Understanding CCS Data Storage
Article ID: 180961
Updated On:
Products
Control Compliance Suite Windows
Issue/Introduction
Resolution
This article contains the following topics:
The following table lists data that is stored in either ADAM or in the database, or both:
|
ADAM
|
o Asset, asset objects, asset reconciliation rules, site, tags
o Predefined/customer standards, sections, checks, algorithms
|
|
Database
|
· Job results
|
|
ADAM and database
|
|
The following tasks will help understanding the objects and their locations:
You can create a query using ADSIEdit. To create a query, do the following:
1. Right click on the DefaultNaming context > New > Query.
2. Specify a name.
3. Select the root by enumerating to Asset system container as follows:
(CN=Asset System,CN=Asset Management,CN=BusinessObjects,O=Symantec)
4. Paste the following query:
(displayname=kanad\ngesx1vm01)
5. Select sub tree option and execute the query.
On query completion, a result is generated.
6. Double-click on the result, a Property dialog is launched.
7. In the dialog box, copy the value that appears under the attribute "CN".
This value is the Asset GUID.
The following table lists the additional values that are present in the dialog box:
|
Value
|
Description
|
|
CN
|
cn: 72875e8c-9a57-4345-b2b1-edf36b60d98e
|
|
Asset GUID
|
objectGUID: b02daf3b-44aa-4c03-a2d5-8b225dee196a;
|
|
ObjectClass
It means that this object is an object of Windows machine. The object is derived from the Asset base.
|
objectClass (4): top; symc-LeafNode; symc-csm-AssetSystem-Asset-AssetBase; symc-csm-AssetSystem-Asset-Wnt-Machine;
|
|
CIA values of set on the asset
|
symc-csm-AssetSystem-Asset-AssetBase-Availability: 0;
symc-csm-AssetSystem-Asset-AssetBase-Confidentiality: 0;
symc-csm-AssetSystem-Asset-AssetBase-Integrity: 0;
|
|
Compliance and risk scores
|
symc-csm-AssetSystem-Asset-AssetBase-EvaluatedComplianceScores: SM:40.68;
symc-csm-AssetSystem-Asset-AssetBase-EvaluatedRiskScores: SM:6.9;
symc-csm-AssetSystem-Asset-AssetBase-MaxRiskScores: SM:10;
|
|
Site where this asset belongs
|
symc-csm-AssetSystem-Asset-AssetBase-Site: CN=fbaba418-8062-4996-bb71-a89840571113,CN=Sites,CN=Asset Management,CN=BusinessObjects,O=Symantec;
|
|
Asset primary and mandatory attributes of the asset
|
symc-csm-AssetSystem-Asset-Wnt-Machine-BDC: FALSE;
symc-csm-AssetSystem-Asset-Wnt-Machine-DomainWorkgroupName: KANAD;
symc-csm-AssetSystem-Asset-Wnt-Machine-HostMachineInDomain: TRUE;
symc-csm-AssetSystem-Asset-Wnt-Machine-HostName: NGESX1VM01;
symc-csm-AssetSystem-Asset-Wnt-Machine-HostNameDNS: ngesx1vm01.kanad.punetest.com;
symc-csm-AssetSystem-Asset-Wnt-Machine-IISVERSION: Version 6.0;
symc-csm-AssetSystem-Asset-Wnt-Machine-OSMajorVersionNumber: 5;
symc-csm-AssetSystem-Asset-Wnt-Machine-OSMinorVersionNumber: 2;
symc-csm-AssetSystem-Asset-Wnt-Machine-OSVersionType: Windows Enterprise Server 2003 with Terminal Services;
symc-csm-AssetSystem-Asset-Wnt-Machine-PDC: FALSE;
symc-csm-AssetSystem-Asset-Wnt-Machine-Server: TRUE;
symc-csm-AssetSystem-Asset-Wnt-Machine-TCPIPAddresses: 10.216.134.102;
symc-Node-TypeName: symc-csm-AssetSystem-Asset-Wnt-Machine;
|
To find the check result on a given standard and asset, do the following:
1. Get the standard GUID by executing the following query:
Scope: CN=Predefined,CN=Standards,CN=BusinessObjects,O=Symantec
Search query: (displayname=CIS Windows Server 2003 Legacy Security Settings for Domain Member Servers v2.0)
The query output is as follows:
cn: dd1094a5-a123-4a35-b804-6545ec13ae76;
displayName: CIS Windows Server 2003 Legacy Security Settings for Domain Member Servers v2.0;
symc-Standard-Description: <p>The <b>Center for Internet Security (CIS)</b> publishes a configuration benchmark for Windows Server 2003 domain member servers that defines <b>Consensus Baseline Security Settings</b> for various operating system components. <b>CIS</b> considers these recommended configurations safe for administrators of any security skill level to implement.
<br/>
<p>The <b>CIS Windows Server 2003 Legacy Security Settings for Domain Member Servers v2.0</b> includes legacy recommendations for Windows Server 2003 systems that consists of four major categories:</p>
<ul>
<li>Additional Security Protection</li>
<li>Auditing and Account Policies</li>
<li>Microsoft Service Packs and Security Updates</li>
<li>Security Settings</li>
</ul>
To harden Windows Server 2003 security for domain member servers, networks should at a minimum comply with the legacy recommendations published by <b>CIS</b>.<br><br>
Technical Standard - CIS Windows Server 2003 Legacy for Domain Member Servers v2.0<br />Copyright © 2008 Symantec Corporation. All Rights Reserved.;
symc-Standard-Overview: The CIS Windows Server 2003 Legacy Security Settings for Domain Member Servers v2.0 contains a set of baseline configuration parameters for Microsoft Windows Server 2003 systems.;
symc-Standard-References: <reference><name>The Center for Internet Security</name><url>http://www.cisecurity.org</url></reference>;
symc-Standard-TargetTypeIDs: 52a93b0b-e74f-41a0-8689-b80a0dd852a9;
symc-Standard-Version: 2.13.0;
2. Get the check ID by executing the following query:
Scope: CN=Predefined,CN=Standards,CN=BusinessObjects,O=Symantec
Search query: (&(objectclass=symc-Check)(displayname=1.1.1 Latest Service Pack Installed?)(symc-Check-StandardID=DD1094A5-A123-4A35-B804-6545EC13AE76))
The query output is as follows:
dc1b23b3-83e2-4040-885a-52ee0e11fc4b
3. Take the asset GUID, which is the objectID from ADAM and standard ID.
4. On the production SQL database, execute the following query:
select * from dbo.R_AssetStandardSummary where assetID = 'b02daf3b-44aa-4c03-a2d5-8b225dee196a' and StandardID='DD1094A5-A123-4A35-B804-6545EC13AE76' order by entrydate desc
5. Copy the check ID, standard ID, and targetID from the previous searches and form a SQL query on production database by executing the following query:
select * from dbo.R_CheckResults where checkid ='dc1b23b3-83e2-4040-885a-52ee0e11fc4b' and StandardID='DD1094A5-A123-4A35-B804-6545EC13AE76' and targetid ='4464DA54-3B81-4F19-874C-82F6F10C12D0'
To find a check result on a given standard and asset from the reporting database, do the following:
1. Connect to CSM_Reports database and do the following:
|
To get the Asset ID
|
select * from Dashboard.vAsset where assetname = 'kanad\ngesx1vm01’
|
|
To get the standard ID
|
select * from dbo.ivStandardName where StandardName = 'CIS Windows Server 2003 Legacy Security Settings for Domain Member Servers v2.0'
|
The query output is as follows:
DD1094A5-A123-4A35-B804-6545EC13AE76
2. Get the check ID for the given check and standard name by executing the following query:
SELECT dbo.ivCheckName.CheckName, dbo.ivStandardName.StandardName, dbo.vStandardChecks.CheckID
FROM dbo.vStandardChecks INNER JOIN
dbo.ivCheckName ON dbo.vStandardChecks.CheckID = dbo.ivCheckName.CheckID INNER JOIN
dbo.ivStandardName ON dbo.vStandardChecks.StandardID = dbo.ivStandardName.StandardID
WHERE (dbo.ivCheckName.CheckName = '1.1.1 Latest Service Pack Installed?') AND
(dbo.ivStandardName.StandardName = 'CIS Windows Server 2003 Legacy Security Settings for Domain Member Servers v2.0')
3. Get the result on ivStandardcheckresult table by executing the following query:
select * from dbo.ivStandardCheckResult
where standardid = 'DD1094A5-A123-4A35-B804-6545EC13AE76' AND
checkid = 'DC1B23B3-83E2-4040-885A-52EE0E11FC4B' AND
AssetID = 'B02DAF3B-44AA-4C03-A2D5-8B225DEE196A' AND
isCurrentValue = 1
When the sync job triggers, the extraction process creates XML fragments that gets stored in the following shunted* tables:
|
ShuntedResultSTR
|
Contains temporary XML fragments for assets, checks, and results data.
|
|
ShuntedResultSTRD
|
Contains temporary XML fragments of assets, checks, and results details data.
|
|
ShuntedResultSTRE
|
Contains temporary XML fragments of evidence data.
|
|
ShuntedXMLEntity
|
Contains standards, checks, assets, and objects against which evaluations can be performed.
|
|
ShuntedXMLRelationship
|
Contains temporary XML fragments relationship of entities such as asset - asset group, asset to container and so on.
|
select count(1) from dbo.ShuntedResultSTR
select count(1) from dbo.ShuntedResultSTRD
select count(1) from dbo.ShuntedResultSTRE
select count(1) from dbo.ShuntedXMLEntity
select count(1) from dbo.ShuntedXMLRelationship
select count(1) from dbo.HierarchyRelationshipBuffer
All errors in sync are logged in ImportError table
select * from dbo.ImportError order by Execdt desc
Logs
select * from dbo.LoadBatchLog order by eventdt desc
|
F14F2032-AE57-4B93-A769-31422A792FBD
|
NULL
|
NULL
|
Start
|
2012-02-02 15:08:26.980
|
|
Lot of log entries for a sync operation resides between these 2 lines.
|
|
|
|
|
|
F14F2032-AE57-4B93-A769-31422A792FBD
|
NULL
|
NULL
|
end
|
2012-02-02 15:11:28.740
|
This is an example where we have used a CSV file for MBSA (Microsoft Baseline Security Analyzer).
|
In production database
(CSM_DB)
|
After you have configured a connector, run the following query:
select * from dbo.ThirdPartySystem
select * from DataIntegration.ConnectorConfiguration
You will notice that with 10.5.1 out of the box, the following EDI systems are registered:
· CCS Response Assessment Module
· CCS Vulnerability Manager
· Data Loss Prevention
On configuring MBSA, an entry is created in the ThirdPatrySystem table and a corresponding configuration is created in the DataIntegration.ConnectorConfiguration table.
|
|
In reporting database
(CSM_Reports)
|
On executing the following queries, you will get definition of data system schemas and UDM representation of the incoming data:
select * from dbo.Source
select * from dbo.SourceEntity
select * from dbo.SourceEntityAttribute where UDMEntityName = 'MBSAschemaSubject'
OR UDMEntityName = 'MBSAschemaTest'
After the data is imported, data is populated in the following tables and dynamic views:
Tables:
select * from dbo.ExtendedResultsMBSAschemaSubjectMBSAschemaTest
select * from dbo.ExtendedEntityMBSAschemaSubject
select * from dbo.ExtendedEntityMBSAschemaTest
Dynamic views:
DynamicViewMBSAschema
DynamicViewMBSAschemaSubject
DynamicViewMBSAschemaTest
|
Attachments
Feedback
Powered by
