Skip to content

Supplement HDF files with additional information (ex. `passthrough`, `target`)

Jump to bottom
Amndeep Singh Mann edited this page Sep 29, 2022 · 1 revision

Supplement (ex. read or modify) elements that provide contextual information in an HDF file such as passthrough or target.

Passthrough

Passthrough data can be any valid context and structure.

Examples

A sample passthrough JSON used to provide CDM context could be something like this:

{
  "CDM": {
    "HWAM": {
      "Asset_ID_Tattoo": "arn:aws:ec2:us-east-1:123456789012:instance/i-12345acbd5678efgh90",
      "Data_Center_ID": "1234-5678-ABCD-1BB1-CC12DD34EE56FF78",
      "FQDN": "i-12345acbd5678efgh90.ec2.internal",
      "Hostname": "i-12345acbd5678efgh90",
      "ipv4": "10.0.1.25",
      "ipv6": "none defined",
      "mac": "02:32:fd:e3:68:a1",
      "os": "Linux",
      "FISMA_ID": "ABCD2C21-7781-92AA-F126-FF987CZZZZ"
    },
    "CSM": {
      "Server_Type": "member server",
      "source_tool": "InSpec"
    }
  }
}

A passthrough JSON can be used to provide context for a converted scan:

{
  "raw": "the original scan in string format if it were non-JSON in origin, ex. XCCDF files are XML based",
  "auxiliary_data": {
    "data": "that doesn't fit nicely in the other HDF attributes",
    "can": "instead be stored in this open-ended section"
  },
  "you": "can have other top level attributes beyond 'raw' and 'auxiliary_data'"
}

A passthrough JSON does not need to be an object:

"it could be a string, a number, an array, or any other valid JSON construct"

Target

Target data can be any valid context and structure.

Examples

A sample target json used to provide AWS Resource context could be something like this:

{
  "AWS":{
    "Resources":[
      {
        "Type":"AwsEc2Instance",
        "Id":"arn:aws:ec2:us-east-1:123456789012:instance/i-06036f0ccaa012345",
        "Partition":"aws",
        "Region":"us-east-1",
        "Details":{
          "AwsEc2Instance":{
            "Type":"t2.medium",
            "ImageId":"ami-0d716eddcc7b7abcd",
            "IpV4Addresses":[
              "10.0.0.27"
            ],
            "KeyName":"rhel7_1_10152021",
            "VpcId":"vpc-0b53ff8f37a06abcd",
            "SubnetId":"subnet-0ea14519a4ddaabcd"
          }
        }
      }
    ]
  }
}

A target JSON does not need to be an object:

"it could be a string, a number, an array, or any other valid JSON construct"

Streamline security automation for systems and DevOps pipelines with the SAF CLI

image

SAF CLI

Support utility for security automation

Table of Contents

Common Instructions

Developers Corner

InSpec Profiles

Other Documentation

Clone this wiki locally