Slide 1: On-demand Vulnerability Evaluation Reporting Tool
Slide 2: O.V.E.R.T (On-Demand Vulnerability Evaluation Reporting Tool) was designed to support security engineers and analysts with the cumbersome and timely task of aggregating and normalizing the raw data provided as output from most security assessment tools.
A typical raw data output from an assessment of 10 workstations or servers can take up to a week for an individual to decipher manipulate and move into a more usable format; O.V.E.R.T takes less than 15 seconds. Overview
Slide 3: Standalone
The standalone version of our tool was the first iteration to be built and is designed strictly as a parsing engine and report generation tool aimed to save time and resources. The standalone product is available in a mini laptop form factor for convenience and portability. Web Appliance
Version 1.0 takes the functionality of the standalone tool and centralizes the capability for multi user access. In addition, version 1.0 includes:
User access control through Active Directory integration and application Roles Based
Access Controls (RBAC).
Parsing of:
DISA Gold Disk
DISA SRR
AppDetective
Retina
The ability to create projects and upload scan result files for parsing
The ability to view the results of parsing on screen
The ability to export the results to other storage media
Full Auditing of user and application functions Product Offering
Slide 4: Why you Need O.V.E.R.T The Objective.
To turn raw security scan result data into actionable information
To do it “Quickly” The Benefits.
Reduces time of copy and paste and reduces errors during transfer
Gives you a competitive advantage
Slide 5: Web Appliance
Slide 6: Logging In Login Banner
DoD and Federal customers are required to display a login banner to all users prior to granting access.
We can remove or customize the banner at our customers’ request
Slide 7: AD Integration Account Options
O.V.E.R.T integrates with Active Directory for ease of account management.
The option is available to allow accounts to be created within the application if desired.
Slide 8: Admin View Admin Access
Allows user to create, modify projects, upload, parse, and export result files, create users, and assign users to projects Regular User Access
Allows user to view projects assigned by an admin, upload, parse, and export results files.
Slide 9: Creating a Project
Slide 10: Upload Findings
Slide 11: Upload Findings Multi-File Upload
O.V.E.R.T provides the ability for users to upload multiple files at once for simultaneous parsing of multiple files from multiple tools
Slide 12: Results
Slide 13: Findings Detail
Slide 14: Audit by Project
Slide 15: Add user to Project
Slide 16: Add user to Project
Slide 17: Export results Filtered Output
O.V.E.R.T provides the capability to filter the results of your output to include “Not Reviewed (NR), Open (O) and Not a Finding (NF).
Our customers have the option to include all in the report if so desired.
Slide 18: Standard Results File Customized Report
Excentium Understands that not all customers use the same format. We can customize the report template to your specific needs Future Output Formats
Excentium will provide the ability to export results to Microsoft Word and Adobe Acrobat PDF formats in the next release. Tabbed Results
Need to review results from a specific tool? Just click on the appropriate tab. Failed Results Tab
Provides detail of all discrepancies between the input file and the database.
Slide 19: Full Auditing of Events
Slide 20: Specific Event Details
Slide 21: Create Users
Slide 22: AD or Non-AD Users
Slide 23: Assign Privileges
Slide 24: Future Enhancements Additional scanning tool compatibility:
Nessus
NMAP
Compatibility with IE 8 and Firefox
Manual Checklist Integration (STIGs/Control Docs)
Manual Report Manipulation with Auditing
Provides the ability for a user to add information to a report and modify its status by justification.
Additional report formats
.Doc
.PDF
OVERT Automated Update Service
Efficient method for updating backend database when modifications are made to vulnerability assessment tools.
Delete/Archive Projects Capability
Asset Management Module
Ability to store inventory of IT assets for the purposes of mapping vulnerabilities to specific assets and providing before/after remediation and trending information Excentium is always open to customer suggested future capabilities and enhancements