Security Officers Best Friend (SOBF) is a Security Management and Analysis tool designed to be placed right ontop the SOMAP.org Repository. The SOBF Tool is currently in development and there is no public download at the moment.
The SOBF tool is written in Java. To run the SOBF Tool you need a Java VM version 1.5 or later. The data used within the tool is stored locally and can be protected accordingly.
It is a main goal to build the tool like an extendable toolset. While all the needed functionality is built into the SOBF tool, it is possible to extend that standard feature set with your own scripts and extentions.
To abstract the database and to access the data more easily the SOBF tool makes use of the Cayenne Framework. The configuration informations are accessible and it is possible to enhance that configuration with your own data views. Such data views can then be used from within your own scripts to enhance the feature set of the SOBF tool.
Database / Storage:
The SOBF Tool currently uses the hsqldb Database engine to store the data. Updates to the Repository can be done without a hassle for the data records are identified by UUID's as described on the Repositories information page.
The hsqldb stores the data in human readable form. If need be, the data can be extracted from the filesystem accessing the data files directly.
Since the SOBF tool uses the Cayenne Framework to abstract the database layer it is no problem to exchange the hsqldb with any other database system like Derby or PostgreSQL in future releases. This is an important feature for the SOBF tool should help a security officer with his work and not stand in his way. For this reason the SOBF tool should be as integratable into an environment as possible.
We use the Jasper Reports engine to render and print reports
What's New in This Release:
· This version contains the implementation of the complete Risk Assessment Workflow as described in the SOMAP.org Guide.
· The backup and restore mechanism was enhanced.
· Some changes and updates were made to the Dynamic Reports.
· The application experienced a general spring cleaning.