saf icon indicating copy to clipboard operation
saf copied to clipboard

Published 20 hours ago verified publisher icon mitre

SAFCLI Functionality Roadmap

Open aaronlippold opened this issue 2 years ago • 2 comments

Inspec Tools

  • [x] saf validate threshold
  • [x] saf view summary
  • [x] xccdf_results2hdf
  • [x] xccdf2inspec_profile ( see inspec_tools xccdf2inspec )
  • [x] xlsx2inspec
  • [x] csv2inspec
  • [x] inspec2ckl -> hdf2ckl (clarify flags or file)
  • [x] inspec2csv -> hdf2csv
  • [x] generate_ckl_metadata ( inspec2ckl -> hdf2ckl )
  • [x] generate_inspec_metadata
  • [ ] inspec2xccdf -> hdf2xccdf (clarify flags or file)
  • [ ] ckl2hdf
  • [ ] #84

Exporters in Heimdall OCLIF CLI

pdf2inspec ( not maintained) - Drop and redirect to python tool

Merge these - add flag for CSV/XLS type - CIS or DISA

hdf-utils PIPELINE ( Heimdall of the CICD pipeline ) computer see the results OCLIF CLI

  • compliance -> validate-threshold

  • summary -> validation-summary

  • New CLI SAF tool *

** Normalization

  • [x] saf convert nessus2hdf --i --o --mapping=file --prefix ( old heimdall tools )
  • [x] saf convert hdf2asff -i -o
  • [x] saf convert hdf2ckl -i -o --metadata file

** Visualization

  • [x] saf view or saf visualize -p xxxx ( default: 8080)

** Installers ( nodeJS + xxx ) MSI Wrapper or some framework to make multi-platform installers **** Driver: Approved Software List and Version ....

  • [x] WIndows
  • [x] OSX
  • [x] Docker
  • [x] Debian (deb)
  • [ ] RPM

aaronlippold avatar Nov 26 '21 18:11 aaronlippold

Initial reaction from a sponsor: don't replace one problem with another, i.e., heimdall_tools and inspec_tools confused the community because they thought heimdall_tools = heimdall, and inspec_tools = inspec. If we switch to "saf", we'd want a path to all of our saf tech via the saf tool. For example, an initial assumption was that we'd also have something like:

"saf scan" - which would run an inspec profile or "saf harden" - which would apply a hardening script.

In other words, saf as a one-stop shopping. I realize it's logistically hard (or cumbersome) to "wrap" ansible, terrform, inspec tools, etc. Instead, perhaps:

when someone types "saf scan", the command-line responds "visit https://saf.mitre.org/#/validate to explore and run inspec profiles"

when someone types "saf harden", the command-line responds "visit https://saf.mitre.org/#/harden to explore and run hardening scripts"

ejaronne avatar Nov 30 '21 20:11 ejaronne

Adding saf scan and saf harden responses from the SAF utility would not a problem.

rbclark avatar Nov 30 '21 21:11 rbclark