SCAP Sync is Lunarline's revolutionary product in the field of Security Content Automation Protocol (SCAP). SCAP is an open standard that has largely been developed and promoted by the National Institute of Standards and Technology (NIST), in partnership with the private sector firm MITRE, to facilitate the interchange of security data between various security products. The ultimate goal for SCAP is to make security more effective by improving automation and reducing manual data entry.

Lunarline believes that this is a fantastic initiative, but we have also found some significant limitations when trying to incorporate SCAP into our own products and solutions. These include:

  • SCAP content is hosted on a variety of different websites, with no centralized location to view all SCAP content at once.
  • There is no easy way to download the few changes and updates that occur day-to-day in the SCAP ecosystem. Instead, you must manually download each SCAP content file in full and sort through tens of thousands of records to identify what has changed. This has been a major obstacle to wider adoption of SCAP among tool vendors.
  • Most tools that use SCAP cannot automatically load new SCAP content. A sysadmin needs to determine when new SCAP content has been released and then download that new content and load it into each tool, one-by-one.

The net effect of these limitations is that there is still a considerable amount of tedious work involved, despite the promise of SCAP to improve security automation.

Lunarline identified this gap as an opportunity to create a new service for the security industry. We call this service SCAP Sync, because it automatically goes out to the various sites that host SCAP content, checks for new content, and then synchronizes all of that content daily into a single database. Furthermore, SCAP Sync provides an easy-to-use API for tool vendors to leverage SCAP Sync in their own security tools.

SCAP Sync solves all of the challenges addressed above -- and the best part is, it's a FREE service that is available to the public at www.SCAPSync.com!

Benefits

SCAP Sync has range of features that will benefit several different groups among in the security community.

General Security Practitioners

For general security practitioners, SCAP Sync is an excellent place to research security issues such as weaknesses, vulnerabilities, and standard configurations. Our search engine is easy to use and super fast. You can use human language search terms such as "buffer overflow" or "Adobe Flash", or you can search by SCAP identifiers such as CVE, CWE or CPE numbers.

Our search results include a history of changes to SCAP content, so you can see how a specific vulnerability has evolved over time. No other SCAP database in the world tracks these day-to-day changes in SCAP content!

For more information on using SCAP Sync for research, please look at our online help.

Security Gurus/Scripters

If you are a security guru with scripting experience, you'll be thrilled to learn that all of the content on SCAP Sync is also available in a REST API. You are free to use this API for scripting your own security functions to automate workflows on your team. You can use our API to automatically find the latest SCAP content and retrieve it in a machine-readable format such as XML or JSON.

For more information, please look at our 40-line sample Python program.

Security Tool Vendors

If you are a security tool vendor, please contact us for information about using our REST API in your application. With our REST API, you can greatly simplify your users' lives by automating the process of finding and updating SCAP content. For more information, please look at our API documentation.

 

For more information, please contact us at lunarproducts@lunarline.com or call 571-481-9300.