How to recommend development of a mapper
To recommend the development of a new converted from a given cyber security tool to the Heimdall Data Format (HDF), that can be viewable in Heimdall.
- Create an issue, and email (saf@groups.mitre.org) citing the issue link so we can help
- Provide a sample output, preferably the most detailed the tool can provide, and also preferably in a machine-readable format, such as xml, json, or csv - whichever is natively available. If it is sensitive we'll work that in #3. (If it's an API only, we'll also just talk about it in #3)
- Let's arrange a time to take a close look at the data it provides to get an idea of all it has to offer. We'll suggest an initial mapping of the HDF core elements.
- Note: if the tool doesn't provide a NIST SP 800-53 reference, we've worked on mappings to other references such as CWE or OWASP Top 10. (If you're working with CVE Associations then the default NIST tags are SI-2 and RA-5)
- If the tool doesn't provide something for #4, or another core element such as impact, we'll help you identify a custom mapping approach.
- We'll help you decide how to preserve any other information (non-core elements) the tool provides to ensure that all of the original tool's intent comes through for the user when the data is viewed in Heimdall.
- Finally, we'll provide a final peer review and support merging your pull request.
We appreciate your contributions, and we're here to help!
- Home
- How to create a release
- Splunk Configuration
- Supplement HDF Configuration
- Validation with Thresholds
- SAF CLI Delta Process
- Mapper Creation Guide for HDF Converters
- How to create a SAF CLI
- How to recommend development of a mapper
- Use unreleased version of a package from the Heimdall monorepo in the SAF CLI
- Troubleshooting