GUAITA

The GUAITA project of inLab FIB - esCERT is the evolution of the ALTAIR-SIGVI project that can also be found on this website. Altair-SIGVI was obsolete due to the technology that was used at that time, this prevented making changes and extensions and it was decided to redo the application from scratch instead of trying to make these modifications and extensions on Altair.

GUAITA allows to monitor the software products of an organization and notify, if any of these presents any vulnerability. It is provided with an improved database in terms of security, it has the identifiable data encrypted, as well as the speed of access to the data. This database that contains the software inventory and its vulnerabilities is updated daily to contemplate the new vulnerabilities (CVE's) registered by NIST. The NIST maintains a database with all the vulnerabilities that exist since 2002 and allows you to download them free of charge in XML format or make queries about them.

Expansions and advantages contemplated by GUAITA:

• Supports the new format of CVE's.
• It has an API to upload files in NMAP format or JSON format containing the necessary data of the systems to be monitored / inventoried, in addition to offering the remote scanning, using nmap, of these systems. This is an advantage with respect to the previous implementation, since remote scanning is sometimes not available and this makes it easier for administrators to perform their own scanning and upload it to the platform themselves.
• Implements a ticket system to manage vulnerabilities.
• Provides 3 user profiles:
  • The super-administrator of the entire platform that will have access to define configurations, users, units, networks ...
  • The unit administrator can define their assets, give permission to their managers and perform full scans of their assets.
  • The unit manager will have permissions to look, check and modify the vulnerabilities of the different assets of his unit. Basically he is in charge of managing vulnerabilities.
• Easier to use interface for administrators and resolvers.
• Personalized notifications on the platform or via mail.
• Graphs to visualize more quickly the assets and their vulnerabilities.

Poster that summarizes the project: