Import and Update SCAP (XML)

Updated Dec 21, 2023

Import and Update SCAP (XML)

You can import an existing SCAP (XML) Benchmark into Slang with the Slang Authoring Toolkit. For example, you can:

These sample procedures use Windows 10 STIG as the sample SCAP. You can import your own SCAP as well.

Before you begin

Steps

  1. Download and import SCAP.
  2. Update the project-wide settings.
  3. Adjust rules.
  4. Export Slang to SCAP (XML).

Step 1: Download and import SCAP

  1. Navigate to the SCAP. If you do not already have the SCAP on your machine, download it.

    For example, download the Microsoft Windows 10 STIG Benchmark from the list of SCAP-formatted STIGs on the Department of Defense (DoD) Cyber Exchange.

  2. Open Visual Studio Code (VS Code) and a terminal.

  3. In the terminal, run this command to import the STIG and create a new Slang project:

    slang import <filepath> <project_name>

Step 2: Update the project-wide settings

  1. In VS Code, select File > Open Folder, and then navigate to ~/Slang/<project_name>.
  2. Open the project.slang file.
  3. Edit the title and description to indicate that this is your version of the STIG.
  4. Edit the id_namespace to a valid reverse-DNS style string associated with you or your organization. Use letters, numbers, periods, hyphens only.
  5. Click Save.

Step 3: Adjust the project rules

Add a rule to a project

  1. In VS Code, create a folder, and then name it based on the rule.

  2. Create a file, and then name it <rule_id>.slang.

  3. In the <rule_id>.slang file, add the rule content.

    For example:

    Rule:
        title: The system must be configured to audit DPAPI Activity failures.
        checks: 
          - windows.audit_policy.subcategory:
            dpapi_activity: failure only 
  4. Click Save.

Remove a rule from a project

There are two ways that you can remove a rule from a project. Based on your needs, do one of these actions:

Customize a rule

  1. In VS Code, open the <rule_id>.slang file.
  2. Edit Title as applicable.
  3. Delete any irrelevant tags.
  4. Edit the description.
  5. Edit the check:
    1. Remove the imported OVAL check from common.oval.
    2. Enter windows. to see a list of suggested checks.
    3. Select an option.
  6. Edit the audit policy:
    1. Select windows.audit_policy.subcategory.
    2. Press Ctrl+Space to see suggestions.
    3. Select an option.
  7. Edit the validation:
    1. Select credential_validation.

    2. Press Ctrl+Space to see suggestions.

    3. Select an option.

      For example, the success and failure option updates the checks section to:

      checks:
        -  windows.audit_policy.subcategory:
           credential_validation: success and failure
  8. Save the file.

Step 4: Export Slang to SCAP (XML)

  1. In a terminal, press Ctrl+`, and then run this command to export your Slang project to SCAP (XML):

    slang export <project_name> <project_name>.xml

    A new folder named exported_scap appears in your project. The folder contains the XML file.

    Tip: If you have access to a Windows 10 scan target and have completed Test a Slang project, run this command to export and test your project using the profile created:

    lang export <project_name> <project_name>.xml --scan_config <config_name> --profile profile.<profile_name>.slang

    When you review the results, look for your DPAPI rule. Filter to NOT SELECTED and the rule that was removed in Remove a rule from a project appears.

See also