finish use cases, addtl updates

mitre · Dec 12, 2024 · 753545e · 753545e
1 parent 1ca1d84
commit 753545e
Show file tree

Hide file tree

Showing 8 changed files with 60 additions and 5 deletions.
diff --git a/src/assets/img/Delta_Class/use_case_2-2.png b/src/assets/img/Delta_Class/use_case_2-2.png
diff --git a/src/assets/img/Delta_Class/use_case_2-3.png b/src/assets/img/Delta_Class/use_case_2-3.png
diff --git a/src/assets/img/Delta_Class/use_case_2-4.png b/src/assets/img/Delta_Class/use_case_2-4.png
diff --git a/src/assets/img/Delta_Class/use_case_2-5.png b/src/assets/img/Delta_Class/use_case_2-5.png
diff --git a/src/assets/img/Delta_Class/use_case_3-1.png b/src/assets/img/Delta_Class/use_case_3-1.png
diff --git a/src/assets/img/Delta_Class/use_case_3-2.png b/src/assets/img/Delta_Class/use_case_3-2.png
diff --git a/src/courses/delta/02.md b/src/courses/delta/02.md
@@ -15,8 +15,8 @@ To conduct the delta process, the following items are needed:
 2. A guidance file (XCCDF):
     a. Download either a DISA STIG Benchmark from the appropriate site.
 
-::: note Using Generated Profile Stubs
-Although not a requirement, it is recommended to use a generated profile stub from the `saf generate inspec_profile` command to create a skeleton profile structure based on the XCCDF benchmark guidance (STIG or CIS). This ensures consistency across profiles.
+::: details What if there is no existing InSpec profile?
+If the InSpec profile for your target of interest does not exist, you can generate the profile stub from the `saf generate inspec_profile` command to create a skeleton profile structure based on the XCCDF benchmark guidance (STIG or CIS). This ensures consistency across profiles.
 
 For more information on this command, refer to the documentation for [`inspec_profile`](https://saf-cli.mitre.org/#inspec-profile).
 

diff --git a/src/courses/delta/04.md b/src/courses/delta/04.md
@@ -58,16 +58,46 @@ From these results we can gather that:
 
 New guidance often contains new controls that weren't previously defined. In this case, running the delta process generates the control stubs with all metadata, except for the describe block (code) content.
 
-Suppose we want to update our [RedHat Enterprise Linux 8 STIG Baseline](https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline) from [Version 1 Release 14](https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline) to version 2 release 1.
+Suppose we want to update our [RedHat Enterprise Linux 8 STIG Baseline](https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline) from [Version 1 Release 14](https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline/releases/tag/v1.14.1) to version 2 release 1.
 
 #### Step 1: Collect necessary files
-![File directory containing an inspec profile, and XCCDF XML file, and a profile summary JSON](../../assets/img/Delta_Class/use_case_2_1.png)
+![File directory containing an inspec profile, and XCCDF XML file, and a generated profile summary JSON](../../assets/img/Delta_Class/use_case_2_1.png)
+This include the profile summary JSON file generated used `cinc-auditor json redhat-enterprise-linux-8-stig-baseline > profile.json`
 
 #### **OPTIONAL**: Run update_controls4delta
-If we were to run the update controls method on this profile, we would observe the following output:
+Running the update controls command on this profile can give us information on what needs to be updated:
+`saf generate update_controls4delta -X rhel_8_xccdf.xml -J profile.json -c ./redhat-enterprise-linux-8-stig-baseline/controls`
+
+![update_controls4delta output](../../assets/img/Delta_Class/use_case_2_2.png)
+
+From this we can gather:
+1. No existing controls needed to be renamed in the new STIG guidance (366 controls with correct identification, 0 processed files).
+2. 9 controls were removed in the updated STIG guidance (9 skipped files).
+3. 1 new control was found in the updated STIG guidance. 
+
+From this output, we know that the Delta command needs to be run, because Delta is able to generate files for new controls and make any changes needed to the other controls.
 
 #### Step 2: Run Delta
 
+Use the `delta` command to perform a delta on the profile and the STIG guidance file:
+`saf generate delta -X ./rhel_8_V2R1_xccdf.xml -J ./profile.json -r ./report.md -o ./redhat-8-updated/`
+In this case, we will be outputting a report file to `report.md` and the updated inspec profile to the `./redhat-8-updated/` directory.
+
+You should receive the following output:
+![Delta command output](../../assets/img/Delta_Class/use_case_2-3.png)
+
+The `["+","SV-268322"]` indicates that a new control was created with the ID SV-258322.
+
+After running the command, you should see the following:
+![Generated files and folders from delta](../../assets/img/Delta_Class/use_case_2-4.png)
+
+1. `redhat-8-updated` directory: A folder container the updated inspec profile.
+    ![Updated profile output directory](../../assets/img/Delta_Class/use_case_2-5.png)
+    a. A `controls` directory containing all of the updated and new controls in the STIG guidance file. This does NOT contain removed controls so no further modifications need to be done.
+    b. A delta.json file containing a JSON formatted summary of the delta process.
+2. `report.md`: Markdown report containin formatted version of delta.json summary results.
+3. `saf-cli.log` a log of the SAF CLI output from running the command
+
 **Process:** Run `delta`
 
 [return to top](#41-use-cases-for-running-delta)
@@ -76,6 +106,31 @@ If we were to run the update controls method on this profile, we would observe t
 
 Running update controls may result in no controls being updated or no mappings being found from baseline X to baseline Y. This could be due to the baselines belonging to different platforms, or too many revisions were released between the two baselines, creating no way to map between them. In this case, use Delta with fuzzy matching.
 
+In this use case, we will be mapping the Windows Server 2019 STIG profile using the Windows Server 2022 STIG guidance in order to determine how much of our old profile we can use for this new profile. The controls between these two profiles share no similarities, and there are no legacy tags in which we can correlate them together. To find out how much of our old profile we can use, do the following:
+
+#### Step 1: Collect necessary files
+![File directory containing an inspec profile, and XCCDF XML file, and a generated profile summary JSON](../../assets/img/Delta_Class/use_case_3-1.png)
+
+#### Step 2: Run the delta command with fuzzy matching
+
+To enable fuzzy matching, use the `-M` flag and specify the controls directory using the `-c` flag:
+`saf generate delta -X ./windows-server-2022-v2r2-xccdf.xml -J ./profile.json -r ./report.md -o ./windows-server-2022-stig-baseline -M -c ./microsoft-windows-server-2019-stig-baseline/controls`
+
+The output is long, but what's important is the results and statistics section:
+![Delta fuzzy matching command output](../../assets/img/Delta_Class/use_case_3-2.png)
+
+We can observe that:
+1. Delta found 266 total matches and mapped these matched controls over into the new profile.
+2. Delta was unable to find matches for 6 of the controls in the Windows Server 2022 STIG guidance (No Match Controls).
+
+Of the 273 controls specified by the Windows Server 2022 STIG guidance, delta found mappings for 266 of them. This means that about 97% of the Windows Server 2019 profile was able to be used for the Windows Server 2022 profile.
+
+Similar to use case 2, there should be the same generated files:
+1. `windows-server-2022-stig-baseline` directory containing a `controls` directory with the mapped controls and updated metadata and a `delta.json` file containing a summarized report of the delta process.
+2. `report.md`
+3. `saf-cli.log`
+
+
 **Process:** Run `delta`
 
 [return to top](#41-use-cases-for-running-delta)