Risk Scan Engine Compatibility
Updated Sep 28, 2023Risk Scan Engine compatibility
Arctic Wolf Risk Scan Engine (formerly Joval) has advanced remote-scanning capabilities and broad platform coverage, so you can scan virtually any device on the network, from any other Java-enabled device. This document describes the out-of-the-box support Risk Scan Engine offers for various databases, schema standards, platforms, and content.
Scan target platform support
Risk Scan Engine can scan the following platforms:
- Windows: Windows XP SP3 or newer, Windows Server 2003 SP2 or newer
- Linux: RHEL 5 or newer, Fedora 14 or newer, SUSE Desktop 10 or newer, SUSE Enterprise Server 9 or newer, Ubuntu 8.10 or newer, Debian 6.0 or newer
- Apple: OSX Snow Leopard or newer, iOS 5.1 or newer
- Cisco: IOS 12.2 or newer, IOS-XE 12.2 or newer, ASA 9.0 or newer, NX-OS 7 or newer.
Note: Cisco NX-OS support requires a special license. Contact joval-licensing@arcticwolf.com for more information.
- Juniper JunOS 8.5R1 or newer
- IBM AIX 6.1 or newer, RHEL 6 or newer on System Z
- Oracle Solaris 8 or newer
- Palo Alto Networks PAN-OS 7 or newer.
- HP-UX 11.23 or newer
- FreeBSD 8.4 or newer
- VMWare ESXi 5.0 or newer
Java VM compatibility
Risk Scan Engine versions 6.5 and newer are compatible with any Java virtual machine version 11 and newer. Risk Scan Engine versions older than 6.5 are compatible with any Java virtual machine between version 1.6 and version 16.
Risk Scan Engine drivers
Risk Scan Engine comes with Oracle, jTDS, and PostgreSQL drivers installed.
To add IBM Db2 and MySQL support, download the desired drivers and copy them to the lib/
directory.
Database engine support
Risk Scan Engine supports SQL tests for these database engines, using the associated Java Database Connectivity (JDBC) drivers:
Engine | Version | JDBC Driver |
---|---|---|
DB2 | ≥8.1 | IBM |
MSSQL | Azure, 2005, 2008, 2008 R2, 2012, 2014, 2016, 2017, 2019 | jTDS |
MySQL | ≥4.1 | Connector/J |
Oracle | ≥9.0.1 | Oracle |
PostgreSQL | ≥7.2 | PostgreSQL |
Sybase | 10, 11, 12, 15, 16 | jTDS |
Standards support
Risk Scan Engine supports the following schema versions:
- SCAP (Security Content Automation Protocol) Datastream 1.2 and 1.3
- XCCDF (eXtensible Configuration Checklist Definition Format) 1.2
- OVAL (Open Vulnerability Assessment Language) 5.11.2
- OCIL (Open Checklist Interactive Language) 2.0
- CPE (Common Product Enumeration) 2.3
- ARF (Asset Reporting Format) 1.1
- AI (Asset Information) 1.2
- SCE (Script Check Engine) 1.0
Content support
Risk Scan Engine can use content from many organizations. This section lists the compliance and vulnerability content sources you may wish to use.
Risk Scan Engine has wide adoption and robust schema support. One advantage to the SCAP family of specifications is that there is a significant amount of freely-available content that is written in compatible formats. A continuous monitoring solution that is SCAP-based can leverage these content sources and avoid having to dedicate a team to content creation and migration activities. Most available content addresses the security compliance and known-vulnerability detection use-cases.
Compliance content
These organizations set standards, guidelines, and benchmarks for security compliance that you may want to use with Risk Scan Engine.
-
NIST United States Government Configuration Baseline (USGCB) — NIST maintains the baseline configuration guidance for products commonly used by US Government Federal agencies.
-
Defense Information Systems Agency (DISA) Secure Technical Implementation Guidelines (STIGs) — DISA is the IT department for the US Department of Defense. Its SCAP-based STIGs guide organizations seeking to implement government and industry-mandated compliance policies.
-
NIST National Vulnerability Database (NVD) — This repository indexes security benchmarks from a variety of US-government sources.
-
RedHat SCAP Security Guide (SSG) — RedHat maintains its own security guidelines in SCAP format, particularly for newer versions of RedHat Linux that are not explicitly covered by USGCB.
-
Center for Internet Security Benchmarks (CIS Benchmarks) — The Center for Internet Security (CIS) publishes secure configuration guidelines called benchmarks for a variety of software and operating systems.
-
ALTX-SOFT — ALTX-SOFT is a Russian company that produces SCAP-based content for various regulatory bodies.
-
SecPod — SecPod produces XCCDF compliance benchmarks focused on HPIAA, PCI, NERC and other regulatory and industry frameworks.
Vulnerability content
These organizations host OVAL vulnerability content that you may want to use with Risk Scan Engine.
-
CIS Repository (formerly MITRE) — The original OVAL repository, now hosted by CIS, contains every vulnerability known to the National Vulnerability Database (NVD).
-
Cisco — Publishes OVAL vulnerability content for IOS.
-
RedHat — Hosts an OVAL vulnerability feed for all the Red Hat Package Manager (RPM) software for RedHat Linux.
-
Oracle — Hosts an OVAL vulnerability feed for all the RPM-packaged software for Oracle Enterprise Linux.
-
Ubuntu (Canonical) — Hosts an OVAL vulnerability feed for all Debian software packages available for Ubuntu Linux distributions.
-
Novell — Hosts automatically-generated OVAL vulnerability feeds for supported versions of SUSE Linux distributions.
-
Debian — Hosts automatically-generated OVAL vulnerability feeds for Debian packages.
-
ALTX-SOFT — Contributes to OVAL content in the CIS repository and maintains their own repository of OVAL vulnerability content for registered users.
-
SecPod — Maintains OVAL definitions covering MacOS X vulnerabilities.