Name of Your Organization:

WINS Co., Ltd.

Web Site:

http://www.wins21.co.kr

Compatible Capability:

SNIPER Intrusion Prevention System (SNIPER IPS)

Capability home page:

http://sniper.wins21.co.kr/
General Capability Questions

Product Accessibility <CR_2.4>

Provide a short description of how and where your capability is made available to your customers and the public (required):

SNIPER IPS provides a commercially available security management product. For more information visit: http://sniper.wins21.co.kr/?page_no=3 or call +82-31-622-8620. Also we provide CVE Contents in CVE Information categories in the SecureCAST vulnerability database. The customer using SNIPER IPS can access the SecureCAST web site for a service and get security information.
Mapping Questions

Map Currency Indication <CR_5.1>

Describe how and where your capability indicates the most recent CVE version used to create or update its mappings (required):

Every day CERT team members at WINS monitor vulnerabilities with CVE code to mapping. After, we set up a CVE code route link when we make a help. Also we provide CVE Contents in CVE Information categories in the SecureCAST vulnerability database.

Map Currency Update Approach <CR_5.2>

Indicate how often you plan on updating the mappings to reflect new CVE versions and describe your approach to keeping reasonably current with CVE versions when mapping them to your repository (required):

Everyday CERT team members at WINS monitor the help of product’s vulnerabilities which can’t find the CVE code. After monitoring, the members update link about CVE code route. In addition, we keep up to date with the contents at CVE Information categories of SecureCAST by parsing xml file provided at http://nvd.nist.gov/download.cfm.

Map Currency Update Time <CR_5.3>

Describe how and where you explain to your customers the timeframe they should expect an update of your capability’s mappings to reflect newly available CVE content (required):

The update process starts after a new CVE version is released. The CVE of SecureCAST DB is provided by parsing a modified.xml and a recent.xml at MITRE (http://nvd.nist.gov/download.cfm) at 6:00 a.m. every morning. The CVE of SNIPER IPS is updated by CERT team members at WINS.

Map Content Selection Criteria <CR_5.4>

Describe the criteria used for determining the relevance of a given CVE Identifier to your Capability (required):

We are based on information of MAPP and trusted web site to provide vulnerabilities such as Secunia and SecurityFocus.

Map Currency Update Mechanism <CR_5.4>

Describe the mechanism used for reviewing CVE for content changes (required):

CERT team members at WINS monitor web site to provide vulnerabilities every day. CVE contents are available to respond to changes of CVE contents on account of offer in the form of link.

Map Content Source <CR_5.5>

Describe the source of your CVE content (required):

We collect the CVE content from the CVE and NVD web site. We also collect it from the CERT team at WINS and other security information web sites.
Documentation Questions

CVE and Compatibility Documentation<CR_4.1>

Provide a copy, or directions to its location, of where your documentation describes CVE and CVE compatibility for your customers (required):

The CVE compatibility documentation forms part of the user manual which can be opened from the main application by pressing SNIPER help.

This information is included in the SNIPER IPS help page as shown below.

CVE and Compatibility Documentation
[Figure.1] Pressing Sniper help
CVE and Compatibility Documentation
[Figure.2] SNIPER IPS help page

Put the "CVE" into the input box.

CVE and Compatibility Documentation
[Figure.3] Documentation describes CVE

Documentation of Finding Elements Using CVE Names <CR_4.2>

Provide a copy, or directions to its location, of where your documentation describes the specific details of how your customers can use CVE names to find the individual security elements within your capability’s repository (required):

By using the detailed search function in vulnerability information page and search function in CVE information page at vulnerability Database of SecureCAST. Users are able to conduct a search using CVE identifiers as the keyword.

Documentation of Finding Elements Using CVE Names
[Figure.4] Detailed search function in vulnerability information page
Documentation of Finding Elements Using CVE Names
[Figure.5] Detailed search field
Documentation of Finding Elements Using CVE Names
[Figure.6] SecureCAST CVE information Web Page

Documentation of Finding CVE Names Using Elements <CR_4.3>

Provide a copy, or directions to its location, of where your documentation describes the process a user would follow to find the CVE names associated with individual security elements within your capability’s repository (required):

CVE identifiers are displayed in the "CVE ID" section within each vulnerability information pages and CVE identifiers are displayed in the CVE information pages.

Documentation of Finding CVE Names Using Elements
[Figure.7] Vulnerability information page at Vulnerability Database
Documentation of Finding CVE Names Using Elements
[Figure.8] Each vulnerability information page
Documentation of Finding CVE Names Using Elements
[Figure.9] CVE information page at vulnerability Database

Type-Specific Capability Questions

Tool Questions

Finding Tasks Using CVE Names <CR_A.2.1>

Give detailed examples and explanations of how a user can locate tasks in the tool by looking for their associated CVE name (required):

1) SNIPER IPS

This is not applicable to SNIPER IPS Management System. But, using the SecureCAST, vulnerability database web site, SNIPER users may get tasks information.

2) SecureCAST web site

By using the SecureCAST web site, users may get tasks information. By using the detailed search function in vulnerability information page and search function in CVE information page at vulnerability Database of SecureCAST. Users are able to conduct a search using CVE identifiers as the keyword and get tasks information. (vulnerability code #)

Finding CVE Names Using Elements in Reports <CR_A.2.2>

Give detailed examples and explanations of how, for reports that identify individual security elements, the tool allows the user to determine the associated CVE names for the individual security elements in the report (required):

  • Successful login to the Sniper IPS Management System, a user must select the "Reports" icon. (see green arrow)
  • Next the user has to select "log" tab. (see a purple arrow)
  • Then user must double click the monthly displayed filter(s) to expand a job. (see a red arrow)
    Finding CVE Names Using Elements in Reports
    [Figure.10] The monthly displayed filter(s)
  • User must double click the daily displayed filter(s) to expand a job.
    Finding CVE Names Using Elements in Reports
    [Figure.11] The daily displayed filter(s)
  • And User must double click the hourly displayed filter(s) to expand a job.
    Finding CVE Names Using Elements in Reports
    [Figure.12] The hourly displayed filter(s)
  • Then User will get the detailed filer(s) information.
    Finding CVE Names Using Elements in Reports
    [Figure.13] The detailed filter(s)
  • User must select a job to get detailed information of CVE by clicking on the right mouse button.
    Finding CVE Names Using Elements in Reports
    [Figure.14] Right mouse button
  • Then, User click online help or help and a new widow will pop-up.
  • In the new window the user will get CVE ID that is hyperlinked to take the user to the CVE web site corresponding to the specific CVE ID.
    Finding CVE Names Using Elements in Reports
    [Figure.15] Help window pop up
  • Finding CVE Names Using Elements in Reports
    [Figure.16] Help online window pop up
  • Finding CVE Names Using Elements in Reports
    [Figure.17] The CVE web site corresponding to the specific CVE ID
  • Finding CVE Names Using Elements in Reports
    [Figure.18] The CVE web site corresponding to the specific CVE ID

Getting a List of CVE Names Associated with Tasks <CR_A.2.4>

Give detailed examples and explanations of how a user can obtain a listing of all of the CVE names that are associated with the tool’s tasks (recommended):

  • Successful login to the Sniper IPS Management System, a user must select the "Reports" icon.(See a green arrow)
  • Next the user has to select "log" tab.(See a purple arrow)
  • Then user must double click the monthly displayed filter(s) to expand a job.(See a red arrow)
    Getting a List of CVE Names Associated with Tasks
    [Figure.19] The monthly displayed filter(s)
  • User must double click the daily displayed filter(s) to expand a job.
    Getting a List of CVE Names Associated with Tasks
    [Figure.20] The daily displayed filter(s)
  • And User must double click the hourly displayed filter(s) to expand a job.
    Getting a List of CVE Names Associated with Tasks
    [Figure.21] The hourly displayed filter(s)
  • Then User will get the detailed filer(s) information.
    Getting a List of CVE Names Associated with Tasks
    [Figure.22] The detailed filter(s)
  • User must select a job to get detailed information of CVE by clicking on the right mouse button.
    Getting a List of CVE Names Associated with Tasks
    [Figure.23] Right mouse button
  • Then, User click online help or help and a new window will pop-up.
  • In the new window the user will get CVE ID that is hyperlinked to take the user to the CVE web site corresponding to the specific CVE ID.
    Getting a List of CVE Names Associated with Tasks
    [Figure.24] Help window pop up
    Getting a List of CVE Names Associated with Tasks
    [Figure.25] Help online window pop up
    Getting a List of CVE Names Associated with Tasks
    [Figure.26] The CVE web site corresponding to the specific CVE ID
    Getting a List of CVE Names Associated with Tasks
    [Figure.27] The CVE web site corresponding to the specific CVE ID

Selecting Tasks Using Individual CVE Names <CR_A.2.6>

Describe the steps that a user would follow to browse, select, and deselect a set of tasks for the tool by using individual CVE names (recommended):

Please refer to <CR_A.2.1>.
Service Questions

Service Coverage Determination Using CVE Names <CR_A.3.1>

Give detailed examples and explanations of the different ways that a user can use CVE names to find out which security elements are tested or detected by the service (i.e. by asking, by providing a list, by examining a coverage map, or by some other mechanism) (required):

  • Step1 : Go to http://securecast.co.kr
  • Step2 : Input Id and Password.
  • Step3 : Go to the vulnerability page.
  • Step4 : Search any CVE name
    Service Coverage Determination Using CVE Names
    [Figure.28] SecureCAST Main Page
    Service Coverage Determination Using CVE Names
    [Figure.29] Login Page
    Service Coverage Determination Using CVE Names
    [Figure.30] Vulnerability page
    Service Coverage Determination Using CVE Names
    [Figure.31] Search the any CVE name
    Service Coverage Determination Using CVE Names
    [Figure.32] Result page

Finding CVE Names in Service Reports Using Elements <CR_A.3.2>

Give detailed examples and explanations of how, for reports that identify individual security elements, the user can determine the associated CVE names for the individual security elements in the report (required):

Please refer to <A.4.2>.

Service’s Product Utilization Details <CR_A.3.4>

Please provide the name and version number of any product that the service allows users to have direct access to if that product identifies security elements (recommended):

  • SNIPER IPS (all versions)
  • SecureCAST 7.0
Online Capability Questions

Finding Online Capability Tasks Using CVE Names <CR_A.4.1>

Give detailed examples and explanations of how a "find" or "search" function is available to the user to locate tasks in the online capability by looking for their associated CVE name or through an online mapping that links each element of the capability with its associated CVE name(s) (required):

By using the detailed search function in vulnerability information page and search function in CVE information page at Vulnerability Database of SecureCAST.

1. Vulnerability information page

Users can use the keyword search to search for a specific CVE ID as shown below.

  • Step1. Click on the detailed search function button.
  • Step2. Put the CVE ID into the CVE ID field.
  • Step3. Click on the search button.
    Finding Online Capability Tasks Using CVE Names
    [Figure.33] Detailed search function in vulnerability information page
    Finding Online Capability Tasks Using CVE Names
    [Figure.34] Put the "CVE-2010-2755" into the detailed search field
    Finding Online Capability Tasks Using CVE Names
    [Figure.35] Click on the search button
  • Once the user clicks on the search button, then the results will be generated and CVE will be displayed.
    Finding Online Capability Tasks Using CVE Names
    [Figure.36] Result page

2. CVE information page

Users can use the keyword search to search for a specific CVE ID as shown below:

  • Step1. Put the CVE ID into the search bar.
  • Step2. Click on the search button.
    Finding Online Capability Tasks Using CVE Names
    [Figure.37] SecureCAST CVE information Web Page
    Finding Online Capability Tasks Using CVE Names
    [Figure.38] Put the "CVE-2010-2909" into the search bar
  • Once the user clicks on the search button, then the results will be generated and CVE will be displayed.
    Finding Online Capability Tasks Using CVE Names
    [Figure.39] Result page

As you have seen, The CVE information page is the special page to see all of CVE information. Therefore, if you want to see the information of specific CVE ID, you just look the page up and down to get related information of CVE ID.

Online Capability Interface Template Usage <CR_A.4.1.1>

Provide a detailed description of how someone can use your "URL template" to interface to your capability’s search function (recommended):

Examples:

Users put the "URL template" into the address bar. For example, someone put the http://securecast.co.kr into the address bar then someone put the id and password into the field. After that, the user can access the out capability’s search function.

Web site: http://securecast.co.kr

Online Capability CGI GET Method Support <CR_A.4.1.2>

If the URL template is for a CGI program, does it support the HTTP "GET" method? (recommended):

YES

Finding CVE Names Using Online Capability Elements <CR_A.4.2>

Give detailed examples and explanations of how, for reports that identify individual security elements, the online capability allows the user to determine the associated CVE names for the individual security elements in the report. (required):

CVE identifiers are displayed in the "CVE ID" section within each vulnerability information pages and CVE identifiers are displayed in the CVE information pages.

The CVE ID on Each vulnerability information page is hyperlinks to the CVE web page that corresponds to the CVE ID.

Finding CVE Names Using Online Capability Elements
[Figure.40] Vulnerability information page at Vulnerability Database
Finding CVE Names Using Online Capability Elements
[Figure.41] Hyperlinked CVE ID on Each vulnerability information pages
Finding CVE Names Using Online Capability Elements
[Figure.42] The CVE web page that corresponds to the CVE ID
Finding CVE Names Using Online Capability Elements
[Figure.43] CVE information page at vulnerability Database

Online Capability Element to CVE Name Mapping <CR_A.4.3>

If details for individual security elements are not provided, give examples and explanations of how a user can obtain a mapping that links each element with its associated CVE name(s), otherwise enter N/A (required):

All of our CVE ID references are hyperlinks to the CVE webpage that corresponds to the CVE ID. Go to the SecureCAST web page which is vulnerability DB. Then go to the CVE information page and vulnerability information page and the user will be able to find the online CVE information for that specific ID.

Back to top
Aggregation Capability Questions

Finding Elements Using CVE Names <CR_A.5.1>

Give detailed examples and explanations of how a user can associated elements in the capability by looking for their associated CVE name (required):

Refer to <CR_A.4.2>

Finding CVE Names Using Elements in Reports <CR_A.5.2>

Give detailed examples and explanations of how, for reports that identify individual security elements, the capability allows the user to determine the associated CVE names for the individual security elements in the report (required):

Refer to <CR_A.4.2>

Getting a List of CVE Names Associated with Tasks <CR_A.5.4>

Give detailed examples and explanations of how a user can obtain a listing of all of the CVE names that are associated with the capability’s tasks (recommended):

Refer to <CR_A.4.2>

Back to top
Media Questions

Electronic Document Format Info <CR_B.3.1>

Provide details about the different electronic document formats that you provide and describe how they can be searched for specific CVE-related text (required):

The primary method for accessing SecureCAST is through its web interface found at http://securecast.co.kr . Entering the CVE name as the keyword in the search field found on vulnerabilities DB at SecureCAST, will return any associated security elements that match the search parameter.

Electronic Document Listing of CVE Names <CR_B.3.2>

If one of the capability’s standard electronic documents only lists security elements by their short names or titles provide example documents that demonstrate how the associated CVE names are listed for each individual security element (required):

The associated CVE name is listed prominently in the "CVE ID" section of a vulnerability information page and CVE information page on vulnerabilities DB at SecureCAST.

Electronic Document Element to CVE Name Mapping <CR_B.3.3>

Provide example documents that demonstrate the mapping from the capability’s individual elements to the respective CVE name(s) (recommended):

Example Documents are here.

Electronic Document Element to CVE Name Mapping
[Figure.44] Screenshot on Vulnerabilities information page at Vulnerability DB
Electronic Document Element to CVE Name Mapping
[Figure.45] Screenshot on CVE information page
Back to top
Graphical User Interface (GUI)

Finding Elements Using CVE Names Through the GUI <CR_B.4.1>

Give detailed examples and explanations of how the GUI provides a "find" or "search" function for the user to identify your capability’s elements by looking for their associated CVE name(s) (required):

The SecureCAST GUI provides a keyword search located on vulnerability information page and CVE information page at vulnerability DB of SecureCAST. Entering the CVE name as the Keyword in the search field found on SecureCAST, will return any associated security elements that match the search parameter.

Finding Elements Using CVE Names Through the GUI
[Figure.46] Detailed search function in vulnerability information page
Finding Elements Using CVE Names Through the GUI
[Figure.47] Detailed search field
Finding Elements Using CVE Names Through the GUI
[Figure.48] SecureCAST CVE information Web Page

GUI Element to CVE Name Mapping <CR_B.4.2>

Briefly describe how the associated CVE names are listed for the individual security elements or discuss how the user can use the mapping between CVE entries and the capability’s elements, also describe the format of the mapping (required):

The CVE name is displayed in the "CVE ID" section within each vulnerability countermeasure information page.

GUI Export Electronic Document Format Info <CR_B.4.3>

Provide details about the different electronic document formats that you provide for exporting or accessing CVE-related data and describe how they can be searched for specific CVE-related text (recommended):

SecureCAST provide searchable asp output.

Back to top
Questions for Signature

Statement of Compatibility <CR_2.7>

Have an authorized individual sign and date the following Compatibility Statement (required):

"As an authorized representative of my organization I agree that we will abide by all of the mandatory CVE Compatibility Requirements as well as all of the additional mandatory CVE Compatibility Requirements that are appropriate for our specific type of capability."

Name: Ji-Sang Hwang

Title:

Back to top
Page Last Updated or Reviewed: August 10, 2017