leverage these content sources and avoid having to dedicate a team to content creation and migration activities. Most available content addresses the security compliance and known-vulnerability detection use-cases.

Compliance content

These organizations set standards, guidelines, and benchmarks for security compliance that you can use with Risk Scan Engine:

  • NIST United States Government Configuration Baseline (USGCB) — Maintains the baseline configuration guidance for products commonly used by United States (US) Government Federal agencies.
  • Defense Information Systems Agency (DISA) Secure Technical Implementation Guidelines (STIGs) — The IT department for the US Department of Defense. Its SCAP-based STIGs guide organizations that want to implement government and industry-mandated compliance policies.
  • NIST National Vulnerability Database (NVD) — A repository that indexes security benchmarks from a variety of US Government sources.
  • RedHat SCAP Security Guide (SSG) — Maintains its own security guidelines in SCAP format, particularly for newer versions of RedHat Linux that are not explicitly covered by USGCB.
  • Center for Internet Security Benchmarks (CIS Benchmarks) — The Center for Internet Security (CIS) publishes secure configuration guidelines, called benchmarks, for a variety of software and operating systems.
  • ALTX-SOFT — A Russian company that produces SCAP-based content for various regulatory bodies.
  • SecPod — Produces XCCDF compliance benchmarks focused on HIPAA, PCI, NERC, and other regulatory and industry frameworks.
  • Loginsoft — Provides proprietary SCAP OVAL content, and vulnerability and compliance management content including Linux, macOS, Windows, and other third-party software and enterprise devices.

Vulnerability content

These organizations host OVAL vulnerability content that you can use with Risk Scan Engine:

  • CIS Repository (formerly MITRE) — The original OVAL repository, now hosted by CIS, contains every vulnerability known to the National Vulnerability Database (NVD).
  • Cisco — Publishes OVAL vulnerability content for iOS.
  • RedHat — Hosts an OVAL vulnerability feed for all the Red Hat Package Manager (RPM) software for RedHat Linux.
  • Oracle — Hosts an OVAL vulnerability feed for all the RPM-packaged software for Oracle Enterprise Linux.
  • Ubuntu (Canonical) — Hosts an OVAL vulnerability feed for all Debian software packages available for Ubuntu Linux distributions.
  • Novell — Hosts automatically-generated OVAL vulnerability feeds for supported versions of SUSE Linux distributions.
  • Debian — Hosts automatically-generated OVAL vulnerability feeds for Debian packages.
  • ALTX-SOFT — Contributes to OVAL content in the CIS repository and maintains their own repository of OVAL vulnerability content for registered users.
  • SecPod — Maintains OVAL definitions covering MacOS X vulnerabilities.