Home

Welcome to the SAF CLI wiki!

The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.

---

Content	Description
Common Instructions
How to create a SAF CLI release	Documents the process for creating a SAF CLI release
Splunk Configuration	Documentation on how to configure Splunk to use with the hdf2splunk CLI
Supplement HDF Configuration	Documentation on how to configure supplement (ex. read or modify) elements that provide contextual information in an HDF file such as passthrough or target
Validation with Thresholds	Documentation about how to do Validation of compliance via the SA CLI
Developers Corner
SAF CLI Delta Process	Provides information about how to invoke the SAF CLI Delta process
Mapper Creation Guide for HDF Converters	HDF Mapper and Converter Creation Guide (for SAF CLI & Heimdall2)
How to create a SAF CLI	Documents the process for creating a SAF CLI
How to recommend development of a mapper	Documentation on how to develop a mapper
Use unreleased version of a package from the Heimdall monorepo in the SAF CLI	Documentation on how to use an unreleased version (example: from a branch) of a package from the Heimdall monorepo in the SAF CLI
Troubleshooting	List known issues while configuring and developing the SAF-CLI (WIP)
InSpec Profiles
How to Create an InSpec Profile Release	Documents the process for creating an InSpec Profile release
InSpec Profiles General Information	Documents common information about InSpec profile controls
Other Documentation
SAF-CLI Security Control Responses	Based on the Application Security & Development STIG guidance