From e3892f70de3c8c5e811f8915656e6833d717f1c4 Mon Sep 17 00:00:00 2001 From: George M Dias Date: Fri, 13 Dec 2024 15:53:01 -0600 Subject: [PATCH] added proposed modifications+1 Signed-off-by: George M Dias --- src/courses/delta/03.md | 21 ++++++++++++++------- src/courses/delta/README.md | 2 +- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/courses/delta/03.md b/src/courses/delta/03.md index 1cd24bf1a..807ff6882 100644 --- a/src/courses/delta/03.md +++ b/src/courses/delta/03.md @@ -29,19 +29,22 @@ The `update_controls4delta` process may be the only command needed as it specifi The process of preparing controls from one baseline to another (baseline X to Y) consists of: 1. The directory where baseline X controls are located is provided. -3. An InSpec json formatted file containing all baseline X controls is provided or generated. +2. An InSpec json formatted file containing all baseline X controls is provided or generated. a - The json file is generated using the [inspec or cinc-auditor] json CLI command 3. A XCCDF file containing the new baseline Y guidance is provided. The file is obtained from the appropriate site. a - The baseline Y XCCDF lists all controls appropriate for the provided baseline. It also includes (most often) a field (legacy) where it indicates the control's previous name(s). The process uses this field to map old control names to the new controls. b - If there is no mapping found, then the `delta` process must be invoked to convert the baselines ([see use cases](./04.html#use-cases-for-running-delta)) You can invoke the command as such: -``` -saf generate update_controls4delta -X ./baseline_Y_xccdf_guidance_file.xml -J baseline_X_summary.json -c baseline_X_controls_directory +```sh +saf generate update_controls4delta \ +-X ./baseline_Y_xccdf_guidance_file.xml \ +-J baseline_X_summary.json \ +-c baseline_X_controls_directory ``` Additional capabilities can be obtained using the `-h or --help` flag on the `update_controls4delta` command as such: -``` +```sh saf generate update_controls4delta --help ``` @@ -62,8 +65,12 @@ The `delta` process extends the capabilities of the `update_controls4delta` proc
You can invoke the command as such: -``` -saf generate delta -X ./baseline_Y_xccdf_guidance_file.xml -J baseline_X_summary.json -o new_baseline_Y_controls_directory -M -c baseline_X_controls_directory +```sh +saf generate delta \ +-X ./baseline_Y_xccdf_guidance_file.xml \ +-J baseline_X_summary.json \ +-o new_baseline_Y_controls_directory \ +-M -c baseline_X_controls_directory ```
@@ -72,7 +79,7 @@ The `-M` and `-c` flags can be removed if not using fuzzy matching feature. ::: Additional capabilities can be obtained using the `-h or --help` flag on the `delta` command as such: -``` +```sh saf generate delta --help ``` diff --git a/src/courses/delta/README.md b/src/courses/delta/README.md index 9d93e0ce6..d8581dd2a 100644 --- a/src/courses/delta/README.md +++ b/src/courses/delta/README.md @@ -27,4 +27,4 @@ that demands importance vigilance of continuous monitoring and notification of v To effectively established an ongoing monitoring process, we need to know what to check for, and update the content being checked as vulnerabilities are identified. The MITRE training class [Beginner Security Automation Developer Class](https://deploy-preview-256--mitre-saf-training.netlify.app/courses/beginner/) provides an insight on how to use InSpec Profiles (a collection of automated tests) to conduct testes based on some security guidances. -As long as the testes are based on valid security guidances all is well, but the moment the security guidances change, the tests become obsolete and require new tests or existing tests to be updated, that is where the `delta` process comes in to the rescue. +As long as the testes are based on valid security guidances all is well, but the moment the security guidances change, the tests become obsolete and require new tests or existing tests to be updated, that is where the `delta` process comes into the rescue.