emasser 1.0.3 → 1.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.env-example +2 -0
- data/.github/workflows/gh-pages.yml +4 -5
- data/.github/workflows/release.yml +9 -9
- data/Dockerfile +6 -4
- data/Gemfile +1 -1
- data/Gemfile.lock +23 -30
- data/README.md +87 -78
- data/docs/features.md +343 -207
- data/docs/images/emasser_architecture.jpg +0 -0
- data/emasser.gemspec +5 -3
- data/images/emasser_architecture.jpg +0 -0
- data/images/emasser_diagram-Page-3.jpg +0 -0
- data/lib/emasser/cli.rb +2 -2
- data/lib/emasser/configuration.rb +1 -0
- data/lib/emasser/constants.rb +11 -3
- data/lib/emasser/delete.rb +9 -7
- data/lib/emasser/get.rb +43 -48
- data/lib/emasser/help/cloudresource_post_mapper.md +62 -0
- data/lib/emasser/help/container_post_mapper.md +44 -0
- data/lib/emasser/output_converters.rb +101 -4
- data/lib/emasser/post.rb +231 -38
- data/lib/emasser/put.rb +23 -16
- data/lib/emasser/version.rb +1 -1
- metadata +19 -25
- data/.github/workflows/generate_docs.yml +0 -33
- data/docs/developers.md +0 -115
- data/docs/swagger/dist/favicon-16x16.png +0 -0
- data/docs/swagger/dist/favicon-32x32.png +0 -0
- data/docs/swagger/dist/oauth2-redirect.html +0 -75
- data/docs/swagger/dist/swagger-ui-bundle.js +0 -3
- data/docs/swagger/dist/swagger-ui-bundle.js.map +0 -1
- data/docs/swagger/dist/swagger-ui-es-bundle-core.js +0 -3
- data/docs/swagger/dist/swagger-ui-es-bundle-core.js.map +0 -1
- data/docs/swagger/dist/swagger-ui-es-bundle.js +0 -3
- data/docs/swagger/dist/swagger-ui-es-bundle.js.map +0 -1
- data/docs/swagger/dist/swagger-ui-standalone-preset.js +0 -3
- data/docs/swagger/dist/swagger-ui-standalone-preset.js.map +0 -1
- data/docs/swagger/dist/swagger-ui.css +0 -4
- data/docs/swagger/dist/swagger-ui.css.map +0 -1
- data/docs/swagger/dist/swagger-ui.js +0 -3
- data/docs/swagger/dist/swagger-ui.js.map +0 -1
- data/docs/swagger/index.html +0 -60
data/docs/features.md
CHANGED
|
@@ -1,9 +1,17 @@
|
|
|
1
1
|
# emasser CLI Features
|
|
2
2
|
|
|
3
|
-
##
|
|
4
|
-
To facilitate setting the required environment variables the emasser CLI utilized the zero-dependency module to load these variables from a
|
|
3
|
+
## Environment Variables
|
|
4
|
+
To facilitate setting the required environment variables the `emasser `CLI utilized the zero-dependency module to load these variables from a `.env` file.
|
|
5
5
|
|
|
6
|
-
|
|
6
|
+
### Configuring the `.env` File
|
|
7
|
+
An `.env-example` file is provided with the required and optional fields.
|
|
8
|
+
|
|
9
|
+
Modify the `.env_example` as necessary and save it as a `.env` file.
|
|
10
|
+
|
|
11
|
+
Place the file on the path where the `emasser` command is executed.
|
|
12
|
+
|
|
13
|
+
### Required and Optional Environment Variables
|
|
14
|
+
The following environment variables are required:
|
|
7
15
|
* EMASSER_API_KEY_API_KEY=`<API key>`
|
|
8
16
|
* EMASSER_API_KEY_USER_UID=`<unique identifier for the API Key (EMASSER_API_KEY_API_KEY)`
|
|
9
17
|
* EMASSER_HOST=`<FQDN of the eMASS server>`
|
|
@@ -11,26 +19,31 @@ emasser environment variables (required):
|
|
|
11
19
|
* EMASSER_CERT_FILE_PATH=`<path to your eMASS certificate in PEM format>`
|
|
12
20
|
* EMASSER_KEY_PASSWORD=`<password for the key given in EMASSER_KEY_FILE_PATH>`
|
|
13
21
|
|
|
14
|
-
|
|
15
|
-
* EMASSER_CLIENT_SIDE_VALIDATION=`<client side validation - true or false>`
|
|
16
|
-
* EMASSER_VERIFY_SSL=`<verify SSL - true or false>`
|
|
17
|
-
* EMASSER_VERIFY_SSL_HOST=`<verify host SSL - true or false>`
|
|
18
|
-
* EMASSER_DEBUGGING=`<set debugging - true or false>`
|
|
22
|
+
The following environment variables are *optional:
|
|
23
|
+
* EMASSER_CLIENT_SIDE_VALIDATION=`<client side validation - true or false (default true)>`
|
|
24
|
+
* EMASSER_VERIFY_SSL=`<verify SSL - true or false (default true)>`
|
|
25
|
+
* EMASSER_VERIFY_SSL_HOST=`<verify host SSL - true or false (default true)>`
|
|
26
|
+
* EMASSER_DEBUGGING=`<set debugging - true or false (default false)>`
|
|
27
|
+
* EMASSER_CLI_DISPLAY_NULL=`<display null value fields - true or false (default true)>`
|
|
28
|
+
* EMASSER_POCH_TO_DATETIME=`<convert epoch to data/time value - true or false (default false)>`
|
|
29
|
+
|
|
30
|
+
\* If not provided defaults are used
|
|
31
|
+
|
|
32
|
+
The proper format to set these variables in the `.env` files is as follows:
|
|
33
|
+
```bash
|
|
34
|
+
export [VARIABLE_NAME]='value'
|
|
35
|
+
```
|
|
36
|
+
***NOTE***
|
|
37
|
+
`emasser` requires authentication to an eMASS instance as well as authorization to use the eMASS API. This authentication and authorization is **not** a function of `emasser` and needs to be accomplished with the eMASS instances owner organization. Further information about eMASS credential requirements refer to [Defense Counterintelligence and Security Agency](https://www.dcsa.mil/is/emass/) about eMASS access.
|
|
19
38
|
|
|
39
|
+
---
|
|
20
40
|
## Common emasser Endpoint Requests Information
|
|
21
41
|
- To invoke any boolean parameters use --parameterName for TRUE and --no-parameterName for FALSE
|
|
22
|
-
- The eMASS API provides the capability of updating multiple entries within several endpoints, however
|
|
42
|
+
- The eMASS API provides the capability of updating multiple entries within several endpoints, however the `emasser` CLI, in some cases only supports updating one entry at the time.
|
|
23
43
|
|
|
24
44
|
## Invoking emasser CLI Commands
|
|
25
45
|
|
|
26
|
-
The CLI invoke commands listed in this document shows them when executing from the source code (after a pull from GitHub).
|
|
27
|
-
- Invoking the GET systems endpoint from the source code is:
|
|
28
|
-
|
|
29
|
-
bundle exec exe/emasser get systems all
|
|
30
|
-
|
|
31
|
-
- Invoking the GET systems endpoint from the compile binary (.gem) is:
|
|
32
|
-
|
|
33
|
-
emasser get systems all
|
|
46
|
+
The CLI invoke commands listed in this document shows them when executing from the source code (after a pull from GitHub). Please reference the [`emasser` README](https://mitre.github.io/emasser/) on how to invoke the CLI using other available executables (gem or docker).
|
|
34
47
|
|
|
35
48
|
## API Endpoints Provided
|
|
36
49
|
|
|
@@ -38,10 +51,11 @@ The CLI invoke commands listed in this document shows them when executing from t
|
|
|
38
51
|
* [/api](#get-test-connection)
|
|
39
52
|
* [/api/system](#get-system)
|
|
40
53
|
* [/api/systems](#get-systems)
|
|
54
|
+
* [/api/systems/{systemId}](#get-system)
|
|
41
55
|
* [/api/system-roles](#get-roles)
|
|
42
56
|
* [/api/system-roles/{roleCategory}](#get-roles)
|
|
43
57
|
* [/api/systems/{systemId}/controls](#get-controls)
|
|
44
|
-
* [/api/systems/{systemId}/test-results](#get-
|
|
58
|
+
* [/api/systems/{systemId}/test-results](#get-testresults)
|
|
45
59
|
* [/api/systems/{systemId}/poams](#get-poams)
|
|
46
60
|
* [/api/systems/{systemId}/poams/{poamId}](#get-poams)
|
|
47
61
|
* [/api/systems/{systemId}/poams/{poamId}/milestones](#get-milestones)
|
|
@@ -51,8 +65,8 @@ The CLI invoke commands listed in this document shows them when executing from t
|
|
|
51
65
|
* [/api/systems/{systemId}/approval/cac](#get-cac)
|
|
52
66
|
* [/api/systems/{systemId}/approval/pac](#get-pac)
|
|
53
67
|
* [/api/cmmc-assessments](#get-cmmc)
|
|
54
|
-
* [/api/workflow-definitions](#get-
|
|
55
|
-
* [/api/systems/{systemId}/workflow-instances](#get-
|
|
68
|
+
* [/api/workflow-definitions](#get-workflowdefinitions)
|
|
69
|
+
* [/api/systems/{systemId}/workflow-instances](#get-workflowinstances)
|
|
56
70
|
|
|
57
71
|
### POST
|
|
58
72
|
* [/api/systems/{systemId}/test-results](#post-test_results)
|
|
@@ -62,6 +76,8 @@ The CLI invoke commands listed in this document shows them when executing from t
|
|
|
62
76
|
* [/api/systems/{systemId}/approval/cac](#post-cac)
|
|
63
77
|
* [/api/systems/{systemId}/approval/pac](#post-pac)
|
|
64
78
|
* [/api/systems/{systemId}/static-code-scans](#post-static_code_scan)
|
|
79
|
+
* [/api/systems/{systemId}/cloud-resource-results](#post-cloudresource)
|
|
80
|
+
* [/api/systems/{systemId}/container-scan-results](#post-container)
|
|
65
81
|
|
|
66
82
|
### PUT
|
|
67
83
|
* [/api/systems/{systemId}/controls](#put-controls)
|
|
@@ -77,77 +93,76 @@ The CLI invoke commands listed in this document shows them when executing from t
|
|
|
77
93
|
## Endpoints CLI help
|
|
78
94
|
|
|
79
95
|
Each CLI endpoint command has several layers of help.
|
|
80
|
-
- Using `help` after a `get, put, post, or delete` command lists all available endpoint calls
|
|
96
|
+
- Using `help` after a `get, put, post, or delete` command lists all available endpoint calls. The following command would list all available `GET` endpoints commands.
|
|
81
97
|
|
|
82
|
-
```
|
|
98
|
+
```bash
|
|
83
99
|
$ bundle exec exe/emasser get help
|
|
100
|
+
Commands:
|
|
101
|
+
emasser get artifacts # Get system Artifacts
|
|
102
|
+
emasser get cac # Get location of one or many controls in...
|
|
103
|
+
emasser get cmmc # Get CMMC assessment information
|
|
104
|
+
emasser get controls # Get system Controls
|
|
105
|
+
emasser get help [COMMAND] # Describe subcommands or one specific su...
|
|
106
|
+
emasser get milestones # Get system Milestones
|
|
107
|
+
emasser get pac # Get status of active workflows in a system
|
|
108
|
+
emasser get poams # Get system Poams
|
|
109
|
+
emasser get roles # Get all system roles or by category Id
|
|
110
|
+
emasser get system # Get a system ID given name/owner, or ge...
|
|
111
|
+
emasser get systems # Get all systems
|
|
112
|
+
emasser get test # Test connection to the configured eMASS...
|
|
113
|
+
emasser get test_results # Get system Test Results
|
|
114
|
+
emasser get workflow_definitions # Get workflow definitions in a site
|
|
115
|
+
emasser get workflow_instances # Get workflow instance by system and/or ...
|
|
84
116
|
```
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
- emasser get approval ...
|
|
89
|
-
- emasser get artifacts ...
|
|
90
|
-
- emasser get controls ...
|
|
91
|
-
- emasser get help [COMMAND] ...
|
|
92
|
-
- emasser get poams ...
|
|
93
|
-
- emasser get roles ...
|
|
94
|
-
- emasser get system [--system-name [SYSTEM_NAME]] [--system-owner [SYSTEM_OW...
|
|
95
|
-
- emasser get systems [options] ...
|
|
96
|
-
- emasser get test_results ...
|
|
97
|
-
|
|
98
|
-
- Preceding any command with `help` provides help for the command
|
|
99
|
-
|
|
100
|
-
```
|
|
117
|
+
- Preceding any command with `help` provides help for the command. The following command would list all available sub-commands and options for the `get artifacts` endpoint command.
|
|
118
|
+
```bash
|
|
101
119
|
$ bundle exec exe/emasser get help artifacts
|
|
120
|
+
commands:
|
|
121
|
+
emasser get artifacts export --filename=FILENAME --systemId=N # Get artifa...
|
|
122
|
+
emasser get artifacts forSystem --systemId=N # Get all sy...
|
|
123
|
+
emasser get artifacts help [COMMAND] # Describe s...
|
|
102
124
|
```
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
- emasser get artifacts help [COMMAND] # Describe s...
|
|
106
|
-
- emasser get artifacts system --systemId=N # Get all sy...
|
|
107
|
-
|
|
108
|
-
- Using `help` after any command lists all available options
|
|
109
|
-
|
|
110
|
-
```
|
|
125
|
+
- Using `help` after any command lists all available options. The following command would list all available options for the `get artifacts export` endpoint command.
|
|
126
|
+
```bash
|
|
111
127
|
$ bundle exec exe/emasser get artifacts help export
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
- Usage:
|
|
115
|
-
- emasser get artifacts export --filename=FILENAME --systemId=N
|
|
116
|
-
- Options:
|
|
117
|
-
- --systemId=N # A numeric value representing the system identification
|
|
118
|
-
- --filename=FILENAME # The artifact file name
|
|
119
|
-
- --compress # BOOLEAN - true or false.
|
|
128
|
+
Usage:
|
|
129
|
+
emasser get artifacts export --filename=FILENAME --systemId=N
|
|
120
130
|
|
|
121
|
-
|
|
131
|
+
Options:
|
|
132
|
+
--systemId=N # A numeric value representing the system identification
|
|
133
|
+
--filename=FILENAME # The artifact file name
|
|
134
|
+
[--compress], [--no-compress] # BOOLEAN - true or false.
|
|
135
|
+
```
|
|
136
|
+
**The same format is applicable for POST, PUT and DELETE requests as well, however there may be additional help content**
|
|
122
137
|
|
|
123
138
|
|
|
124
139
|
## Usage - GET
|
|
125
140
|
|
|
126
|
-
### ```get test connection```
|
|
127
|
-
[top](#api-endpoints-provided)
|
|
128
|
-
|
|
141
|
+
### ```get test connection```
|
|
129
142
|
---
|
|
130
143
|
The Test Connection endpoint provides the ability to verify connection to the web service.
|
|
131
144
|
|
|
132
145
|
$ bundle exec exe/emasser get test connection
|
|
133
146
|
|
|
134
147
|
A return of success from the call indicates that the CLI can reach the configure server URL.
|
|
135
|
-
References [Required Environment Variables](#required-environment-variables)
|
|
148
|
+
References [Required Environment Variables](#required-environment-variables) for the necessary environment variables.
|
|
136
149
|
|
|
137
|
-
### ```get system```
|
|
138
150
|
[top](#api-endpoints-provided)
|
|
139
151
|
|
|
152
|
+
### ```get system```
|
|
153
|
+
|
|
140
154
|
---
|
|
141
|
-
The `get system
|
|
155
|
+
The `get system` command is not a sanctioned eMASS endpoint, it makes use of the `get systems` endpoint with added business logic.
|
|
156
|
+
|
|
157
|
+
There are two commands provided by the get system:
|
|
142
158
|
|
|
143
|
-
The `get system
|
|
159
|
+
- The `get system id` - returns system ID's based on the system `name` or `owner`
|
|
160
|
+
- The `get system byId` - returns the system content for parameter system ID
|
|
144
161
|
|
|
145
162
|
### get system id
|
|
146
163
|
Retrieves a system identification based on the SYSTEM_NAME (name) or SYSTEM_OWNER (systemOwner) fields.
|
|
147
164
|
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
To invoke the `get system` use the following command:
|
|
165
|
+
To invoke the `get system id` use the following command:
|
|
151
166
|
|
|
152
167
|
$ bundle exec exe/emasser get system id --system_name "system name" --system_owner "system owner"
|
|
153
168
|
|
|
@@ -157,7 +172,7 @@ If using a platform that has `awk` installed the following command can be used t
|
|
|
157
172
|
|
|
158
173
|
|
|
159
174
|
### get system byId
|
|
160
|
-
|
|
175
|
+
Retrieves the system content for provided identification (ID) number. To invoke the endpoint use the following command:
|
|
161
176
|
|
|
162
177
|
$ bundle exec exe/emasser get system byId
|
|
163
178
|
|
|
@@ -174,14 +189,16 @@ To view a system by its identification (Id) use the following command:
|
|
|
174
189
|
|--includePackage |BOOLEAN - true or false |
|
|
175
190
|
|--policy |Possible values: diacap, rmf, reporting |
|
|
176
191
|
|
|
192
|
+
[top](#api-endpoints-provided)
|
|
177
193
|
|
|
178
194
|
### ```get systems```
|
|
179
|
-
[top](#api-endpoints-provided)
|
|
180
195
|
|
|
181
196
|
----
|
|
182
|
-
To
|
|
183
|
-
|
|
197
|
+
To retrieve controls use the following command:
|
|
198
|
+
- all - Retrieves all available systems
|
|
199
|
+
```
|
|
184
200
|
$ bundle exec exe/emasser get systems all
|
|
201
|
+
```
|
|
185
202
|
|
|
186
203
|
- Optional parameters are:
|
|
187
204
|
|
|
@@ -194,12 +211,11 @@ To view systems use the following command:
|
|
|
194
211
|
|--includePackage |BOOLEAN - true or false |
|
|
195
212
|
|--policy |Possible values: diacap, rmf, reporting |
|
|
196
213
|
|--registrationType |Possible values: assessAndAuthorize, assessOnly, guest, regular, functional, |
|
|
197
|
-
| |
|
|
214
|
+
| | cloudServiceProvider, commonControlProvider |
|
|
198
215
|
|--reportsForScorecard |BOOLEAN - true or false |
|
|
199
216
|
|
|
200
|
-
|
|
201
|
-
### ```get roles```
|
|
202
217
|
[top](#api-endpoints-provided)
|
|
218
|
+
### ```get roles```
|
|
203
219
|
|
|
204
220
|
----
|
|
205
221
|
There are two get endpoints for system roles:
|
|
@@ -225,12 +241,11 @@ There are two get endpoints for system roles:
|
|
|
225
241
|
|--policy |Possible values: diacap, rmf, reporting |
|
|
226
242
|
|--includeDecommissioned |BOOLEAN - true or false |
|
|
227
243
|
|
|
228
|
-
|
|
229
|
-
### ```get controls```
|
|
230
244
|
[top](#api-endpoints-provided)
|
|
245
|
+
### ```get controls```
|
|
231
246
|
|
|
232
247
|
----
|
|
233
|
-
To
|
|
248
|
+
To retrieve controls use the following command:
|
|
234
249
|
|
|
235
250
|
$ bundle exec exe/emasser get controls forSystem --systemId=SYSTEMID
|
|
236
251
|
|
|
@@ -246,12 +261,11 @@ To view controls use the following command:
|
|
|
246
261
|
|-------------|:------------------------------------------|
|
|
247
262
|
|--acronyms |The system acronym(s) e.g "AC-1, AC-2" - if not provided all controls for systemId are returned |
|
|
248
263
|
|
|
249
|
-
|
|
250
|
-
### ```get test_results```
|
|
251
264
|
[top](#api-endpoints-provided)
|
|
265
|
+
### ```get test_results```
|
|
252
266
|
|
|
253
267
|
----
|
|
254
|
-
To
|
|
268
|
+
To retrieve test results use the following command:
|
|
255
269
|
|
|
256
270
|
$ bundle exec exe/emasser get test_results forSystem --systemId=SYSTEMID
|
|
257
271
|
|
|
@@ -269,9 +283,8 @@ To view test results use the following command:
|
|
|
269
283
|
|--ccis |String - The system CCIS string numerical value |
|
|
270
284
|
|--latestOnly |BOOLEAN - true or false|
|
|
271
285
|
|
|
272
|
-
|
|
273
|
-
### ```get poams```
|
|
274
286
|
[top](#api-endpoints-provided)
|
|
287
|
+
### ```get poams```
|
|
275
288
|
|
|
276
289
|
----
|
|
277
290
|
There are two get endpoints for system poams:
|
|
@@ -307,9 +320,8 @@ There are two get endpoints for system poams:
|
|
|
307
320
|
|--systemId |Integer - Unique system identifier |
|
|
308
321
|
|--poamId |Integer - Unique poam identifier |
|
|
309
322
|
|
|
310
|
-
|
|
311
|
-
### ```get milestones```
|
|
312
323
|
[top](#api-endpoints-provided)
|
|
324
|
+
### ```get milestones```
|
|
313
325
|
|
|
314
326
|
----
|
|
315
327
|
There are two get endpoints for system milestones:
|
|
@@ -344,9 +356,8 @@ There are two get endpoints for system milestones:
|
|
|
344
356
|
|--poamId |Integer - Unique poam identifier |
|
|
345
357
|
|--milestoneId |Integer - Unique milestone identifier |
|
|
346
358
|
|
|
347
|
-
|
|
348
|
-
### ```get artifacts```
|
|
349
359
|
[top](#api-endpoints-provided)
|
|
360
|
+
### ```get artifacts```
|
|
350
361
|
|
|
351
362
|
----
|
|
352
363
|
There are two get endpoints that provides the ability to view existing `Artifacts` in a system:
|
|
@@ -380,11 +391,14 @@ There are two get endpoints that provides the ability to view existing `Artifact
|
|
|
380
391
|
|-------------|:----------------------------------|
|
|
381
392
|
|--systemId |Integer - Unique system identifier |
|
|
382
393
|
|--filename |The artifact file name |
|
|
394
|
+
|
|
395
|
+
- optional parameter is:
|
|
396
|
+
|parameter | type or values |
|
|
397
|
+
|-------------|:----------------------------------|
|
|
383
398
|
|--compress |BOOLEAN - true or false. |
|
|
384
399
|
|
|
385
|
-
|
|
386
|
-
### ```get cac```
|
|
387
400
|
[top](#api-endpoints-provided)
|
|
401
|
+
### ```get cac```
|
|
388
402
|
|
|
389
403
|
----
|
|
390
404
|
To view one or many Control Approval Chain (CAC) in a system specified system ID use the following command:
|
|
@@ -403,9 +417,8 @@ To view one or many Control Approval Chain (CAC) in a system specified system ID
|
|
|
403
417
|
|-------------------------------|:----------------------------------------------|
|
|
404
418
|
|--controlAcronyms |String - The system acronym(s) e.g "AC-1, AC-2"|
|
|
405
419
|
|
|
406
|
-
|
|
407
|
-
### ```get pac```
|
|
408
420
|
[top](#api-endpoints-provided)
|
|
421
|
+
### ```get pac```
|
|
409
422
|
|
|
410
423
|
----
|
|
411
424
|
To view one or many Package Approval Chain (PAC) in a system specified system ID use the following command:
|
|
@@ -419,9 +432,8 @@ To view one or many Package Approval Chain (PAC) in a system specified system ID
|
|
|
419
432
|
|-------------|:----------------------------------|
|
|
420
433
|
|--systemId |Integer - Unique system identifier |
|
|
421
434
|
|
|
422
|
-
|
|
423
|
-
### ```get cmmc```
|
|
424
435
|
[top](#api-endpoints-provided)
|
|
436
|
+
### ```get cmmc```
|
|
425
437
|
|
|
426
438
|
----
|
|
427
439
|
To view Cybersecurity Maturity Model Certification (CMMC) Assessments use the following command:
|
|
@@ -434,9 +446,8 @@ To view Cybersecurity Maturity Model Certification (CMMC) Assessments use the fo
|
|
|
434
446
|
|----------------|:--------------------------------------|
|
|
435
447
|
|--sinceDate |Date - The CMMC date. Unix date format |
|
|
436
448
|
|
|
437
|
-
|
|
438
|
-
### ```get workflow_definitions```
|
|
439
449
|
[top](#api-endpoints-provided)
|
|
450
|
+
### ```get workflow_definitions```
|
|
440
451
|
|
|
441
452
|
----
|
|
442
453
|
To view Workflow Definitions use the following command:
|
|
@@ -449,22 +460,15 @@ To view Workflow Definitions use the following command:
|
|
|
449
460
|
|---------------------|:----------------------------------------------------------------------------|
|
|
450
461
|
|--includeInactive |BOOLEAN - true or false |
|
|
451
462
|
|--registrationType |Possible values: assessAndAuthorize, assessOnly, guest, regular, functional, |
|
|
452
|
-
| |
|
|
453
|
-
|
|
463
|
+
| | cloudServiceProvider, commonControlProvider |
|
|
454
464
|
|
|
455
|
-
### ```get workflow_instances```
|
|
456
465
|
[top](#api-endpoints-provided)
|
|
457
466
|
|
|
467
|
+
### ```get workflow_instances```
|
|
458
468
|
----
|
|
459
469
|
There are two get endpoints to view workflow instances:
|
|
460
|
-
-
|
|
461
|
-
$ bundle exec exe/emasser get workflow_instances
|
|
462
|
-
|
|
463
|
-
- required parameter is:
|
|
464
|
-
|
|
465
|
-
|parameter | type or values |
|
|
466
|
-
|-------------|:----------------------------------|
|
|
467
|
-
|--systemId |Integer - Unique system identifier |
|
|
470
|
+
- all
|
|
471
|
+
$ bundle exec exe/emasser get workflow_instances all
|
|
468
472
|
|
|
469
473
|
- Optional parameters are:
|
|
470
474
|
|
|
@@ -476,21 +480,20 @@ There are two get endpoints to view workflow instances:
|
|
|
476
480
|
|--status |Possible values: active, inactive, all |
|
|
477
481
|
|
|
478
482
|
- byWorkflowInstanceId
|
|
479
|
-
$ bundle exec exe/emasser get workflow_instances byWorkflowInstanceId --
|
|
483
|
+
$ bundle exec exe/emasser get workflow_instances byWorkflowInstanceId --workflowInstanceId=--WORKFLOWID
|
|
480
484
|
|
|
481
485
|
- required parameter is:
|
|
482
486
|
|
|
483
487
|
|parameter | type or values |
|
|
484
488
|
|---------------------|:---------------------------------------------|
|
|
485
|
-
|--systemId |Integer - Unique system identifier |
|
|
486
489
|
|--workflowInstanceId |Integer - Unique workflow instance identifier |
|
|
487
490
|
|
|
491
|
+
[top](#api-endpoints-provided)
|
|
492
|
+
|
|
488
493
|
|
|
489
494
|
## Usage - POST
|
|
490
495
|
|
|
491
496
|
### ``post test_results``
|
|
492
|
-
[top](#api-endpoints-provided)
|
|
493
|
-
|
|
494
497
|
---
|
|
495
498
|
Test Result add (POST) endpoint API business rules.
|
|
496
499
|
|
|
@@ -531,11 +534,9 @@ For information at the command line use:
|
|
|
531
534
|
```
|
|
532
535
|
$ bundle exec exe/emasser post test_results help add
|
|
533
536
|
```
|
|
534
|
-
|
|
537
|
+
[top](#post)
|
|
535
538
|
|
|
536
539
|
### ``post poams``
|
|
537
|
-
[top](#api-endpoints-provided)
|
|
538
|
-
|
|
539
540
|
---
|
|
540
541
|
Plan of Action and Milestones (POA&M) add (POST) endpoint API business rules.
|
|
541
542
|
|
|
@@ -573,19 +574,23 @@ Business logic, the following rules apply when adding POA&Ms
|
|
|
573
574
|
- If the Security Control or Assessment Procedure does not exist in the system we may have to just import POA&M Item at the System Level.
|
|
574
575
|
|
|
575
576
|
|
|
576
|
-
The following parameters/fields have the following character limitations:
|
|
577
|
-
-
|
|
578
|
-
- Office / Organization (pocOrganization)
|
|
579
|
-
- First Name (pocFirstName)
|
|
580
|
-
- Last Name (pocLastName)
|
|
581
|
-
- Email (email)
|
|
582
|
-
- Phone Number (pocPhoneNumber)
|
|
583
|
-
-
|
|
584
|
-
-
|
|
585
|
-
-
|
|
586
|
-
-
|
|
587
|
-
-
|
|
588
|
-
|
|
577
|
+
The following POA&M parameters/fields have the following character limitations:
|
|
578
|
+
- Fields that can not exceed 100 characters:
|
|
579
|
+
- Office / Organization (`pocOrganization`)
|
|
580
|
+
- First Name (`pocFirstName`)
|
|
581
|
+
- Last Name (`pocLastName`)
|
|
582
|
+
- Email (`email`)
|
|
583
|
+
- Phone Number (`pocPhoneNumber`)
|
|
584
|
+
- External Unique ID (`externalUid`)
|
|
585
|
+
- Fields that can not exceed 250 characters:
|
|
586
|
+
- Resource (`resource`)
|
|
587
|
+
- Fields have can not exceed 2000 character:
|
|
588
|
+
- Vulnerability Description (`vulnerabilityDescription`)
|
|
589
|
+
- Source Identifying Vulnerability (`sourceIdentVuln`)
|
|
590
|
+
- Recommendations (`recommendations`)
|
|
591
|
+
- Risk Accepted Comments (`comments`)
|
|
592
|
+
- Milestone Description (`description`)
|
|
593
|
+
- Mitigation Justification (`mitigation`)
|
|
589
594
|
|
|
590
595
|
To add (POST) POA&Ms use the following command:
|
|
591
596
|
```
|
|
@@ -604,30 +609,30 @@ $ bundle exec exe/emasser post poams add --systemId [value] --status [value] --v
|
|
|
604
609
|
Client API parameters/fields (required, conditional, and optional).
|
|
605
610
|
- required parameter are:
|
|
606
611
|
|
|
607
|
-
|parameter | type or values
|
|
608
|
-
|
|
609
|
-
|--systemId |Integer - Unique system identifier
|
|
610
|
-
|--status |Possible Values: Ongoing,Risk Accepted,Completed,Not Applicable
|
|
611
|
-
|--vulnerabilityDescription |String - Vulnerability description for the POA&M Item
|
|
612
|
-
|--sourceIdentVuln |String - Include Source Identifying Vulnerability text
|
|
613
|
-
|--pocOrganization |String - Organization/Office represented
|
|
614
|
-
|--resources |String - List of resources used. Character Limit = 250
|
|
612
|
+
|parameter | type or values |
|
|
613
|
+
|---------------------------|:---------------------------------------------------------------|
|
|
614
|
+
|--systemId |Integer - Unique system identifier |
|
|
615
|
+
|--status |Possible Values: Ongoing,Risk Accepted,Completed,Not Applicable |
|
|
616
|
+
|--vulnerabilityDescription |String - Vulnerability description for the POA&M Item |
|
|
617
|
+
|--sourceIdentVuln |String - Include Source Identifying Vulnerability text |
|
|
618
|
+
|--pocOrganization |String - Organization/Office represented |
|
|
619
|
+
|--resources |String - List of resources used. Character Limit = 250 |
|
|
615
620
|
|
|
616
621
|
** If any poc information is provided all POC fields are required. See additional details for POC fields below.
|
|
617
622
|
|
|
618
623
|
- conditional parameters are:
|
|
619
624
|
|
|
620
|
-
|parameter | type or values
|
|
621
|
-
|
|
622
|
-
|--milestones |JSON - see milestone format
|
|
623
|
-
|--pocFirstName |String - First name of POC
|
|
624
|
-
|--pocLastName |String - Last name of POC
|
|
625
|
-
|--pocEmail |String - Email address of POC
|
|
626
|
-
|--pocPhoneNumber |String - Phone number of POC (area code) ***-**** format
|
|
627
|
-
|--severity |Possible values - Very Low, Low, Moderate, High, Very High
|
|
628
|
-
|--scheduledCompletionDate |Date - Required for ongoing and completed POA&M items. Unix time format
|
|
629
|
-
|--completionDate |Date - Field is required for completed POA&M items. Unix time format
|
|
630
|
-
|--comments |String - Field is required for completed and risk accepted POA&M items.
|
|
625
|
+
|parameter | type or values |
|
|
626
|
+
|--------------------------|:------------------------------------------------------------------------|
|
|
627
|
+
|--milestones |JSON - see milestone format |
|
|
628
|
+
|--pocFirstName |String - First name of POC |
|
|
629
|
+
|--pocLastName |String - Last name of POC |
|
|
630
|
+
|--pocEmail |String - Email address of POC |
|
|
631
|
+
|--pocPhoneNumber |String - Phone number of POC (area code) ***-**** format |
|
|
632
|
+
|--severity |Possible values - Very Low, Low, Moderate, High, Very High |
|
|
633
|
+
|--scheduledCompletionDate |Date - Required for ongoing and completed POA&M items. Unix time format |
|
|
634
|
+
|--completionDate |Date - Field is required for completed POA&M items. Unix time format |
|
|
635
|
+
|--comments |String - Field is required for completed and risk accepted POA&M items. |
|
|
631
636
|
|
|
632
637
|
** If a POC email is supplied, the application will attempt to locate a user already registered within the application and pre-populate any information not explicitly supplied in the request. If no such user is found, these fields are required within the request:
|
|
633
638
|
pocFirstName, pocLastName, pocPhoneNumber
|
|
@@ -639,7 +644,7 @@ Client API parameters/fields (required, conditional, and optional).
|
|
|
639
644
|
|
|
640
645
|
|parameter | type or values |
|
|
641
646
|
|--------------------|:-----------------------------------------------------------------------------------------|
|
|
642
|
-
|--externalUid |String - External unique identifier for use with associating POA&M Items
|
|
647
|
+
|--externalUid |String - External unique identifier for use with associating POA&M Items |
|
|
643
648
|
|--controlAcronym |String - Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined|
|
|
644
649
|
|--cci |String - CCI associated with the test result |
|
|
645
650
|
|--securityChecks |String - Security Checks that are associated with the POA&M |
|
|
@@ -649,8 +654,8 @@ Client API parameters/fields (required, conditional, and optional).
|
|
|
649
654
|
|--impact |Possible values: Very Low, Low, Moderate, High, Very High |
|
|
650
655
|
|--impactDescription |String - Include description of Security Control’s impact |
|
|
651
656
|
|--residualRiskLevel |Possible values: Very Low, Low, Moderate, High, Very High |
|
|
652
|
-
|--recommendations |String - Include recommendations
|
|
653
|
-
|--mitigation |String - Include mitigation explanation
|
|
657
|
+
|--recommendations |String - Include recommendations |
|
|
658
|
+
|--mitigation |String - Include mitigation explanation |
|
|
654
659
|
|
|
655
660
|
|
|
656
661
|
**Note**
|
|
@@ -658,11 +663,9 @@ For information at the command line use:
|
|
|
658
663
|
```
|
|
659
664
|
$ bundle exec exe/emasser post poams help add
|
|
660
665
|
```
|
|
661
|
-
|
|
666
|
+
[top](#post)
|
|
662
667
|
|
|
663
668
|
### ``post milestones``
|
|
664
|
-
[top](#api-endpoints-provided)
|
|
665
|
-
|
|
666
669
|
---
|
|
667
670
|
To add (POST) milestones in a system for one or more POA&M items use the following command:
|
|
668
671
|
|
|
@@ -684,11 +687,9 @@ For information at the command line use:
|
|
|
684
687
|
```
|
|
685
688
|
$ bundle exec exe/emasser post milestones help add
|
|
686
689
|
```
|
|
687
|
-
|
|
690
|
+
[top](#post)
|
|
688
691
|
|
|
689
692
|
### ``post artifacts``
|
|
690
|
-
[top](#api-endpoints-provided)
|
|
691
|
-
|
|
692
693
|
---
|
|
693
694
|
The add (POST) artifacts endpoint accepts a single binary file with file extension.zip only. The command line (CI) reads the files provided and zips them before sending to eMASS.
|
|
694
695
|
|
|
@@ -745,11 +746,9 @@ For information at the command line use:
|
|
|
745
746
|
```
|
|
746
747
|
$ bundle exec exe/emasser post artifacts help upload
|
|
747
748
|
```
|
|
748
|
-
|
|
749
|
+
[top](#post)
|
|
749
750
|
|
|
750
751
|
### ``post cac``
|
|
751
|
-
[top](#api-endpoints-provided)
|
|
752
|
-
|
|
753
752
|
----
|
|
754
753
|
Submit control to second role of CAC
|
|
755
754
|
|
|
@@ -779,11 +778,9 @@ For information at the command line use:
|
|
|
779
778
|
```
|
|
780
779
|
$ bundle exec exe/emasser post cac help add
|
|
781
780
|
```
|
|
782
|
-
|
|
781
|
+
[top](#post)
|
|
783
782
|
|
|
784
783
|
### ``post pac``
|
|
785
|
-
[top](#api-endpoints-provided)
|
|
786
|
-
|
|
787
784
|
----
|
|
788
785
|
Submit control to second role of CAC
|
|
789
786
|
|
|
@@ -799,20 +796,17 @@ To add (POST) test PAC use the following command:
|
|
|
799
796
|
|--systemId |Integer - Unique system identifier |
|
|
800
797
|
|--workflow |Possible Values: Assess and Authorize, Assess Only, Security Plan Approval |
|
|
801
798
|
|--name |String - Package name. 100 Characters |
|
|
802
|
-
|--comments |
|
|
799
|
+
|--comments |String - Comments submitted upon initiation of the indicated workflow, 4,000 character|
|
|
803
800
|
|
|
804
801
|
**Note**
|
|
805
802
|
For information at the command line use:
|
|
806
803
|
```
|
|
807
804
|
$ bundle exec exe/emasser post pac help add
|
|
808
805
|
```
|
|
809
|
-
|
|
806
|
+
[top](#post)
|
|
810
807
|
|
|
811
808
|
### ``post static_code_scan``
|
|
812
|
-
[top](#api-endpoints-provided)
|
|
813
|
-
|
|
814
809
|
----
|
|
815
|
-
|
|
816
810
|
To add (POST) static code scans use the following command:
|
|
817
811
|
|
|
818
812
|
````
|
|
@@ -858,12 +852,139 @@ For information at the command line use:
|
|
|
858
852
|
```
|
|
859
853
|
$ bundle exec exe/emasser post scan_findings help add
|
|
860
854
|
```
|
|
855
|
+
[top](#post)
|
|
856
|
+
|
|
857
|
+
### ```post cloud_resource```
|
|
858
|
+
---
|
|
859
|
+
|
|
860
|
+
The following Cloud Resource parameters/fields have the following character limitations:
|
|
861
|
+
- Fields that can not exceed 50 characters:
|
|
862
|
+
- Policy Deployment Version (`policyDeploymentVersion`)
|
|
863
|
+
- Fields that can not exceed 100 characters:
|
|
864
|
+
- Assessment Procedure (`assessmentProcedure`)
|
|
865
|
+
- Security Control Acronym (`control`)
|
|
866
|
+
- CSP Account ID (`cspAccountId`)
|
|
867
|
+
- CSP Region (`cspRegion`)
|
|
868
|
+
- Email of POC (`initiatedBy`)
|
|
869
|
+
- Cloud Service Provider (`provider`)
|
|
870
|
+
- Type of Cloud resource (`resourceType`)
|
|
871
|
+
- Fields that can not exceed 500 characters:
|
|
872
|
+
- CSP/Resource’s Policy ID (`cspPolicyDefinitionId`)
|
|
873
|
+
- Policy Deployment Name (`policyDeploymentName`)
|
|
874
|
+
- Policy Compliance ID (`resourceId`)
|
|
875
|
+
- Cloud Resource Name (`resourceName`)
|
|
876
|
+
- Fields that can not exceed 1000 characters:
|
|
877
|
+
- Reason for Compliance (`complianceReason`)
|
|
878
|
+
- Fields that can not exceed 2000 characters:
|
|
879
|
+
- Policy Short Title (`policyDefinitionTitle`)
|
|
880
|
+
|
|
881
|
+
To add a cloud resource and their scan results in the assets module for a system use the following command:
|
|
882
|
+
````
|
|
883
|
+
$ bundle exec exe/emasser post cloud_resource add --systemId [value] --provider [value] --resourceId [value] --resourceName [value] --resourceType [value] --cspPolicyDefinitionId [value] --isCompliant or --is-not-Compliant --policyDefinitionTitle [value] --test [value]
|
|
884
|
+
````
|
|
885
|
+
- required parameter are:
|
|
886
|
+
|
|
887
|
+
|parameter | type or values |
|
|
888
|
+
|------------------------|:--------------------------------------------------------------------------|
|
|
889
|
+
|--systemId |Integer - Unique system identifier |
|
|
890
|
+
|--provider |string - Cloud service provider name |
|
|
891
|
+
|--resourceId |String - Unique identifier/resource namespace for policy compliance result |
|
|
892
|
+
|--resourceName |String - Friendly name of Cloud resource |
|
|
893
|
+
|--resourceType |String - Type of Cloud resource |
|
|
894
|
+
|--cspPolicyDefinitionId |String - Unique identifier/compliance namespace for CSP/Resource\'s policy definition/compliance check|
|
|
895
|
+
|--isCompliant | Boolean - Compliance status of the policy for the identified cloud resource |
|
|
896
|
+
|--policyDefinitionTitle | String - Friendly policy/compliance check title. Recommend short title |
|
|
897
|
+
|
|
898
|
+
- optional parameters are:
|
|
899
|
+
|
|
900
|
+
|parameter | type or values |
|
|
901
|
+
|-------------------|:------------------------------------------------------|
|
|
902
|
+
|--initiatedBy |String - Person initiating the process email address |
|
|
903
|
+
|--cspAccountId |String - System/owner\'s CSP account ID/number |
|
|
904
|
+
|--cspRegion |String - CSP region of system |
|
|
905
|
+
|--isBaseline |Boolean - Flag that indicates in results is a baseline |
|
|
906
|
+
|Tags Object (tags)|
|
|
907
|
+
|--text | String - Text that specifies the tag type |
|
|
908
|
+
|Compliance Results Array Objects (complianceResults)|
|
|
909
|
+
|--assessmentProcedure |String - Comma separated correlation to Assessment Procedure (i.e. CCI number for DoD Control Set) |
|
|
910
|
+
|--complianceCheckTimestamp |Date - The compliance check date - Unix time format |
|
|
911
|
+
|--complianceReason |String - Reason/comments for compliance result |
|
|
912
|
+
|--control |String - Comma separated correlation to Security Control (e.g. exact NIST Control acronym) |
|
|
913
|
+
|--policyDeploymentName |String - Name of policy deployment |
|
|
914
|
+
|--policyDeploymentVersion |String - Version of policy deployment |
|
|
915
|
+
|--severity |Possible Values: Low, Medium, High, Critical |
|
|
916
|
+
|
|
917
|
+
|
|
918
|
+
**Note**
|
|
919
|
+
For information at the command line use:
|
|
920
|
+
```
|
|
921
|
+
$ bundle exec exe/emasser post cloud_resource help add
|
|
922
|
+
```
|
|
923
|
+
|
|
924
|
+
[top](#post)
|
|
925
|
+
|
|
926
|
+
|
|
927
|
+
### ```post container```
|
|
928
|
+
---
|
|
929
|
+
The following Container parameters/fields have the following character limitations:
|
|
930
|
+
- Fields that can not exceed 100 characters:
|
|
931
|
+
- STIG Benchmark ID (`benchmark`)
|
|
932
|
+
- Container Namespace (`namespace`)
|
|
933
|
+
- Kubernetes assigned IP (`podIp`)
|
|
934
|
+
- Kubernetes Pod Name) (`podName`)
|
|
935
|
+
- Fields that can not exceed 500 characters:
|
|
936
|
+
- Container ID (`containerId`)
|
|
937
|
+
- Friendly Container Name (`containerName`)
|
|
938
|
+
- Fields that can not exceed 1000 characters:
|
|
939
|
+
- Result Comments (`message`)
|
|
940
|
+
|
|
941
|
+
|
|
942
|
+
|
|
943
|
+
To add containers and their scan results in the assets module for a system use the following command:
|
|
944
|
+
````
|
|
945
|
+
$ bundle exec ruby exe/emasser post container add --systemId [value] --containerId [value] --containerName [value] --time [value] --benchmark [value] --lastSeen [value] --ruleId [value] --status [value]
|
|
946
|
+
|
|
947
|
+
````
|
|
948
|
+
|
|
949
|
+
- required parameter are:
|
|
950
|
+
|
|
951
|
+
|parameter | type or values |
|
|
952
|
+
|------------------------|:--------------------------------------------------------------------------|
|
|
953
|
+
|--systemId |Integer - Unique system identifier |
|
|
954
|
+
|--containerId |String - Unique identifier of the container |
|
|
955
|
+
|--containerName |String - Friendly name of the container |
|
|
956
|
+
|--time |Date - Datetime of scan/result. Unix date format |
|
|
957
|
+
|Bench Marks Object (benchmarks)|
|
|
958
|
+
|--benchmark |String - Identifier of the benchmark/grouping of compliance results |
|
|
959
|
+
|benchmarks.results |Object
|
|
960
|
+
|--ruleId |String - Identifier for the compliance result, vulnerability, etc.
|
|
961
|
+
|--status |String - Benchmark result status
|
|
962
|
+
|--lastSeen |Date - Date last seen, Unix date format
|
|
963
|
+
|
|
964
|
+
- optional parameters are:
|
|
965
|
+
|
|
966
|
+
|parameter | type or values |
|
|
967
|
+
|----------------------------|:------------------------------------------------------|
|
|
968
|
+
|--podName |String - Name of pod (e.g. Kubernetes pod) |
|
|
969
|
+
|--podIp |String - IP address of pod |
|
|
970
|
+
|--namespace |String - Namespace of container in container orchestration (e.g. Kubernetes namespace)|
|
|
971
|
+
|Tags Object (tags)|
|
|
972
|
+
|--text | String - Text that specifies the tag type |
|
|
973
|
+
|Bench Marks Object (benchmarks)
|
|
974
|
+
|--isBaseline |Boolean - True/false flag for providing results as baseline. If true, all existing compliance results for the provided benchmark within the container will be replaced by results in the current call|
|
|
975
|
+
|benchmarks.results |Object
|
|
976
|
+
|--message |String - Comments for the result
|
|
861
977
|
|
|
978
|
+
**Note**
|
|
979
|
+
For information at the command line use:
|
|
980
|
+
```
|
|
981
|
+
$ bundle exec exe/emasser post container help add
|
|
982
|
+
```
|
|
983
|
+
[top](#post)
|
|
862
984
|
|
|
863
985
|
## Usage - PUT
|
|
864
986
|
|
|
865
987
|
### ``put controls``
|
|
866
|
-
[top](#api-endpoints-provided)
|
|
867
988
|
|
|
868
989
|
----
|
|
869
990
|
Business Rules
|
|
@@ -882,16 +1003,16 @@ Implementation Plan cannot be updated if a Security Control is "Inherited" excep
|
|
|
882
1003
|
|
|
883
1004
|
The following parameters/fields have the following character limitations:
|
|
884
1005
|
- Implementation Plan information cannot be saved if the fields below exceed 2,000 character limits:
|
|
885
|
-
- N/A Justification (naJustification)
|
|
886
|
-
- Responsible Entities (responsibleEntities)
|
|
887
|
-
- Implementation Narrative (implementationNarrative)
|
|
888
|
-
- Criticality (slcmCriticality)
|
|
889
|
-
- Reporting (slcmReporting)
|
|
890
|
-
- Tracking (slcmTracking)
|
|
891
|
-
- Vulnerability Summary (vulnerabilitySummary)
|
|
892
|
-
- Recommendations (recommendations)
|
|
1006
|
+
- N/A Justification (`naJustification`)
|
|
1007
|
+
- Responsible Entities (`responsibleEntities`)
|
|
1008
|
+
- Implementation Narrative (`implementationNarrative`)
|
|
1009
|
+
- Criticality (`slcmCriticality`)
|
|
1010
|
+
- Reporting (`slcmReporting`)
|
|
1011
|
+
- Tracking (`slcmTracking`)
|
|
1012
|
+
- Vulnerability Summary (`vulnerabilitySummary`)
|
|
1013
|
+
- Recommendations (`recommendations`)
|
|
893
1014
|
- Implementation Plan information cannot be saved if the fields below exceed 4,000 character limits:
|
|
894
|
-
- SLCM Comments (slcmComments)
|
|
1015
|
+
- SLCM Comments (`slcmComments`)
|
|
895
1016
|
|
|
896
1017
|
Implementation Plan information cannot be updated if Security Control does not exist in the system record.
|
|
897
1018
|
|
|
@@ -943,10 +1064,9 @@ For information at the command line use:
|
|
|
943
1064
|
```
|
|
944
1065
|
$ bundle exec exe/emasser put controls help update
|
|
945
1066
|
```
|
|
946
|
-
|
|
1067
|
+
[top](#put)
|
|
947
1068
|
|
|
948
1069
|
### ``put poams``
|
|
949
|
-
[top](#api-endpoints-provided)
|
|
950
1070
|
|
|
951
1071
|
----
|
|
952
1072
|
Business Rules
|
|
@@ -996,6 +1116,26 @@ The following parameters/fields have the following character limitations:
|
|
|
996
1116
|
- POA&M Item cannot be saved if Resource field (resource) exceeds 250 characters.
|
|
997
1117
|
- POA&M Items cannot be saved if Milestone Description (description) exceeds 2,000 characters.
|
|
998
1118
|
|
|
1119
|
+
|
|
1120
|
+
The following POA&M parameters/fields have the following character limitations:
|
|
1121
|
+
- Fields that can not exceed 100 characters:
|
|
1122
|
+
- Office / Organization (`pocOrganization`)
|
|
1123
|
+
- First Name (`pocFirstName`)
|
|
1124
|
+
- Last Name (`pocLastName`)
|
|
1125
|
+
- Email (`email`)
|
|
1126
|
+
- Phone Number (`pocPhoneNumber`)
|
|
1127
|
+
- External Unique ID (`externalUid`)
|
|
1128
|
+
- Fields that can not exceed 250 characters:
|
|
1129
|
+
- Resource (`resource`)
|
|
1130
|
+
- Fields have can not exceed 2000 character:
|
|
1131
|
+
- Vulnerability Description (`vulnerabilityDescription`)
|
|
1132
|
+
- Source Identifying Vulnerability (`sourceIdentVuln`)
|
|
1133
|
+
- Recommendations (`recommendations`)
|
|
1134
|
+
- Risk Accepted Comments (`comments`)
|
|
1135
|
+
- Milestone Description (`description`)
|
|
1136
|
+
- Mitigation Justification (`mitigation`)
|
|
1137
|
+
|
|
1138
|
+
|
|
999
1139
|
---
|
|
1000
1140
|
Updating (PUT) a POA&M can be accomplished by invoking the following command:
|
|
1001
1141
|
````
|
|
@@ -1003,32 +1143,32 @@ Updating (PUT) a POA&M can be accomplished by invoking the following command:
|
|
|
1003
1143
|
````
|
|
1004
1144
|
- required parameter are:
|
|
1005
1145
|
|
|
1006
|
-
|parameter | type or values
|
|
1007
|
-
|
|
1008
|
-
|--systemId |Integer - Unique system identifier
|
|
1009
|
-
|--displayPoamId |Integer - Globally unique identifier for individual POA&M Items
|
|
1010
|
-
|--status |Possible Values: Ongoing,Risk Accepted,Completed,Not Applicable
|
|
1011
|
-
|--vulnerabilityDescription |String - Vulnerability description for the POA&M Item
|
|
1012
|
-
|--sourceIdentVuln |String - Include Source Identifying Vulnerability text
|
|
1013
|
-
|--pocOrganization |String - Organization/Office represented
|
|
1014
|
-
|--resources |String - List of resources used. Character Limit = 250
|
|
1146
|
+
|parameter | type or values |
|
|
1147
|
+
|---------------------------|:---------------------------------------------------------------|
|
|
1148
|
+
|--systemId |Integer - Unique system identifier |
|
|
1149
|
+
|--displayPoamId |Integer - Globally unique identifier for individual POA&M Items |
|
|
1150
|
+
|--status |Possible Values: Ongoing,Risk Accepted,Completed,Not Applicable |
|
|
1151
|
+
|--vulnerabilityDescription |String - Vulnerability description for the POA&M Item |
|
|
1152
|
+
|--sourceIdentVuln |String - Include Source Identifying Vulnerability text |
|
|
1153
|
+
|--pocOrganization |String - Organization/Office represented |
|
|
1154
|
+
|--resources |String - List of resources used. Character Limit = 250 |
|
|
1015
1155
|
|
|
1016
1156
|
** If any poc information is provided all POC fields are required. See additional details for POC fields below.
|
|
1017
1157
|
|
|
1018
1158
|
- conditional parameters are:
|
|
1019
1159
|
|
|
1020
|
-
|parameter | type or values
|
|
1021
|
-
|
|
1022
|
-
|--milestones |JSON - see milestone format
|
|
1023
|
-
|--pocFirstName |String - First name of POC
|
|
1024
|
-
|--pocLastName |String - Last name of POC
|
|
1025
|
-
|--pocEmail |String - Email address of POC
|
|
1026
|
-
|--pocPhoneNumber |String - Phone number of POC (area code) ***-**** format
|
|
1027
|
-
|--severity |Possible values - Very Low, Low, Moderate, High, Very High
|
|
1028
|
-
|--scheduledCompletionDate |Date - Required for ongoing and completed POA&M items. Unix time format
|
|
1029
|
-
|--completionDate |Date - Field is required for completed POA&M items. Unix time format
|
|
1030
|
-
|--comments |String - Field is required for completed and risk accepted POA&M items
|
|
1031
|
-
|--isActive |Boolean - Used to delete milestones when updating a POA&M
|
|
1160
|
+
|parameter | type or values |
|
|
1161
|
+
|--------------------------|:-----------------------------------------------------------------------|
|
|
1162
|
+
|--milestones |JSON - see milestone format |
|
|
1163
|
+
|--pocFirstName |String - First name of POC |
|
|
1164
|
+
|--pocLastName |String - Last name of POC |
|
|
1165
|
+
|--pocEmail |String - Email address of POC |
|
|
1166
|
+
|--pocPhoneNumber |String - Phone number of POC (area code) ***-**** format |
|
|
1167
|
+
|--severity |Possible values - Very Low, Low, Moderate, High, Very High |
|
|
1168
|
+
|--scheduledCompletionDate |Date - Required for ongoing and completed POA&M items. Unix time format |
|
|
1169
|
+
|--completionDate |Date - Field is required for completed POA&M items. Unix time format |
|
|
1170
|
+
|--comments |String - Field is required for completed and risk accepted POA&M items |
|
|
1171
|
+
|--isActive |Boolean - Used to delete milestones when updating a POA&M |
|
|
1032
1172
|
|
|
1033
1173
|
** If a POC email is supplied, the application will attempt to locate a user already registered within the application and pre-populate any information not explicitly supplied in the request. If no such user is found, these fields are required within the request:
|
|
1034
1174
|
pocFirstName, pocLastName, pocPhoneNumber
|
|
@@ -1041,7 +1181,7 @@ Updating (PUT) a POA&M can be accomplished by invoking the following command:
|
|
|
1041
1181
|
|
|
1042
1182
|
|parameter | type or values |
|
|
1043
1183
|
|--------------------|:-----------------------------------------------------------------------------------------|
|
|
1044
|
-
|--externalUid |String - External unique identifier for use with associating POA&M Items
|
|
1184
|
+
|--externalUid |String - External unique identifier for use with associating POA&M Items |
|
|
1045
1185
|
|--controlAcronym |String - Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined|
|
|
1046
1186
|
|--cci |String - CCI associated with the test result |
|
|
1047
1187
|
|--securityChecks |String - Security Checks that are associated with the POA&M |
|
|
@@ -1051,7 +1191,7 @@ Updating (PUT) a POA&M can be accomplished by invoking the following command:
|
|
|
1051
1191
|
|--impact |Possible values: Very Low, Low, Moderate, High, Very High |
|
|
1052
1192
|
|--impactDescription |String - Include description of Security Control’s impact |
|
|
1053
1193
|
|--residualRiskLevel |Possible values: Very Low, Low, Moderate, High, Very High |
|
|
1054
|
-
|--recommendations |String - Include recommendations
|
|
1194
|
+
|--recommendations |String - Include recommendations |
|
|
1055
1195
|
|--mitigation |String - Include mitigation explanation. 2000 Characters |
|
|
1056
1196
|
|
|
1057
1197
|
**Note**
|
|
@@ -1059,10 +1199,9 @@ For information at the command line use:
|
|
|
1059
1199
|
```
|
|
1060
1200
|
$ bundle exec exe/emasser put poams help update
|
|
1061
1201
|
```
|
|
1062
|
-
|
|
1202
|
+
[top](#put)
|
|
1063
1203
|
|
|
1064
1204
|
### ``put milestones``
|
|
1065
|
-
[top](#api-endpoints-provided)
|
|
1066
1205
|
|
|
1067
1206
|
----
|
|
1068
1207
|
|
|
@@ -1087,10 +1226,9 @@ For information at the command line use:
|
|
|
1087
1226
|
```
|
|
1088
1227
|
$ bundle exec exe/emasser put milestones help update
|
|
1089
1228
|
```
|
|
1090
|
-
|
|
1229
|
+
[top](#put)
|
|
1091
1230
|
|
|
1092
1231
|
### ``put artifacts``
|
|
1093
|
-
[top](#api-endpoints-provided)
|
|
1094
1232
|
|
|
1095
1233
|
----
|
|
1096
1234
|
Business Rules
|
|
@@ -1143,12 +1281,11 @@ For information at the command line use:
|
|
|
1143
1281
|
```
|
|
1144
1282
|
$ bundle exec exe/emasser put artifacts help update
|
|
1145
1283
|
```
|
|
1146
|
-
|
|
1284
|
+
[top](#put)
|
|
1147
1285
|
|
|
1148
1286
|
## Usage - DELETE
|
|
1149
1287
|
|
|
1150
1288
|
### ``delete poams``
|
|
1151
|
-
[top](#api-endpoints-provided)
|
|
1152
1289
|
|
|
1153
1290
|
----
|
|
1154
1291
|
Remove one or many poa&m items in a system
|
|
@@ -1157,10 +1294,9 @@ To remove (DELETE) one or more POA&M items use the following command:
|
|
|
1157
1294
|
```
|
|
1158
1295
|
bundle exec exe/emasser delete poams remove --systemId [value] --poamId [value]
|
|
1159
1296
|
```
|
|
1160
|
-
|
|
1297
|
+
[top](#delete)
|
|
1161
1298
|
|
|
1162
1299
|
### ``delete milestones``
|
|
1163
|
-
[top](#api-endpoints-provided)
|
|
1164
1300
|
|
|
1165
1301
|
----
|
|
1166
1302
|
Remove milestones in a system for one or many POA&M items
|
|
@@ -1175,10 +1311,9 @@ To remove (DELETE) one or more Milestones in a system use the following command:
|
|
|
1175
1311
|
```
|
|
1176
1312
|
bundle exec exe/emasser delete milestones remove--systemId [value] --poamId [value] --milestoneId [value]
|
|
1177
1313
|
```
|
|
1178
|
-
|
|
1314
|
+
[top](#delete)
|
|
1179
1315
|
|
|
1180
1316
|
### ``delete artifacts``
|
|
1181
|
-
[top](#api-endpoints-provided)
|
|
1182
1317
|
|
|
1183
1318
|
---
|
|
1184
1319
|
Remove one or many artifacts in a system
|
|
@@ -1193,3 +1328,4 @@ bundle exec exe/emasser delete artifacts remove --systemId [value] --files [valu
|
|
|
1193
1328
|
or
|
|
1194
1329
|
bundle exec exe/emasser delete artifacts remove --systemId [value] --files [value, value...]
|
|
1195
1330
|
```
|
|
1331
|
+
[top](#delete)
|