Ryan Prather
927ae69743
background_stigs.php - change to support adding sunset STIGs to update_db.php parse_nessus.php/parse_nmap.php - disable post processing until the end of reading the file update_db.php - Add sunset STIGs downloading and parsing database.inc - Removed unnecessary variables ($key, etc), fixed typo (proc_ia_control v. proc_ia_controls), fix typo line 11072, added query_type to other queries in post_Processing method, call update_Target_Count method at the end of post_Processing, convert update_Target_Count to use queries instead of get_pdi_count and get_finding_count views (caused a performance hit), removed calling update_Target_Count from save_Target method to support previously mentioned changes index.php - removed ajax timeout when bulk removing targets |
||
|---|---|---|
| classes | ||
| conf | ||
| data | ||
| docs | ||
| exec | ||
| img | ||
| inc | ||
| reference | ||
| results | ||
| script | ||
| ste | ||
| style | ||
| .gitignore | ||
| ajax.php | ||
| apple-touch-icon-57x57.png | ||
| apple-touch-icon-60x60.png | ||
| apple-touch-icon-72x72.png | ||
| apple-touch-icon-76x76.png | ||
| apple-touch-icon-114x114.png | ||
| apple-touch-icon-120x120.png | ||
| apple-touch-icon-144x144.png | ||
| apple-touch-icon-152x152.png | ||
| apple-touch-icon-180x180.png | ||
| browserconfig.xml | ||
| CHANGELOG.md | ||
| config.inc | ||
| Database_Baseline.zip | ||
| db_schema.json | ||
| Dockerfile | ||
| dump.php | ||
| favicon-16x16.png | ||
| favicon-32x32.png | ||
| favicon-96x96.png | ||
| favicon-160x160.png | ||
| favicon-192x192.png | ||
| favicon.ico | ||
| help.php | ||
| import.php | ||
| index.php | ||
| install.bat | ||
| LICENSE | ||
| mstile-144x144.png | ||
| README.md | ||
| README.pdf | ||
| Sagacity-1.3-User-Guide.pdf | ||
| search.php | ||
| setup.php | ||
| update.php | ||
| upload.php | ||
Sagacity
Sagacity is a vulnerability assessment and compliance data management tool designed to make security testing more efficient, effective and complete.
Security assessments, especially those done for DoD and Federal organizations, produce tremendous amounts of scan and compliance data that security engineers must sort through and deconflict, identify untested requirements, and somehow analyze to communicate risk to their employers. Sagacity, originally written to support a government customer, was designed to fill that need.
What if an organization could turn massive amounts of irreconcilable vulnerability scan data into true knowledge and insight about their networks? They would be able to make wise decisions resulting in cost-effective actions to improve their security with the best return on investment.
Keen insight. Sound judgment. Wise decisions. Sagacity.
Features
- ingest data from Nessus vulnerability and compliance scans, SCC, nmap, MBSA and other automated tools
- correlate data to applicable STIG and IAVM checklists and deconflict data from multiple scan sources
- identify required manual STIG checks for a complete compliance assessment
- provide an efficient spreadsheet format for conducting manual tests and reporting compliance data
- track assessed hosts, applicable STIGs, OS's, installed software, missing patches, network services and more
- security assessment task tracking to ensure a complete and thorough test
- statistical analysis of compliance rates, assessment completeness, Cat I, II, III findings and more.
Requirements
Windows:
- Processor: 2.0 Ghz+ (recommend Intel i5+)
- Memory: 8GB
- Hard Drive: 50GB free (SSD recommended)
Linux:
- Processor: 2.0 Ghz+ (recommend Intel i5+)
- Memory: 4GB
- Hard Drive: 50GB (SSD recommended)
Software Requirements
Sagacity has the following software requirements. The versions listed are the minimum required for operation. For PHP, we recommend the closest version you can get to the one listed, further versions may deprecate features before we have the chance to update the code.
- PHP 7.2
- MySQL 5.7+ or MariaDB 10+
- Apache 2.4+
For Windows, you can install XAMPP 7.2.x from https://www.apachefriends.org/download.html
Installation
See README.pdf for complete installation instructions.
