Validation with Thresholds
Validation of compliance from results sets is achieved through the saf validate:threshold command using values defined in a YAML file, which can be generated using saf generate:threshold
For example, to generate a threshold YAML file based off of a known-good results set:
saf generate:threshold --input ./path/to/your/hdf/file.json --output thresholds.yml
And then to validate the compliance of a file:
saf validate:threshold --templateFile ./thresholds.yml --input ./path/to/some/other/hdf/file.json
Note: Total Minimums/Maximums are available as of version 1.1.10.
Minimum 80% compliance, minimum of 10 passed controls, maximum of 2 failed controls
compliance:
min: 80
passed:
total:
min: 18
failed:
total:
max: 2compliance:
min: 95
failed:
critical:
max: 0
high:
max: 0
skipped:
total:
max: 0
error:
total:
max: 0compliance:
min: 83
max: 83
passed:
critical:
min: 0
max: 0
high:
min: 19
max: 19
medium:
min: 159
max: 159
low:
min: 8
max: 8
failed:
critical:
min: 0
max: 0
high:
min: 3
max: 3
medium:
min: 18
max: 18
low:
min: 6
max: 6
skipped:
critical:
min: 0
max: 0
high:
min: 2
max: 2
medium:
min: 7
max: 7
low:
min: 0
max: 0
error:
critical:
min: 0
max: 0
high:
min: 0
max: 0
medium:
min: 1
max: 1
low:
min: 0
max: 0
no_impact:
none:
min: 24
max: 24Control level passed, failed,not reviewed, not applicable and error and at what Impact - Critical, High, Medium or Low - those results should be
Control level using the -c option - uses our nginx-sample.json report to allow the user to define the expected control status of each control in the profile and how many controls in each 'bucket' of passed, failed,not reviewed, not applicable and error and at what Impact - Critical, High, Medium or Low - those results should be.
saf generate threshold -i nginx-sample.json -c -o nginx-threshold.ymlcompliance:
min: 4
passed:
critical:
min: 0
high:
min: 0
medium:
min: 2
controls:
- V-41699
- V-41701
low:
min: 0
total:
min: 2
failed:
critical:
max: 0
high:
max: 0
medium:
max: 1
controls:
- V-55945
low:
max: 0
total:
max: 1
skipped:
critical:
max: 0
high:
max: 0
medium:
max: 16
controls:
- V-40792
- V-41674
- V-41684
- V-41693
- V-41694
- V-41698
- V-41702
- V-41807
- V-41811
- V-55955
- V-55973
- V-55975
- V-55983
- V-56005
- V-56021
- V-56029
low:
max: 0
total:
max: 16
error:
critical:
max: 0
high:
max: 0
medium:
max: 27
controls:
- V-40800
- V-40819
- V-41670
- V-41671
- V-41672
- V-41695
- V-41700
- V-41706
- V-41730
- V-41731
- V-41738
- V-41745
- V-41746
- V-55985
- V-55987
- V-55991
- V-56001
- V-56003
- V-56007
- V-56009
- V-56011
- V-56013
- V-56015
- V-56017
- V-56025
- V-56033
- V-61353
low:
max: 0
total:
max: 27
no_impact:
none:
max: 43
controls:
- V-40791
- V-40799
- V-41600
- V-41609
- V-41611
- V-41612
- V-41613
- V-41614
- V-41615
- V-41616
- V-41617
- V-41620
- V-41668
- V-41696
- V-41703
- V-41704
- V-41812
- V-41821
- V-41833
- V-41852
- V-41854
- V-41855
- V-55947
- V-55949
- V-55951
- V-55953
- V-55957
- V-55959
- V-55961
- V-55969
- V-55971
- V-55977
- V-55979
- V-55981
- V-55989
- V-55993
- V-55995
- V-55997
- V-55999
- V-56019
- V-56027
- V-56031
- V-56035
total:
max: 43
- Home
- How to create a release
- Splunk Configuration
- Supplement HDF Configuration
- Validation with Thresholds
- SAF CLI Delta Process
- Mapper Creation Guide for HDF Converters
- How to create a SAF CLI
- How to recommend development of a mapper
- Use unreleased version of a package from the Heimdall monorepo in the SAF CLI
- Troubleshooting