Is the "device_time" considered the scan time for that asset in CCS?
Article ID: 278430
Updated On:
Products
Control Compliance Suite
Control Compliance Suite Standards Module
Control Compliance Suite Standards Server
Issue/Introduction
When using ICDx to collect data from CCS, there are a few fields such as "device_time". What date/time does this correlate to in CCS?
Resolution
This "device_time" is a column in the table "dbo.symcICDxEventData" stored in the CSM_Reports database.
The data/time in CCS is for when the Evaluation was done on the data collected from the assets.
Some additional details.
CCS Standard Name = ICDx [policy$name]
CCS Check Name = ICDx [policy$rule_name]
The Formatted Evidence = ICDx [message]
The [Result] details are stored as [id] in ICDx.
/*CCS Pass = 1, ICDx Pass = 1*/
/*CCS Fail = 2, ICDx Fail = 2*/
/*CCS Unknown = 3, ICDx Unknown = 0*/
/*CCS N/A = 4, ICDx N/A = 4*/
/*CCS Error = 5, ICDx Error = 3*/
The CCS [RiskScore] is stored as [cvssv2$risk] in ICDx
Details about the ICDx [severity_id];
/* If a check status is anything but Fail then ICDx Severity is Information (1)*/
/* CCS Risk score 9 and 10 = ICDx Critical (5) */
/* CCS Risk score 6, 7 and 8 = ICDx Major (4) */
/* CCS Risk score 4 and 5 = ICDx Minor (3) */
/* CCS Risk score 1,2 and 3 or check has Failed with RiskScore -1 = ICDx Warning (2) */
OR
If [Result] is 1,3,4, or 5, then [severity_id] in ICDx = 1
if [RiskScore] is >= 9.0 then [severity_id] in ICDx = 5
if [RiskScore] is >= 9.0 then [severity_id] in ICDx = 5
if [RiskScore] is >= 6.0 then [severity_id] in ICDx = 4
if [RiskScore] is >= 4.0 then [severity_id] in ICDx = 3
if [RiskScore] is less than 4.0 then [severity_id] in ICDx = 2
Feedback
Yes
No
Powered by
