Custom Networking for Scanning in DISA milCloud
By default, the CONS3RT Elastic Test Tool VMs connect to the "CEMS network" in your HmC VDC. In order to allow the test tool VMs to scan additional networks inside your DISA milCloud VDC, a custom Red Hat 6 template may be required. To create this custom template:
Log in to your HmC VDC in vCl...
Elastic Test Tools
CONS3RT elastic test provides a framework for getting test results with minimal effort from a selection of integrated Elastic Test Tools. To use elastic test first:
Import a Test Asset (/kb/elastic-tests/import-a-test-asset)
Add the Test Asset to a Deployment (/kb/deployments/creating-a-deployme...
How to Run a Fortify Scan
Step 1: Create a Fortify Test Asset
There is a Sample Fortify Scan asset on Github (https://github.com/cons3rt/test-asset-fortify-simple) you can use out-of-the-box, or customize. Please see the sample Fortify Asset for instructions on how to use or create your Test As...
Import a Test Asset
This article describes import a Test Asset for one of the Elastic Test Tools (e.g. Nessus, Fortify, Sonar) into HmC
Import Test Assets
First, create a zip file containing the contents of your Test Asset
Next to Tests on the main menu, click Add (Note: if you do not see
Note: If you do not see t...
Nessus is a test tool used to identify system vulnerabilities (NOTE: Nessus is known as ACAS in the DISA community). Nessus allows scans for many types of vulnerabilities such as:
Vulnerabilities - scan for weaknesses that a remote hacker can use to control or access sensitive data on a system
How to Run a Sonar Scan
Step 1: Create a Sonar Test Asset
There is a Sample Sonar Scan asset on Github (https://github.com/cons3rt/test-asset-sonar-simple) you can use out-of-the-box, or customize. Please see the sample Sonar Asset for instructions on how to use or create your Test Asset.