First draft of Delta class

mitre · Dec 4, 2024 · 9cccb87 · 9cccb87
1 parent 37bd0a2
commit 9cccb87
Show file tree

Hide file tree

Showing 9 changed files with 12,735 additions and 10 deletions.
diff --git a/src/assets/downloads/CliProcessOutput.log b/src/assets/downloads/CliProcessOutput.log
diff --git a/src/assets/downloads/delta.json b/src/assets/downloads/delta.json
diff --git a/src/assets/downloads/report.md b/src/assets/downloads/report.md
diff --git a/src/assets/img/update_controls4delta_output.png b/src/assets/img/update_controls4delta_output.png
diff --git a/src/courses/delta/02.md b/src/courses/delta/02.md
@@ -15,6 +15,8 @@ To conduct the delta process, the following are needed:
 
 ::: note Using Generated Profile Stubs
 Although not a requirement, it is recommended to use a generated profile stub from the `saf generate inspec_profile` command to use as a skeleton profile based on the XCCDF benchmark guidance (STIG or CIS). This ensures consistency across profiles.
+
+For more information on this command, refer to the documentation for [`inspec_profile`](https://saf-cli.mitre.org/#inspec-profile)
 :::
 
 The [Delta CLI Tools section](./03.md#31-cli-tools) covers specific requirements for both the `delta` and `update_controls4delta` commands.

diff --git a/src/courses/delta/03.md b/src/courses/delta/03.md
@@ -53,16 +53,19 @@ If there is no way to trace controls in baseline X to its corresponding controls
 The `delta` process extends the capabilities of the `update_controls4delta` process by providing the following functionalities:
 
 1. Creates new controls found in updated guidances
-3. Fuzzy matching capability (optional)
+2. Fuzzy matching capability (optional)
     a - Maps controls based on similarity and not control IDs
     b - For controls which a match is found, the describe block (code) within the old control is mapped over to the new control
 3. Detailed logging
     a - report file (.md), mapping statistics (CliProcessOutput.log)
+<br>
 
 You can invoke the command as such:
 ```
 saf generate delta -X ./baseline_Y_xccdf_guidance_file.xml -J baseline_X_summary.json -o new_baseline_Y_controls_directory -M -c baseline_X_controls_directory
 ```
+<br>
+
 ::: tip Optional Fuzzy Matching Flags
 The `-M` and `-c` flags can be removed if not using fuzzy matching feature.
 :::
@@ -76,6 +79,7 @@ For more information on these commands, refer to the following documentation:
 
 - [update_controls4delta](https://saf-cli.mitre.org/#delta-supporting-options)
 - [saf generate delta](https://saf-cli.mitre.org/#delta)
+<br>
 
 ::: warning Delta Process Limitations
 This process has been tested using DISA XCCDF STIG Benchmark Guidances only.

diff --git a/src/courses/delta/05.md b/src/courses/delta/05.md
@@ -6,12 +6,37 @@ author: Daniel Medina, George Dias
 ---
 ## 5.1 Logging Capabilities of Delta
 
-### 5.1.1 Report Markdown File (.md)
 
-Specified by the report flag (`-r`)
+### 5.1.1 CLIProcessOutput.log
+
+A detailed log of the output of the command execution with additional information and metadata. 
+
+[Example Log File Output](../../assets/downloads/CliProcessOutput.log)
 
 ### 5.1.2 delta.json
 
-### 5.1.3 CLIProcessOutput.log
+Automatically generated and outputted to the same directory as the outputted profile controls, this JSON file summarizes the results of the delta process. 
+
+Results are summarized at the top of the report according to the type of change:
+1. addedControlIDs: A list of new controls added to the profile
+2. removedControlIDs: A list of controls removed from the profile
+3. renamedControlIDs: A list of controls that had their IDs change
+4. changedControlIDs: A list of controls with changes to the metadata
+
+Details of the changes are given afterwards as follows:
+
+1. addedControls: The contents of each control that was added to the profile
+2. changedControls: The parts of each control that were modified / replaced during the command execution
+
+[Example delta.json file](../../assets/downloads/delta.json)
+
+### 5.1.3 Report Markdown File (.md)
+
+Specified by the report flag (`-r`), generates a markdown formatted report of the same information found in the delta.json file.
+
+[Example Report Markdown File](../../assets/downloads/report.md)
+
+
+## 5.2 Logging Capabilities of Update Controls
 
-Outputted to the directory where the delta process is being executed. 
+![Example Output from update_controls4delta](../../assets/img/update_controls4delta_output.png)
diff --git a/src/courses/delta/06.md b/src/courses/delta/06.md
@@ -7,11 +7,11 @@ author: Daniel Medina, George Dias
 
 ## 6.1 InSpec Delta Formatting Process
 
-### 6.1.2 Preparing the Profile Before Running Delta Process
-
 Before performing delta process, it's beneficial to use a common format. Follow these steps:
 
-1. **Run Rubocop:** Install the Cookstyle gem and use it to lint the controls into Cookstyle format. Verify the gem installation with `gem list rubocop`. Create a `.rubocop.yml` file with the provided example settings or modify these settings via the command line. Run `rubocop -a ./controls`.
+### 6.1.1 Preparing the Profile Before Running Delta Process
+
+1. **Run Rubocop:** Install the Rubocop gem and use it to lint the controls into Cookstyle format. Verify the gem installation with `gem list rubocop`. Create a `.rubocop.yml` file with the provided example settings or modify these settings via the command line. Run `rubocop -a ./controls`.
 
 ::: details Rubocop Configuration File (rubocop.yml)
 ```
@@ -315,15 +315,20 @@ Style/SwapValues: # new in 1.1
 
 ## 6.2 Testing Commands
 
+Upon completion of the delta process, you may want to test the correctness of the new and updated controls.
+
 ### 6.2.1 Linting and validating controls:
 
+The current available commands for testing are:
+
 ```
   bundle exec rake [inspec or cinc-auditor]:check # validate the inspec profile
   bundle exec rake lint                           # Run RuboCop
   bundle exec rake lint:autocorrect               # Autocorrect RuboCop offenses (only when it's safe)
   bundle exec rake lint:autocorrect_all           # Autocorrect RuboCop offenses (safe and unsafe)
-  bundle exec rake pre_commit_checks              # pre-commit checks
+  bundle exec rake pre_commit_checks              # Ensure the controls are ready to be committed into the repo
 ```
+<br>
 
 :::note Profile Controls Formatting
 In the past, cookstyle format was used. However, support for cookstyle formatted profiles is limited and is geared more towards Chef cookbooks. Profile controls are written in ruby code, hence rubocop is preferred.

diff --git a/src/courses/delta/README.md b/src/courses/delta/README.md
@@ -15,8 +15,9 @@ By the end of this class, you should be able to:
 - Understand the purpose of the SAF Delta process tools, `update_controls4delta` and `delta`
 - Use these tools to update inspec profiles
 - Understand how and where to apply these tools in different situations (Use Cases)
+- Use the delta fuzzy matching system to map controls between two profiles
 - Be familiar with the delta process logging capabilities and generated artifacts
-- Using the delta fuzzy matching system to map controls between two profiles by using
+- Know how to format Inspec profile controls before and/or after executing delta commands
 
 ### 1.2 The Road to Conducting the Delta Process