emasser 1.0.3 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.env-example +2 -0
- data/.github/workflows/gh-pages.yml +4 -5
- data/.github/workflows/release.yml +9 -9
- data/Dockerfile +6 -4
- data/Gemfile +1 -1
- data/Gemfile.lock +25 -32
- data/README.md +87 -78
- data/docs/features.md +455 -213
- data/docs/images/emasser_architecture.jpg +0 -0
- data/emasser.gemspec +5 -3
- data/images/emasser_architecture.jpg +0 -0
- data/images/emasser_diagram-Page-3.jpg +0 -0
- data/lib/emasser/cli.rb +2 -2
- data/lib/emasser/configuration.rb +1 -0
- data/lib/emasser/constants.rb +11 -3
- data/lib/emasser/delete.rb +9 -7
- data/lib/emasser/get.rb +323 -49
- data/lib/emasser/help/cloudresource_post_mapper.md +62 -0
- data/lib/emasser/help/container_post_mapper.md +44 -0
- data/lib/emasser/output_converters.rb +101 -4
- data/lib/emasser/post.rb +231 -38
- data/lib/emasser/put.rb +23 -16
- data/lib/emasser/version.rb +1 -1
- metadata +15 -27
- data/.github/workflows/generate_docs.yml +0 -33
- data/docs/developers.md +0 -115
- data/docs/swagger/dist/favicon-16x16.png +0 -0
- data/docs/swagger/dist/favicon-32x32.png +0 -0
- data/docs/swagger/dist/oauth2-redirect.html +0 -75
- data/docs/swagger/dist/swagger-ui-bundle.js +0 -3
- data/docs/swagger/dist/swagger-ui-bundle.js.map +0 -1
- data/docs/swagger/dist/swagger-ui-es-bundle-core.js +0 -3
- data/docs/swagger/dist/swagger-ui-es-bundle-core.js.map +0 -1
- data/docs/swagger/dist/swagger-ui-es-bundle.js +0 -3
- data/docs/swagger/dist/swagger-ui-es-bundle.js.map +0 -1
- data/docs/swagger/dist/swagger-ui-standalone-preset.js +0 -3
- data/docs/swagger/dist/swagger-ui-standalone-preset.js.map +0 -1
- data/docs/swagger/dist/swagger-ui.css +0 -4
- data/docs/swagger/dist/swagger-ui.css.map +0 -1
- data/docs/swagger/dist/swagger-ui.js +0 -3
- data/docs/swagger/dist/swagger-ui.js.map +0 -1
- data/docs/swagger/index.html +0 -60
data/docs/features.md
CHANGED
@@ -1,9 +1,17 @@
|
|
1
1
|
# emasser CLI Features
|
2
2
|
|
3
|
-
##
|
4
|
-
To facilitate setting the required environment variables the emasser CLI utilized the zero-dependency module to load these variables from a
|
3
|
+
## Environment Variables
|
4
|
+
To facilitate setting the required environment variables the `emasser `CLI utilized the zero-dependency module to load these variables from a `.env` file.
|
5
5
|
|
6
|
-
|
6
|
+
### Configuring the `.env` File
|
7
|
+
An `.env-example` file is provided with the required and optional fields.
|
8
|
+
|
9
|
+
Modify the `.env_example` as necessary and save it as a `.env` file.
|
10
|
+
|
11
|
+
Place the file on the path where the `emasser` command is executed.
|
12
|
+
|
13
|
+
### Required and Optional Environment Variables
|
14
|
+
The following environment variables are required:
|
7
15
|
* EMASSER_API_KEY_API_KEY=`<API key>`
|
8
16
|
* EMASSER_API_KEY_USER_UID=`<unique identifier for the API Key (EMASSER_API_KEY_API_KEY)`
|
9
17
|
* EMASSER_HOST=`<FQDN of the eMASS server>`
|
@@ -11,26 +19,31 @@ emasser environment variables (required):
|
|
11
19
|
* EMASSER_CERT_FILE_PATH=`<path to your eMASS certificate in PEM format>`
|
12
20
|
* EMASSER_KEY_PASSWORD=`<password for the key given in EMASSER_KEY_FILE_PATH>`
|
13
21
|
|
14
|
-
|
15
|
-
* EMASSER_CLIENT_SIDE_VALIDATION=`<client side validation - true or false>`
|
16
|
-
* EMASSER_VERIFY_SSL=`<verify SSL - true or false>`
|
17
|
-
* EMASSER_VERIFY_SSL_HOST=`<verify host SSL - true or false>`
|
18
|
-
* EMASSER_DEBUGGING=`<set debugging - true or false>`
|
22
|
+
The following environment variables are *optional:
|
23
|
+
* EMASSER_CLIENT_SIDE_VALIDATION=`<client side validation - true or false (default true)>`
|
24
|
+
* EMASSER_VERIFY_SSL=`<verify SSL - true or false (default true)>`
|
25
|
+
* EMASSER_VERIFY_SSL_HOST=`<verify host SSL - true or false (default true)>`
|
26
|
+
* EMASSER_DEBUGGING=`<set debugging - true or false (default false)>`
|
27
|
+
* EMASSER_CLI_DISPLAY_NULL=`<display null value fields - true or false (default true)>`
|
28
|
+
* EMASSER_POCH_TO_DATETIME=`<convert epoch to data/time value - true or false (default false)>`
|
29
|
+
|
30
|
+
\* If not provided defaults are used
|
19
31
|
|
32
|
+
The proper format to set these variables in the `.env` files is as follows:
|
33
|
+
```bash
|
34
|
+
export [VARIABLE_NAME]='value'
|
35
|
+
```
|
36
|
+
***NOTE***
|
37
|
+
`emasser` requires authentication to an eMASS instance as well as authorization to use the eMASS API. This authentication and authorization is **not** a function of `emasser` and needs to be accomplished with the eMASS instances owner organization. Further information about eMASS credential requirements refer to [Defense Counterintelligence and Security Agency](https://www.dcsa.mil/is/emass/) about eMASS access.
|
38
|
+
|
39
|
+
---
|
20
40
|
## Common emasser Endpoint Requests Information
|
21
41
|
- To invoke any boolean parameters use --parameterName for TRUE and --no-parameterName for FALSE
|
22
|
-
- The eMASS API provides the capability of updating multiple entries within several endpoints, however
|
42
|
+
- The eMASS API provides the capability of updating multiple entries within several endpoints, however the `emasser` CLI, in some cases only supports updating one entry at the time.
|
23
43
|
|
24
44
|
## Invoking emasser CLI Commands
|
25
45
|
|
26
|
-
The CLI invoke commands listed in this document shows them when executing from the source code (after a pull from GitHub).
|
27
|
-
- Invoking the GET systems endpoint from the source code is:
|
28
|
-
|
29
|
-
bundle exec exe/emasser get systems all
|
30
|
-
|
31
|
-
- Invoking the GET systems endpoint from the compile binary (.gem) is:
|
32
|
-
|
33
|
-
emasser get systems all
|
46
|
+
The CLI invoke commands listed in this document shows them when executing from the source code (after a pull from GitHub). Please reference the [`emasser` README](https://mitre.github.io/emasser/) on how to invoke the CLI using other available executables (gem or docker).
|
34
47
|
|
35
48
|
## API Endpoints Provided
|
36
49
|
|
@@ -38,10 +51,11 @@ The CLI invoke commands listed in this document shows them when executing from t
|
|
38
51
|
* [/api](#get-test-connection)
|
39
52
|
* [/api/system](#get-system)
|
40
53
|
* [/api/systems](#get-systems)
|
54
|
+
* [/api/systems/{systemId}](#get-system)
|
41
55
|
* [/api/system-roles](#get-roles)
|
42
56
|
* [/api/system-roles/{roleCategory}](#get-roles)
|
43
57
|
* [/api/systems/{systemId}/controls](#get-controls)
|
44
|
-
* [/api/systems/{systemId}/test-results](#get-
|
58
|
+
* [/api/systems/{systemId}/test-results](#get-testresults)
|
45
59
|
* [/api/systems/{systemId}/poams](#get-poams)
|
46
60
|
* [/api/systems/{systemId}/poams/{poamId}](#get-poams)
|
47
61
|
* [/api/systems/{systemId}/poams/{poamId}/milestones](#get-milestones)
|
@@ -53,7 +67,23 @@ The CLI invoke commands listed in this document shows them when executing from t
|
|
53
67
|
* [/api/cmmc-assessments](#get-cmmc)
|
54
68
|
* [/api/workflow-definitions](#get-workflow_definitions)
|
55
69
|
* [/api/systems/{systemId}/workflow-instances](#get-workflow_instances)
|
56
|
-
|
70
|
+
* [/api/dashboards/system-status-details](#get-dashboards)
|
71
|
+
* [/api/dashboards/system-control-compliance-summary](#get-dashboards)
|
72
|
+
* [/api/dashboards/system-security-controls-details](#get-dashboards)
|
73
|
+
* [/api/dashboards/system-assessment-procedures-details](#get-dashboards)
|
74
|
+
* [/api/dashboards/system-poam-summary](#get-dashboards)
|
75
|
+
* [/api/dashboards/system-poam-details](#get-dashboards)
|
76
|
+
* [/api/dashboards/system-hardware-summary](#get-dashboards)
|
77
|
+
* [/api/dashboards/system-hardware-details](#get-dashboards)
|
78
|
+
* [/api/dashboards/system-associations-details](#get-dashboards)
|
79
|
+
* [/api/dashboards/user-system-assignments-details](#get-dashboards)
|
80
|
+
* [/api/dashboards/system-privacy-summary](#get-dashboards)
|
81
|
+
* [/api/dashboards/va-omb-fisma-saop-summary](#get-dashboards)
|
82
|
+
* [/api/dashboards/va-system-aa-summary](#get-dashboards)
|
83
|
+
* [/api/dashboards/va-system-a2-summary](#get-dashboards)
|
84
|
+
* [/api/dashboards/va-system-pl-109-reporting-summary](#get-dashboards)
|
85
|
+
* [/api/dashboards/va-system-fisma-inventory-summary](#get-dashboards)
|
86
|
+
|
57
87
|
### POST
|
58
88
|
* [/api/systems/{systemId}/test-results](#post-test_results)
|
59
89
|
* [/api/systems/{systemId}/poam](#post-poams)
|
@@ -62,7 +92,9 @@ The CLI invoke commands listed in this document shows them when executing from t
|
|
62
92
|
* [/api/systems/{systemId}/approval/cac](#post-cac)
|
63
93
|
* [/api/systems/{systemId}/approval/pac](#post-pac)
|
64
94
|
* [/api/systems/{systemId}/static-code-scans](#post-static_code_scan)
|
65
|
-
|
95
|
+
* [/api/systems/{systemId}/cloud-resource-results](#post-cloudresource)
|
96
|
+
* [/api/systems/{systemId}/container-scan-results](#post-container)
|
97
|
+
|
66
98
|
### PUT
|
67
99
|
* [/api/systems/{systemId}/controls](#put-controls)
|
68
100
|
* [/api/systems/{systemId}/poams](#put-poams)
|
@@ -77,77 +109,77 @@ The CLI invoke commands listed in this document shows them when executing from t
|
|
77
109
|
## Endpoints CLI help
|
78
110
|
|
79
111
|
Each CLI endpoint command has several layers of help.
|
80
|
-
- Using `help` after a `get, put, post, or delete` command lists all available endpoint calls
|
112
|
+
- Using `help` after a `get, put, post, or delete` command lists all available endpoint calls. The following command would list all available `GET` endpoints commands.
|
81
113
|
|
82
|
-
```
|
114
|
+
```bash
|
83
115
|
$ bundle exec exe/emasser get help
|
116
|
+
Commands:
|
117
|
+
emasser get artifacts # Get system Artifacts
|
118
|
+
emasser get cac # Get location of one or many controls in...
|
119
|
+
emasser get cmmc # Get CMMC assessment information
|
120
|
+
emasser get controls # Get system Controls
|
121
|
+
emasser get dashboards # Get dashboard information
|
122
|
+
emasser get help [COMMAND] # Describe subcommands or one specific su...
|
123
|
+
emasser get milestones # Get system Milestones
|
124
|
+
emasser get pac # Get status of active workflows in a system
|
125
|
+
emasser get poams # Get system Poams
|
126
|
+
emasser get roles # Get all system roles or by category Id
|
127
|
+
emasser get system # Get a system ID given name/owner, or ge...
|
128
|
+
emasser get systems # Get all systems
|
129
|
+
emasser get test # Test connection to the configured eMASS...
|
130
|
+
emasser get test_results # Get system Test Results
|
131
|
+
emasser get workflow_definitions # Get workflow definitions in a site
|
132
|
+
emasser get workflow_instances # Get workflow instance by system and/or ...
|
84
133
|
```
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
- emasser get approval ...
|
89
|
-
- emasser get artifacts ...
|
90
|
-
- emasser get controls ...
|
91
|
-
- emasser get help [COMMAND] ...
|
92
|
-
- emasser get poams ...
|
93
|
-
- emasser get roles ...
|
94
|
-
- emasser get system [--system-name [SYSTEM_NAME]] [--system-owner [SYSTEM_OW...
|
95
|
-
- emasser get systems [options] ...
|
96
|
-
- emasser get test_results ...
|
97
|
-
|
98
|
-
- Preceding any command with `help` provides help for the command
|
99
|
-
|
100
|
-
```
|
134
|
+
- Preceding any command with `help` provides help for the command. The following command would list all available sub-commands and options for the `get artifacts` endpoint command.
|
135
|
+
```bash
|
101
136
|
$ bundle exec exe/emasser get help artifacts
|
137
|
+
commands:
|
138
|
+
emasser get artifacts export --filename=FILENAME --systemId=N # Get artifa...
|
139
|
+
emasser get artifacts forSystem --systemId=N # Get all sy...
|
140
|
+
emasser get artifacts help [COMMAND] # Describe s...
|
102
141
|
```
|
103
|
-
|
104
|
-
|
105
|
-
- emasser get artifacts help [COMMAND] # Describe s...
|
106
|
-
- emasser get artifacts system --systemId=N # Get all sy...
|
107
|
-
|
108
|
-
- Using `help` after any command lists all available options
|
109
|
-
|
110
|
-
```
|
142
|
+
- Using `help` after any command lists all available options. The following command would list all available options for the `get artifacts export` endpoint command.
|
143
|
+
```bash
|
111
144
|
$ bundle exec exe/emasser get artifacts help export
|
112
|
-
|
113
|
-
|
114
|
-
- Usage:
|
115
|
-
- emasser get artifacts export --filename=FILENAME --systemId=N
|
116
|
-
- Options:
|
117
|
-
- --systemId=N # A numeric value representing the system identification
|
118
|
-
- --filename=FILENAME # The artifact file name
|
119
|
-
- --compress # BOOLEAN - true or false.
|
145
|
+
Usage:
|
146
|
+
emasser get artifacts export --filename=FILENAME --systemId=N
|
120
147
|
|
121
|
-
|
148
|
+
Options:
|
149
|
+
--systemId=N # A numeric value representing the system identification
|
150
|
+
--filename=FILENAME # The artifact file name
|
151
|
+
[--compress], [--no-compress] # BOOLEAN - true or false.
|
152
|
+
```
|
153
|
+
**The same format is applicable for POST, PUT and DELETE requests as well, however there may be additional help content**
|
122
154
|
|
123
155
|
|
124
156
|
## Usage - GET
|
125
157
|
|
126
|
-
### ```get test connection```
|
127
|
-
[top](#api-endpoints-provided)
|
128
|
-
|
158
|
+
### ```get test connection```
|
129
159
|
---
|
130
160
|
The Test Connection endpoint provides the ability to verify connection to the web service.
|
131
161
|
|
132
162
|
$ bundle exec exe/emasser get test connection
|
133
163
|
|
134
164
|
A return of success from the call indicates that the CLI can reach the configure server URL.
|
135
|
-
References [Required Environment Variables](#required-environment-variables)
|
165
|
+
References [Required Environment Variables](#required-environment-variables) for the necessary environment variables.
|
136
166
|
|
137
|
-
### ```get system```
|
138
167
|
[top](#api-endpoints-provided)
|
139
168
|
|
169
|
+
### ```get system```
|
170
|
+
|
140
171
|
---
|
141
|
-
The `get system
|
172
|
+
The `get system` command is not a sanctioned eMASS endpoint, it makes use of the `get systems` endpoint with added business logic.
|
142
173
|
|
143
|
-
|
174
|
+
There are two commands provided by the get system:
|
175
|
+
|
176
|
+
- The `get system id` - returns system ID's based on the system `name` or `owner`
|
177
|
+
- The `get system byId` - returns the system content for parameter system ID
|
144
178
|
|
145
179
|
### get system id
|
146
180
|
Retrieves a system identification based on the SYSTEM_NAME (name) or SYSTEM_OWNER (systemOwner) fields.
|
147
181
|
|
148
|
-
|
149
|
-
|
150
|
-
To invoke the `get system` use the following command:
|
182
|
+
To invoke the `get system id` use the following command:
|
151
183
|
|
152
184
|
$ bundle exec exe/emasser get system id --system_name "system name" --system_owner "system owner"
|
153
185
|
|
@@ -157,7 +189,7 @@ If using a platform that has `awk` installed the following command can be used t
|
|
157
189
|
|
158
190
|
|
159
191
|
### get system byId
|
160
|
-
|
192
|
+
Retrieves the system content for provided identification (ID) number. To invoke the endpoint use the following command:
|
161
193
|
|
162
194
|
$ bundle exec exe/emasser get system byId
|
163
195
|
|
@@ -174,14 +206,16 @@ To view a system by its identification (Id) use the following command:
|
|
174
206
|
|--includePackage |BOOLEAN - true or false |
|
175
207
|
|--policy |Possible values: diacap, rmf, reporting |
|
176
208
|
|
209
|
+
[top](#api-endpoints-provided)
|
177
210
|
|
178
211
|
### ```get systems```
|
179
|
-
[top](#api-endpoints-provided)
|
180
212
|
|
181
213
|
----
|
182
|
-
To
|
183
|
-
|
214
|
+
To retrieve controls use the following command:
|
215
|
+
- all - Retrieves all available systems
|
216
|
+
```
|
184
217
|
$ bundle exec exe/emasser get systems all
|
218
|
+
```
|
185
219
|
|
186
220
|
- Optional parameters are:
|
187
221
|
|
@@ -194,12 +228,11 @@ To view systems use the following command:
|
|
194
228
|
|--includePackage |BOOLEAN - true or false |
|
195
229
|
|--policy |Possible values: diacap, rmf, reporting |
|
196
230
|
|--registrationType |Possible values: assessAndAuthorize, assessOnly, guest, regular, functional, |
|
197
|
-
| |
|
231
|
+
| | cloudServiceProvider, commonControlProvider |
|
198
232
|
|--reportsForScorecard |BOOLEAN - true or false |
|
199
233
|
|
200
|
-
|
201
|
-
### ```get roles```
|
202
234
|
[top](#api-endpoints-provided)
|
235
|
+
### ```get roles```
|
203
236
|
|
204
237
|
----
|
205
238
|
There are two get endpoints for system roles:
|
@@ -225,12 +258,11 @@ There are two get endpoints for system roles:
|
|
225
258
|
|--policy |Possible values: diacap, rmf, reporting |
|
226
259
|
|--includeDecommissioned |BOOLEAN - true or false |
|
227
260
|
|
228
|
-
|
229
|
-
### ```get controls```
|
230
261
|
[top](#api-endpoints-provided)
|
262
|
+
### ```get controls```
|
231
263
|
|
232
264
|
----
|
233
|
-
To
|
265
|
+
To retrieve controls use the following command:
|
234
266
|
|
235
267
|
$ bundle exec exe/emasser get controls forSystem --systemId=SYSTEMID
|
236
268
|
|
@@ -246,12 +278,11 @@ To view controls use the following command:
|
|
246
278
|
|-------------|:------------------------------------------|
|
247
279
|
|--acronyms |The system acronym(s) e.g "AC-1, AC-2" - if not provided all controls for systemId are returned |
|
248
280
|
|
249
|
-
|
250
|
-
### ```get test_results```
|
251
281
|
[top](#api-endpoints-provided)
|
282
|
+
### ```get test_results```
|
252
283
|
|
253
284
|
----
|
254
|
-
To
|
285
|
+
To retrieve test results use the following command:
|
255
286
|
|
256
287
|
$ bundle exec exe/emasser get test_results forSystem --systemId=SYSTEMID
|
257
288
|
|
@@ -269,9 +300,8 @@ To view test results use the following command:
|
|
269
300
|
|--ccis |String - The system CCIS string numerical value |
|
270
301
|
|--latestOnly |BOOLEAN - true or false|
|
271
302
|
|
272
|
-
|
273
|
-
### ```get poams```
|
274
303
|
[top](#api-endpoints-provided)
|
304
|
+
### ```get poams```
|
275
305
|
|
276
306
|
----
|
277
307
|
There are two get endpoints for system poams:
|
@@ -307,9 +337,8 @@ There are two get endpoints for system poams:
|
|
307
337
|
|--systemId |Integer - Unique system identifier |
|
308
338
|
|--poamId |Integer - Unique poam identifier |
|
309
339
|
|
310
|
-
|
311
|
-
### ```get milestones```
|
312
340
|
[top](#api-endpoints-provided)
|
341
|
+
### ```get milestones```
|
313
342
|
|
314
343
|
----
|
315
344
|
There are two get endpoints for system milestones:
|
@@ -344,9 +373,8 @@ There are two get endpoints for system milestones:
|
|
344
373
|
|--poamId |Integer - Unique poam identifier |
|
345
374
|
|--milestoneId |Integer - Unique milestone identifier |
|
346
375
|
|
347
|
-
|
348
|
-
### ```get artifacts```
|
349
376
|
[top](#api-endpoints-provided)
|
377
|
+
### ```get artifacts```
|
350
378
|
|
351
379
|
----
|
352
380
|
There are two get endpoints that provides the ability to view existing `Artifacts` in a system:
|
@@ -370,21 +398,26 @@ There are two get endpoints that provides the ability to view existing `Artifact
|
|
370
398
|
|--ccis |String - The system CCIS string numerical value|
|
371
399
|
|--systemOnly |BOOLEAN - true or false|
|
372
400
|
|
401
|
+
|
373
402
|
- export - Retrieves the file artifacts (if compress is true the file binary contents are returned, otherwise the file textual contents are returned.)
|
374
|
-
|
375
|
-
|
376
|
-
|
403
|
+
````
|
404
|
+
$ bundle exec exe/emasser get artifacts export --systemId=SYSTEMID
|
405
|
+
````
|
377
406
|
- required parameters are:
|
378
407
|
|
379
408
|
|parameter | type or values |
|
380
409
|
|-------------|:----------------------------------|
|
381
410
|
|--systemId |Integer - Unique system identifier |
|
382
411
|
|--filename |The artifact file name |
|
412
|
+
|
413
|
+
- optional parameter is:
|
414
|
+
|
415
|
+
|parameter | type or values |
|
416
|
+
|-------------|:----------------------------------|
|
383
417
|
|--compress |BOOLEAN - true or false. |
|
384
418
|
|
385
|
-
|
386
|
-
### ```get cac```
|
387
419
|
[top](#api-endpoints-provided)
|
420
|
+
### ```get cac```
|
388
421
|
|
389
422
|
----
|
390
423
|
To view one or many Control Approval Chain (CAC) in a system specified system ID use the following command:
|
@@ -403,9 +436,8 @@ To view one or many Control Approval Chain (CAC) in a system specified system ID
|
|
403
436
|
|-------------------------------|:----------------------------------------------|
|
404
437
|
|--controlAcronyms |String - The system acronym(s) e.g "AC-1, AC-2"|
|
405
438
|
|
406
|
-
|
407
|
-
### ```get pac```
|
408
439
|
[top](#api-endpoints-provided)
|
440
|
+
### ```get pac```
|
409
441
|
|
410
442
|
----
|
411
443
|
To view one or many Package Approval Chain (PAC) in a system specified system ID use the following command:
|
@@ -419,24 +451,22 @@ To view one or many Package Approval Chain (PAC) in a system specified system ID
|
|
419
451
|
|-------------|:----------------------------------|
|
420
452
|
|--systemId |Integer - Unique system identifier |
|
421
453
|
|
422
|
-
|
423
|
-
### ```get cmmc```
|
424
454
|
[top](#api-endpoints-provided)
|
455
|
+
### ```get cmmc```
|
425
456
|
|
426
457
|
----
|
427
458
|
To view Cybersecurity Maturity Model Certification (CMMC) Assessments use the following command:
|
428
459
|
|
429
460
|
$ bundle exec exe/emasser get workflow_definitions forSite --sinceDate=SINCEDATE
|
430
461
|
|
431
|
-
- Required
|
462
|
+
- Required parameter is:
|
432
463
|
|
433
464
|
|parameter | type or values |
|
434
465
|
|----------------|:--------------------------------------|
|
435
466
|
|--sinceDate |Date - The CMMC date. Unix date format |
|
436
467
|
|
437
|
-
|
438
|
-
### ```get workflow_definitions```
|
439
468
|
[top](#api-endpoints-provided)
|
469
|
+
### ```get workflow_definitions```
|
440
470
|
|
441
471
|
----
|
442
472
|
To view Workflow Definitions use the following command:
|
@@ -449,23 +479,17 @@ To view Workflow Definitions use the following command:
|
|
449
479
|
|---------------------|:----------------------------------------------------------------------------|
|
450
480
|
|--includeInactive |BOOLEAN - true or false |
|
451
481
|
|--registrationType |Possible values: assessAndAuthorize, assessOnly, guest, regular, functional, |
|
452
|
-
| |
|
453
|
-
|
482
|
+
| | cloudServiceProvider, commonControlProvider |
|
454
483
|
|
455
|
-
### ```get workflow_instances```
|
456
484
|
[top](#api-endpoints-provided)
|
485
|
+
### ```get workflow_instances```
|
457
486
|
|
458
487
|
----
|
459
488
|
There are two get endpoints to view workflow instances:
|
460
|
-
-
|
461
|
-
|
462
|
-
|
463
|
-
|
464
|
-
|
465
|
-
|parameter | type or values |
|
466
|
-
|-------------|:----------------------------------|
|
467
|
-
|--systemId |Integer - Unique system identifier |
|
468
|
-
|
489
|
+
- all
|
490
|
+
```
|
491
|
+
$ bundle exec exe/emasser get workflow_instances all
|
492
|
+
```
|
469
493
|
- Optional parameters are:
|
470
494
|
|
471
495
|
|parameter | type or values |
|
@@ -476,21 +500,106 @@ There are two get endpoints to view workflow instances:
|
|
476
500
|
|--status |Possible values: active, inactive, all |
|
477
501
|
|
478
502
|
- byWorkflowInstanceId
|
479
|
-
|
480
|
-
|
503
|
+
```
|
504
|
+
$ bundle exec exe/emasser get workflow_instances byWorkflowInstanceId --workflowInstanceId=WORKFLOWID
|
505
|
+
```
|
481
506
|
- required parameter is:
|
482
507
|
|
483
508
|
|parameter | type or values |
|
484
509
|
|---------------------|:---------------------------------------------|
|
485
|
-
|--systemId |Integer - Unique system identifier |
|
486
510
|
|--workflowInstanceId |Integer - Unique workflow instance identifier |
|
487
511
|
|
512
|
+
[top](#api-endpoints-provided)
|
513
|
+
### ```get dashboards```
|
488
514
|
|
489
|
-
|
515
|
+
----
|
516
|
+
The Dashboards endpoints provide the ability to view data contained in dashboard exports. In the eMASS front end, these dashboard exports are generated as Excel exports.
|
517
|
+
|
518
|
+
All endpoint calls utilize the same parameter values, they are:
|
519
|
+
- Required parameter is:
|
520
|
+
|
521
|
+
|parameter | type or values |
|
522
|
+
|--------------|:------------------------------------------------|
|
523
|
+
|--orgId |Integer - The organization identification number |
|
524
|
+
|
525
|
+
- Optional parameters are:
|
526
|
+
|
527
|
+
|parameter | type or values |
|
528
|
+
|-------------|:--------------------------------------------------------------|
|
529
|
+
|--pageIndex |Integer - The index of the starting page (default first page 0)|
|
530
|
+
|--pageSize |Integer - The number of entries per page (default 20000) |
|
531
|
+
|
532
|
+
Available commands are:
|
533
|
+
- Get systems status detail dashboard information
|
534
|
+
```
|
535
|
+
$ bundle exec exe/emasser get status_details --orgId=ORGID
|
536
|
+
```
|
537
|
+
- Get systems control compliance summary dashboard information
|
538
|
+
```
|
539
|
+
$ bundle exec exe/emasser get control_compliance_summary --orgId=ORGID
|
540
|
+
```
|
541
|
+
- Get systems security control details dashboard information
|
542
|
+
```
|
543
|
+
$ bundle exec exe/emasser get security_control_details --orgId=ORGID
|
544
|
+
```
|
545
|
+
- Get systems assessment procedures details dashboard information
|
546
|
+
```
|
547
|
+
$ bundle exec exe/emasser get assessment_procedures_details --orgId=ORGID
|
548
|
+
```
|
549
|
+
- Get systems POA&Ms summary dashboard information
|
550
|
+
```
|
551
|
+
$ bundle exec exe/emasser get poam_summary --orgId=ORGID
|
552
|
+
```
|
553
|
+
- Get system POA&Ms details dashboard information
|
554
|
+
```
|
555
|
+
$ bundle exec exe/emasser get poam_details --orgId=ORGID
|
556
|
+
```
|
557
|
+
- Get system hardware summary dashboard information
|
558
|
+
```
|
559
|
+
$ bundle exec exe/emasser get hardware_summary --orgId=ORGID
|
560
|
+
```
|
561
|
+
- Get system hardware details dashboard information
|
562
|
+
```
|
563
|
+
$ bundle exec exe/emasser get hardware_details --orgId=ORGID
|
564
|
+
```
|
565
|
+
- Get system associations details dashboard information
|
566
|
+
```
|
567
|
+
$ bundle exec exe/emasser get associations_details --orgId=ORGID
|
568
|
+
```
|
569
|
+
- Get user system assignments details dashboard information
|
570
|
+
```
|
571
|
+
$ bundle exec exe/emasser get assignments_details --orgId=ORGID
|
572
|
+
```
|
573
|
+
- Get user system privacy summary dashboard information
|
574
|
+
```
|
575
|
+
$ bundle exec exe/emasser get privacy_summary --orgId=ORGID
|
576
|
+
```
|
577
|
+
- Get VA OMB-FISMA SAOP summary dashboard information
|
578
|
+
```
|
579
|
+
$ bundle exec exe/emasser get fisma_saop_summary --orgId=ORGID
|
580
|
+
```
|
581
|
+
- Get VA system A&A summary dashboard information
|
582
|
+
```
|
583
|
+
$ bundle exec exe/emasser get va_aa_summary --orgId=ORGID
|
584
|
+
```
|
585
|
+
- Get VA system A2.0 summary dashboard information
|
586
|
+
```
|
587
|
+
$ bundle exec exe/emasser get va_a2_summary --orgId=ORGID
|
588
|
+
```
|
589
|
+
- Get VA System P.L. 109 reporting summary dashboard information
|
590
|
+
```
|
591
|
+
$ bundle exec exe/emasser get va_pl_109_summary --orgId=ORGID
|
592
|
+
```
|
593
|
+
- Get VA system FISMA inventory summary dashboard information
|
594
|
+
```
|
595
|
+
$ bundle exec exe/emasser get fisma_inventory_summary --orgId=ORGID
|
596
|
+
```
|
490
597
|
|
491
|
-
### ``post test_results``
|
492
598
|
[top](#api-endpoints-provided)
|
493
599
|
|
600
|
+
## Usage - POST
|
601
|
+
|
602
|
+
### ``post test_results``
|
494
603
|
---
|
495
604
|
Test Result add (POST) endpoint API business rules.
|
496
605
|
|
@@ -531,11 +640,9 @@ For information at the command line use:
|
|
531
640
|
```
|
532
641
|
$ bundle exec exe/emasser post test_results help add
|
533
642
|
```
|
534
|
-
|
643
|
+
[top](#post)
|
535
644
|
|
536
645
|
### ``post poams``
|
537
|
-
[top](#api-endpoints-provided)
|
538
|
-
|
539
646
|
---
|
540
647
|
Plan of Action and Milestones (POA&M) add (POST) endpoint API business rules.
|
541
648
|
|
@@ -573,19 +680,23 @@ Business logic, the following rules apply when adding POA&Ms
|
|
573
680
|
- If the Security Control or Assessment Procedure does not exist in the system we may have to just import POA&M Item at the System Level.
|
574
681
|
|
575
682
|
|
576
|
-
The following parameters/fields have the following character limitations:
|
577
|
-
-
|
578
|
-
- Office / Organization (pocOrganization)
|
579
|
-
- First Name (pocFirstName)
|
580
|
-
- Last Name (pocLastName)
|
581
|
-
- Email (email)
|
582
|
-
- Phone Number (pocPhoneNumber)
|
583
|
-
-
|
584
|
-
-
|
585
|
-
-
|
586
|
-
-
|
587
|
-
-
|
588
|
-
|
683
|
+
The following POA&M parameters/fields have the following character limitations:
|
684
|
+
- Fields that can not exceed 100 characters:
|
685
|
+
- Office / Organization (`pocOrganization`)
|
686
|
+
- First Name (`pocFirstName`)
|
687
|
+
- Last Name (`pocLastName`)
|
688
|
+
- Email (`email`)
|
689
|
+
- Phone Number (`pocPhoneNumber`)
|
690
|
+
- External Unique ID (`externalUid`)
|
691
|
+
- Fields that can not exceed 250 characters:
|
692
|
+
- Resource (`resource`)
|
693
|
+
- Fields have can not exceed 2000 character:
|
694
|
+
- Vulnerability Description (`vulnerabilityDescription`)
|
695
|
+
- Source Identifying Vulnerability (`sourceIdentVuln`)
|
696
|
+
- Recommendations (`recommendations`)
|
697
|
+
- Risk Accepted Comments (`comments`)
|
698
|
+
- Milestone Description (`description`)
|
699
|
+
- Mitigation Justification (`mitigation`)
|
589
700
|
|
590
701
|
To add (POST) POA&Ms use the following command:
|
591
702
|
```
|
@@ -604,30 +715,30 @@ $ bundle exec exe/emasser post poams add --systemId [value] --status [value] --v
|
|
604
715
|
Client API parameters/fields (required, conditional, and optional).
|
605
716
|
- required parameter are:
|
606
717
|
|
607
|
-
|parameter | type or values
|
608
|
-
|
609
|
-
|--systemId |Integer - Unique system identifier
|
610
|
-
|--status |Possible Values: Ongoing,Risk Accepted,Completed,Not Applicable
|
611
|
-
|--vulnerabilityDescription |String - Vulnerability description for the POA&M Item
|
612
|
-
|--sourceIdentVuln |String - Include Source Identifying Vulnerability text
|
613
|
-
|--pocOrganization |String - Organization/Office represented
|
614
|
-
|--resources |String - List of resources used. Character Limit = 250
|
718
|
+
|parameter | type or values |
|
719
|
+
|---------------------------|:---------------------------------------------------------------|
|
720
|
+
|--systemId |Integer - Unique system identifier |
|
721
|
+
|--status |Possible Values: Ongoing,Risk Accepted,Completed,Not Applicable |
|
722
|
+
|--vulnerabilityDescription |String - Vulnerability description for the POA&M Item |
|
723
|
+
|--sourceIdentVuln |String - Include Source Identifying Vulnerability text |
|
724
|
+
|--pocOrganization |String - Organization/Office represented |
|
725
|
+
|--resources |String - List of resources used. Character Limit = 250 |
|
615
726
|
|
616
727
|
** If any poc information is provided all POC fields are required. See additional details for POC fields below.
|
617
728
|
|
618
729
|
- conditional parameters are:
|
619
730
|
|
620
|
-
|parameter | type or values
|
621
|
-
|
622
|
-
|--milestones |JSON - see milestone format
|
623
|
-
|--pocFirstName |String - First name of POC
|
624
|
-
|--pocLastName |String - Last name of POC
|
625
|
-
|--pocEmail |String - Email address of POC
|
626
|
-
|--pocPhoneNumber |String - Phone number of POC (area code) ***-**** format
|
627
|
-
|--severity |Possible values - Very Low, Low, Moderate, High, Very High
|
628
|
-
|--scheduledCompletionDate |Date - Required for ongoing and completed POA&M items. Unix time format
|
629
|
-
|--completionDate |Date - Field is required for completed POA&M items. Unix time format
|
630
|
-
|--comments |String - Field is required for completed and risk accepted POA&M items.
|
731
|
+
|parameter | type or values |
|
732
|
+
|--------------------------|:------------------------------------------------------------------------|
|
733
|
+
|--milestones |JSON - see milestone format |
|
734
|
+
|--pocFirstName |String - First name of POC |
|
735
|
+
|--pocLastName |String - Last name of POC |
|
736
|
+
|--pocEmail |String - Email address of POC |
|
737
|
+
|--pocPhoneNumber |String - Phone number of POC (area code) ***-**** format |
|
738
|
+
|--severity |Possible values - Very Low, Low, Moderate, High, Very High |
|
739
|
+
|--scheduledCompletionDate |Date - Required for ongoing and completed POA&M items. Unix time format |
|
740
|
+
|--completionDate |Date - Field is required for completed POA&M items. Unix time format |
|
741
|
+
|--comments |String - Field is required for completed and risk accepted POA&M items. |
|
631
742
|
|
632
743
|
** If a POC email is supplied, the application will attempt to locate a user already registered within the application and pre-populate any information not explicitly supplied in the request. If no such user is found, these fields are required within the request:
|
633
744
|
pocFirstName, pocLastName, pocPhoneNumber
|
@@ -639,7 +750,7 @@ Client API parameters/fields (required, conditional, and optional).
|
|
639
750
|
|
640
751
|
|parameter | type or values |
|
641
752
|
|--------------------|:-----------------------------------------------------------------------------------------|
|
642
|
-
|--externalUid |String - External unique identifier for use with associating POA&M Items
|
753
|
+
|--externalUid |String - External unique identifier for use with associating POA&M Items |
|
643
754
|
|--controlAcronym |String - Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined|
|
644
755
|
|--cci |String - CCI associated with the test result |
|
645
756
|
|--securityChecks |String - Security Checks that are associated with the POA&M |
|
@@ -649,8 +760,8 @@ Client API parameters/fields (required, conditional, and optional).
|
|
649
760
|
|--impact |Possible values: Very Low, Low, Moderate, High, Very High |
|
650
761
|
|--impactDescription |String - Include description of Security Control’s impact |
|
651
762
|
|--residualRiskLevel |Possible values: Very Low, Low, Moderate, High, Very High |
|
652
|
-
|--recommendations |String - Include recommendations
|
653
|
-
|--mitigation |String - Include mitigation explanation
|
763
|
+
|--recommendations |String - Include recommendations |
|
764
|
+
|--mitigation |String - Include mitigation explanation |
|
654
765
|
|
655
766
|
|
656
767
|
**Note**
|
@@ -658,11 +769,9 @@ For information at the command line use:
|
|
658
769
|
```
|
659
770
|
$ bundle exec exe/emasser post poams help add
|
660
771
|
```
|
661
|
-
|
772
|
+
[top](#post)
|
662
773
|
|
663
774
|
### ``post milestones``
|
664
|
-
[top](#api-endpoints-provided)
|
665
|
-
|
666
775
|
---
|
667
776
|
To add (POST) milestones in a system for one or more POA&M items use the following command:
|
668
777
|
|
@@ -684,11 +793,9 @@ For information at the command line use:
|
|
684
793
|
```
|
685
794
|
$ bundle exec exe/emasser post milestones help add
|
686
795
|
```
|
687
|
-
|
796
|
+
[top](#post)
|
688
797
|
|
689
798
|
### ``post artifacts``
|
690
|
-
[top](#api-endpoints-provided)
|
691
|
-
|
692
799
|
---
|
693
800
|
The add (POST) artifacts endpoint accepts a single binary file with file extension.zip only. The command line (CI) reads the files provided and zips them before sending to eMASS.
|
694
801
|
|
@@ -745,11 +852,9 @@ For information at the command line use:
|
|
745
852
|
```
|
746
853
|
$ bundle exec exe/emasser post artifacts help upload
|
747
854
|
```
|
748
|
-
|
855
|
+
[top](#post)
|
749
856
|
|
750
857
|
### ``post cac``
|
751
|
-
[top](#api-endpoints-provided)
|
752
|
-
|
753
858
|
----
|
754
859
|
Submit control to second role of CAC
|
755
860
|
|
@@ -779,11 +884,9 @@ For information at the command line use:
|
|
779
884
|
```
|
780
885
|
$ bundle exec exe/emasser post cac help add
|
781
886
|
```
|
782
|
-
|
887
|
+
[top](#post)
|
783
888
|
|
784
889
|
### ``post pac``
|
785
|
-
[top](#api-endpoints-provided)
|
786
|
-
|
787
890
|
----
|
788
891
|
Submit control to second role of CAC
|
789
892
|
|
@@ -799,20 +902,17 @@ To add (POST) test PAC use the following command:
|
|
799
902
|
|--systemId |Integer - Unique system identifier |
|
800
903
|
|--workflow |Possible Values: Assess and Authorize, Assess Only, Security Plan Approval |
|
801
904
|
|--name |String - Package name. 100 Characters |
|
802
|
-
|--comments |
|
905
|
+
|--comments |String - Comments submitted upon initiation of the indicated workflow, 4,000 character|
|
803
906
|
|
804
907
|
**Note**
|
805
908
|
For information at the command line use:
|
806
909
|
```
|
807
910
|
$ bundle exec exe/emasser post pac help add
|
808
911
|
```
|
809
|
-
|
912
|
+
[top](#post)
|
810
913
|
|
811
914
|
### ``post static_code_scan``
|
812
|
-
[top](#api-endpoints-provided)
|
813
|
-
|
814
915
|
----
|
815
|
-
|
816
916
|
To add (POST) static code scans use the following command:
|
817
917
|
|
818
918
|
````
|
@@ -858,12 +958,139 @@ For information at the command line use:
|
|
858
958
|
```
|
859
959
|
$ bundle exec exe/emasser post scan_findings help add
|
860
960
|
```
|
961
|
+
[top](#post)
|
962
|
+
|
963
|
+
### ```post cloud_resource```
|
964
|
+
---
|
965
|
+
|
966
|
+
The following Cloud Resource parameters/fields have the following character limitations:
|
967
|
+
- Fields that can not exceed 50 characters:
|
968
|
+
- Policy Deployment Version (`policyDeploymentVersion`)
|
969
|
+
- Fields that can not exceed 100 characters:
|
970
|
+
- Assessment Procedure (`assessmentProcedure`)
|
971
|
+
- Security Control Acronym (`control`)
|
972
|
+
- CSP Account ID (`cspAccountId`)
|
973
|
+
- CSP Region (`cspRegion`)
|
974
|
+
- Email of POC (`initiatedBy`)
|
975
|
+
- Cloud Service Provider (`provider`)
|
976
|
+
- Type of Cloud resource (`resourceType`)
|
977
|
+
- Fields that can not exceed 500 characters:
|
978
|
+
- CSP/Resource’s Policy ID (`cspPolicyDefinitionId`)
|
979
|
+
- Policy Deployment Name (`policyDeploymentName`)
|
980
|
+
- Policy Compliance ID (`resourceId`)
|
981
|
+
- Cloud Resource Name (`resourceName`)
|
982
|
+
- Fields that can not exceed 1000 characters:
|
983
|
+
- Reason for Compliance (`complianceReason`)
|
984
|
+
- Fields that can not exceed 2000 characters:
|
985
|
+
- Policy Short Title (`policyDefinitionTitle`)
|
986
|
+
|
987
|
+
To add a cloud resource and their scan results in the assets module for a system use the following command:
|
988
|
+
````
|
989
|
+
$ bundle exec exe/emasser post cloud_resource add --systemId [value] --provider [value] --resourceId [value] --resourceName [value] --resourceType [value] --cspPolicyDefinitionId [value] --isCompliant or --is-not-Compliant --policyDefinitionTitle [value] --test [value]
|
990
|
+
````
|
991
|
+
- required parameter are:
|
992
|
+
|
993
|
+
|parameter | type or values |
|
994
|
+
|------------------------|:--------------------------------------------------------------------------|
|
995
|
+
|--systemId |Integer - Unique system identifier |
|
996
|
+
|--provider |string - Cloud service provider name |
|
997
|
+
|--resourceId |String - Unique identifier/resource namespace for policy compliance result |
|
998
|
+
|--resourceName |String - Friendly name of Cloud resource |
|
999
|
+
|--resourceType |String - Type of Cloud resource |
|
1000
|
+
|--cspPolicyDefinitionId |String - Unique identifier/compliance namespace for CSP/Resource\'s policy definition/compliance check|
|
1001
|
+
|--isCompliant | Boolean - Compliance status of the policy for the identified cloud resource |
|
1002
|
+
|--policyDefinitionTitle | String - Friendly policy/compliance check title. Recommend short title |
|
1003
|
+
|
1004
|
+
- optional parameters are:
|
1005
|
+
|
1006
|
+
|parameter | type or values |
|
1007
|
+
|-------------------|:------------------------------------------------------|
|
1008
|
+
|--initiatedBy |String - Person initiating the process email address |
|
1009
|
+
|--cspAccountId |String - System/owner\'s CSP account ID/number |
|
1010
|
+
|--cspRegion |String - CSP region of system |
|
1011
|
+
|--isBaseline |Boolean - Flag that indicates in results is a baseline |
|
1012
|
+
|Tags Object (tags)|
|
1013
|
+
|--text | String - Text that specifies the tag type |
|
1014
|
+
|Compliance Results Array Objects (complianceResults)|
|
1015
|
+
|--assessmentProcedure |String - Comma separated correlation to Assessment Procedure (i.e. CCI number for DoD Control Set) |
|
1016
|
+
|--complianceCheckTimestamp |Date - The compliance check date - Unix time format |
|
1017
|
+
|--complianceReason |String - Reason/comments for compliance result |
|
1018
|
+
|--control |String - Comma separated correlation to Security Control (e.g. exact NIST Control acronym) |
|
1019
|
+
|--policyDeploymentName |String - Name of policy deployment |
|
1020
|
+
|--policyDeploymentVersion |String - Version of policy deployment |
|
1021
|
+
|--severity |Possible Values: Low, Medium, High, Critical |
|
1022
|
+
|
1023
|
+
|
1024
|
+
**Note**
|
1025
|
+
For information at the command line use:
|
1026
|
+
```
|
1027
|
+
$ bundle exec exe/emasser post cloud_resource help add
|
1028
|
+
```
|
1029
|
+
|
1030
|
+
[top](#post)
|
1031
|
+
|
1032
|
+
|
1033
|
+
### ```post container```
|
1034
|
+
---
|
1035
|
+
The following Container parameters/fields have the following character limitations:
|
1036
|
+
- Fields that can not exceed 100 characters:
|
1037
|
+
- STIG Benchmark ID (`benchmark`)
|
1038
|
+
- Container Namespace (`namespace`)
|
1039
|
+
- Kubernetes assigned IP (`podIp`)
|
1040
|
+
- Kubernetes Pod Name) (`podName`)
|
1041
|
+
- Fields that can not exceed 500 characters:
|
1042
|
+
- Container ID (`containerId`)
|
1043
|
+
- Friendly Container Name (`containerName`)
|
1044
|
+
- Fields that can not exceed 1000 characters:
|
1045
|
+
- Result Comments (`message`)
|
1046
|
+
|
1047
|
+
|
1048
|
+
|
1049
|
+
To add containers and their scan results in the assets module for a system use the following command:
|
1050
|
+
````
|
1051
|
+
$ bundle exec ruby exe/emasser post container add --systemId [value] --containerId [value] --containerName [value] --time [value] --benchmark [value] --lastSeen [value] --ruleId [value] --status [value]
|
1052
|
+
|
1053
|
+
````
|
1054
|
+
|
1055
|
+
- required parameter are:
|
1056
|
+
|
1057
|
+
|parameter | type or values |
|
1058
|
+
|------------------------|:--------------------------------------------------------------------------|
|
1059
|
+
|--systemId |Integer - Unique system identifier |
|
1060
|
+
|--containerId |String - Unique identifier of the container |
|
1061
|
+
|--containerName |String - Friendly name of the container |
|
1062
|
+
|--time |Date - Datetime of scan/result. Unix date format |
|
1063
|
+
|Bench Marks Object (benchmarks)|
|
1064
|
+
|--benchmark |String - Identifier of the benchmark/grouping of compliance results |
|
1065
|
+
|benchmarks.results |Object
|
1066
|
+
|--ruleId |String - Identifier for the compliance result, vulnerability, etc.
|
1067
|
+
|--status |String - Benchmark result status
|
1068
|
+
|--lastSeen |Date - Date last seen, Unix date format
|
1069
|
+
|
1070
|
+
- optional parameters are:
|
1071
|
+
|
1072
|
+
|parameter | type or values |
|
1073
|
+
|----------------------------|:------------------------------------------------------|
|
1074
|
+
|--podName |String - Name of pod (e.g. Kubernetes pod) |
|
1075
|
+
|--podIp |String - IP address of pod |
|
1076
|
+
|--namespace |String - Namespace of container in container orchestration (e.g. Kubernetes namespace)|
|
1077
|
+
|Tags Object (tags)|
|
1078
|
+
|--text | String - Text that specifies the tag type |
|
1079
|
+
|Bench Marks Object (benchmarks)
|
1080
|
+
|--isBaseline |Boolean - True/false flag for providing results as baseline. If true, all existing compliance results for the provided benchmark within the container will be replaced by results in the current call|
|
1081
|
+
|benchmarks.results |Object
|
1082
|
+
|--message |String - Comments for the result
|
861
1083
|
|
1084
|
+
**Note**
|
1085
|
+
For information at the command line use:
|
1086
|
+
```
|
1087
|
+
$ bundle exec exe/emasser post container help add
|
1088
|
+
```
|
1089
|
+
[top](#post)
|
862
1090
|
|
863
1091
|
## Usage - PUT
|
864
1092
|
|
865
1093
|
### ``put controls``
|
866
|
-
[top](#api-endpoints-provided)
|
867
1094
|
|
868
1095
|
----
|
869
1096
|
Business Rules
|
@@ -882,16 +1109,16 @@ Implementation Plan cannot be updated if a Security Control is "Inherited" excep
|
|
882
1109
|
|
883
1110
|
The following parameters/fields have the following character limitations:
|
884
1111
|
- Implementation Plan information cannot be saved if the fields below exceed 2,000 character limits:
|
885
|
-
- N/A Justification (naJustification)
|
886
|
-
- Responsible Entities (responsibleEntities)
|
887
|
-
- Implementation Narrative (implementationNarrative)
|
888
|
-
- Criticality (slcmCriticality)
|
889
|
-
- Reporting (slcmReporting)
|
890
|
-
- Tracking (slcmTracking)
|
891
|
-
- Vulnerability Summary (vulnerabilitySummary)
|
892
|
-
- Recommendations (recommendations)
|
1112
|
+
- N/A Justification (`naJustification`)
|
1113
|
+
- Responsible Entities (`responsibleEntities`)
|
1114
|
+
- Implementation Narrative (`implementationNarrative`)
|
1115
|
+
- Criticality (`slcmCriticality`)
|
1116
|
+
- Reporting (`slcmReporting`)
|
1117
|
+
- Tracking (`slcmTracking`)
|
1118
|
+
- Vulnerability Summary (`vulnerabilitySummary`)
|
1119
|
+
- Recommendations (`recommendations`)
|
893
1120
|
- Implementation Plan information cannot be saved if the fields below exceed 4,000 character limits:
|
894
|
-
- SLCM Comments (slcmComments)
|
1121
|
+
- SLCM Comments (`slcmComments`)
|
895
1122
|
|
896
1123
|
Implementation Plan information cannot be updated if Security Control does not exist in the system record.
|
897
1124
|
|
@@ -943,10 +1170,9 @@ For information at the command line use:
|
|
943
1170
|
```
|
944
1171
|
$ bundle exec exe/emasser put controls help update
|
945
1172
|
```
|
946
|
-
|
1173
|
+
[top](#put)
|
947
1174
|
|
948
1175
|
### ``put poams``
|
949
|
-
[top](#api-endpoints-provided)
|
950
1176
|
|
951
1177
|
----
|
952
1178
|
Business Rules
|
@@ -996,6 +1222,26 @@ The following parameters/fields have the following character limitations:
|
|
996
1222
|
- POA&M Item cannot be saved if Resource field (resource) exceeds 250 characters.
|
997
1223
|
- POA&M Items cannot be saved if Milestone Description (description) exceeds 2,000 characters.
|
998
1224
|
|
1225
|
+
|
1226
|
+
The following POA&M parameters/fields have the following character limitations:
|
1227
|
+
- Fields that can not exceed 100 characters:
|
1228
|
+
- Office / Organization (`pocOrganization`)
|
1229
|
+
- First Name (`pocFirstName`)
|
1230
|
+
- Last Name (`pocLastName`)
|
1231
|
+
- Email (`email`)
|
1232
|
+
- Phone Number (`pocPhoneNumber`)
|
1233
|
+
- External Unique ID (`externalUid`)
|
1234
|
+
- Fields that can not exceed 250 characters:
|
1235
|
+
- Resource (`resource`)
|
1236
|
+
- Fields have can not exceed 2000 character:
|
1237
|
+
- Vulnerability Description (`vulnerabilityDescription`)
|
1238
|
+
- Source Identifying Vulnerability (`sourceIdentVuln`)
|
1239
|
+
- Recommendations (`recommendations`)
|
1240
|
+
- Risk Accepted Comments (`comments`)
|
1241
|
+
- Milestone Description (`description`)
|
1242
|
+
- Mitigation Justification (`mitigation`)
|
1243
|
+
|
1244
|
+
|
999
1245
|
---
|
1000
1246
|
Updating (PUT) a POA&M can be accomplished by invoking the following command:
|
1001
1247
|
````
|
@@ -1003,32 +1249,32 @@ Updating (PUT) a POA&M can be accomplished by invoking the following command:
|
|
1003
1249
|
````
|
1004
1250
|
- required parameter are:
|
1005
1251
|
|
1006
|
-
|parameter | type or values
|
1007
|
-
|
1008
|
-
|--systemId |Integer - Unique system identifier
|
1009
|
-
|--displayPoamId |Integer - Globally unique identifier for individual POA&M Items
|
1010
|
-
|--status |Possible Values: Ongoing,Risk Accepted,Completed,Not Applicable
|
1011
|
-
|--vulnerabilityDescription |String - Vulnerability description for the POA&M Item
|
1012
|
-
|--sourceIdentVuln |String - Include Source Identifying Vulnerability text
|
1013
|
-
|--pocOrganization |String - Organization/Office represented
|
1014
|
-
|--resources |String - List of resources used. Character Limit = 250
|
1252
|
+
|parameter | type or values |
|
1253
|
+
|---------------------------|:---------------------------------------------------------------|
|
1254
|
+
|--systemId |Integer - Unique system identifier |
|
1255
|
+
|--displayPoamId |Integer - Globally unique identifier for individual POA&M Items |
|
1256
|
+
|--status |Possible Values: Ongoing,Risk Accepted,Completed,Not Applicable |
|
1257
|
+
|--vulnerabilityDescription |String - Vulnerability description for the POA&M Item |
|
1258
|
+
|--sourceIdentVuln |String - Include Source Identifying Vulnerability text |
|
1259
|
+
|--pocOrganization |String - Organization/Office represented |
|
1260
|
+
|--resources |String - List of resources used. Character Limit = 250 |
|
1015
1261
|
|
1016
1262
|
** If any poc information is provided all POC fields are required. See additional details for POC fields below.
|
1017
1263
|
|
1018
1264
|
- conditional parameters are:
|
1019
1265
|
|
1020
|
-
|parameter | type or values
|
1021
|
-
|
1022
|
-
|--milestones |JSON - see milestone format
|
1023
|
-
|--pocFirstName |String - First name of POC
|
1024
|
-
|--pocLastName |String - Last name of POC
|
1025
|
-
|--pocEmail |String - Email address of POC
|
1026
|
-
|--pocPhoneNumber |String - Phone number of POC (area code) ***-**** format
|
1027
|
-
|--severity |Possible values - Very Low, Low, Moderate, High, Very High
|
1028
|
-
|--scheduledCompletionDate |Date - Required for ongoing and completed POA&M items. Unix time format
|
1029
|
-
|--completionDate |Date - Field is required for completed POA&M items. Unix time format
|
1030
|
-
|--comments |String - Field is required for completed and risk accepted POA&M items
|
1031
|
-
|--isActive |Boolean - Used to delete milestones when updating a POA&M
|
1266
|
+
|parameter | type or values |
|
1267
|
+
|--------------------------|:-----------------------------------------------------------------------|
|
1268
|
+
|--milestones |JSON - see milestone format |
|
1269
|
+
|--pocFirstName |String - First name of POC |
|
1270
|
+
|--pocLastName |String - Last name of POC |
|
1271
|
+
|--pocEmail |String - Email address of POC |
|
1272
|
+
|--pocPhoneNumber |String - Phone number of POC (area code) ***-**** format |
|
1273
|
+
|--severity |Possible values - Very Low, Low, Moderate, High, Very High |
|
1274
|
+
|--scheduledCompletionDate |Date - Required for ongoing and completed POA&M items. Unix time format |
|
1275
|
+
|--completionDate |Date - Field is required for completed POA&M items. Unix time format |
|
1276
|
+
|--comments |String - Field is required for completed and risk accepted POA&M items |
|
1277
|
+
|--isActive |Boolean - Used to delete milestones when updating a POA&M |
|
1032
1278
|
|
1033
1279
|
** If a POC email is supplied, the application will attempt to locate a user already registered within the application and pre-populate any information not explicitly supplied in the request. If no such user is found, these fields are required within the request:
|
1034
1280
|
pocFirstName, pocLastName, pocPhoneNumber
|
@@ -1041,7 +1287,7 @@ Updating (PUT) a POA&M can be accomplished by invoking the following command:
|
|
1041
1287
|
|
1042
1288
|
|parameter | type or values |
|
1043
1289
|
|--------------------|:-----------------------------------------------------------------------------------------|
|
1044
|
-
|--externalUid |String - External unique identifier for use with associating POA&M Items
|
1290
|
+
|--externalUid |String - External unique identifier for use with associating POA&M Items |
|
1045
1291
|
|--controlAcronym |String - Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined|
|
1046
1292
|
|--cci |String - CCI associated with the test result |
|
1047
1293
|
|--securityChecks |String - Security Checks that are associated with the POA&M |
|
@@ -1051,7 +1297,7 @@ Updating (PUT) a POA&M can be accomplished by invoking the following command:
|
|
1051
1297
|
|--impact |Possible values: Very Low, Low, Moderate, High, Very High |
|
1052
1298
|
|--impactDescription |String - Include description of Security Control’s impact |
|
1053
1299
|
|--residualRiskLevel |Possible values: Very Low, Low, Moderate, High, Very High |
|
1054
|
-
|--recommendations |String - Include recommendations
|
1300
|
+
|--recommendations |String - Include recommendations |
|
1055
1301
|
|--mitigation |String - Include mitigation explanation. 2000 Characters |
|
1056
1302
|
|
1057
1303
|
**Note**
|
@@ -1059,10 +1305,9 @@ For information at the command line use:
|
|
1059
1305
|
```
|
1060
1306
|
$ bundle exec exe/emasser put poams help update
|
1061
1307
|
```
|
1062
|
-
|
1308
|
+
[top](#put)
|
1063
1309
|
|
1064
1310
|
### ``put milestones``
|
1065
|
-
[top](#api-endpoints-provided)
|
1066
1311
|
|
1067
1312
|
----
|
1068
1313
|
|
@@ -1087,10 +1332,9 @@ For information at the command line use:
|
|
1087
1332
|
```
|
1088
1333
|
$ bundle exec exe/emasser put milestones help update
|
1089
1334
|
```
|
1090
|
-
|
1335
|
+
[top](#put)
|
1091
1336
|
|
1092
1337
|
### ``put artifacts``
|
1093
|
-
[top](#api-endpoints-provided)
|
1094
1338
|
|
1095
1339
|
----
|
1096
1340
|
Business Rules
|
@@ -1143,12 +1387,11 @@ For information at the command line use:
|
|
1143
1387
|
```
|
1144
1388
|
$ bundle exec exe/emasser put artifacts help update
|
1145
1389
|
```
|
1146
|
-
|
1390
|
+
[top](#put)
|
1147
1391
|
|
1148
1392
|
## Usage - DELETE
|
1149
1393
|
|
1150
1394
|
### ``delete poams``
|
1151
|
-
[top](#api-endpoints-provided)
|
1152
1395
|
|
1153
1396
|
----
|
1154
1397
|
Remove one or many poa&m items in a system
|
@@ -1157,10 +1400,9 @@ To remove (DELETE) one or more POA&M items use the following command:
|
|
1157
1400
|
```
|
1158
1401
|
bundle exec exe/emasser delete poams remove --systemId [value] --poamId [value]
|
1159
1402
|
```
|
1160
|
-
|
1403
|
+
[top](#delete)
|
1161
1404
|
|
1162
1405
|
### ``delete milestones``
|
1163
|
-
[top](#api-endpoints-provided)
|
1164
1406
|
|
1165
1407
|
----
|
1166
1408
|
Remove milestones in a system for one or many POA&M items
|
@@ -1175,10 +1417,9 @@ To remove (DELETE) one or more Milestones in a system use the following command:
|
|
1175
1417
|
```
|
1176
1418
|
bundle exec exe/emasser delete milestones remove--systemId [value] --poamId [value] --milestoneId [value]
|
1177
1419
|
```
|
1178
|
-
|
1420
|
+
[top](#delete)
|
1179
1421
|
|
1180
1422
|
### ``delete artifacts``
|
1181
|
-
[top](#api-endpoints-provided)
|
1182
1423
|
|
1183
1424
|
---
|
1184
1425
|
Remove one or many artifacts in a system
|
@@ -1193,3 +1434,4 @@ bundle exec exe/emasser delete artifacts remove --systemId [value] --files [valu
|
|
1193
1434
|
or
|
1194
1435
|
bundle exec exe/emasser delete artifacts remove --systemId [value] --files [value, value...]
|
1195
1436
|
```
|
1437
|
+
[top](#delete)
|