eMASSer

About

eMASSer is a Command Line Interface (CLI) that aims to automate routine business use-cases and provide utility surrounding the Enterprise Mission Assurance Support Service (eMASS) by leveraging its Representational State Transfer (REST) Application Programming Interface (API).

NOTE: The eMASSer CLI utilizes the emass_client RubyGem executable package to access the eMASS API endpoints.

Documentation

For detail content information about the eMASS API references the eMASS API Specification page.

For detail features provided by the eMASSer CLI references the eMASSer CLI Features page.

The eMASSer CLI Architecture depicts the structure, and provides an explanation of CLI behaviors.

Installation Options

eMASSer is a Ruby CLI distributed via GitHub (this repository), RubyGems, or Docker.

Installation Dependencies

git
Ruby version 2.7 or greater

Runtime Major Dependencies

Ruby version 2.7 or greater
rubyzip (latest version)
emass_client (latest version)
On Windows the cURL binary is required (libcurl.dll). To install cURL:
- Download cURL for windows from curl x.x.x for Windows
  - Go into the archive and browse to the /bin directory
  - Locate libcurl_x64.dll (it may be named just libcurl.dll)
  - Extract the file into the Ruby installation /bin directory
  - Rename the file to libcurl.dll if it has the _x64 suffix
- Install cURL for windows and add the installation directory to the PATH.
See the emasser.gemspec file for all other dependencies

Install via GitHub

Clone the repository

git clone <path to emasser repository> emasser
cd emasser

Build the eMASSer gem*

  gem build *.gemspec
  gem install *.gem

*Note: To run in development mode there isn't a need to build the gem, simply clone from the emasser repository and use:

bundle install

bundle exec exe/emasser [command]

Install via published RubyGems

Install the emasser gem from the RubyGems registry
```
gem install emasser
```
Update the emasser gem to the latest version
```
gem update emasser
```
To run (execute a command) create a .env* file in the directory where you want to invoke the emmaser and use:
```
emasser [command]
```

*Note: See Setting Environment Variables Configuration for detailed information on required and optional variables.

Using Docker

Ensure that docker engine is running and start the eMASSer Docker Container.

Install

On Linux or Mac:

docker run --rm -v $PWD/path-to-secrets:/data mitre/emasser:latest

On Windows:

docker run --rm -v %cd%/path-to-secrets:/data mitre/emasser:latest

Update via Docker
```
  docker pull mitre/emasser:latest
```

Docker Notes:

Docker Options
- --rm Automatically remove the container when it exits
- -v Bind mount a volume
path-to-secrets
- Is the path to the .env file and the appropriate eMASS certificates (key.pem and client.pem).
- For example, if the .env is located in the same directory where the docker run is executed, running the command in a Windows platform would look like this:
```
docker run --rm -v %cd%/.:/data mitre/emasser:latest
```
- See Editing Environment Variables Configuration

Run eMASSer API client commands

To list all available GET, POST, PUT, or DELETE commands use:

docker run --rm -v $PWD/path-to-secrets:/data mitre/emasser:latest get help

docker run --rm -v $PWD/path-to-secrets:/data mitre/emasser:latest post help

docker run --rm -v $PWD/path-to-secrets:/data mitre/emasser:latest put help

docker run --rm -v $PWD/path-to-secrets:/data mitre/emasser:latest delete help

Example commands are for Linux or Mac, replace the $PWD with %cd% for Windows

Delete (remove) the Docker Container

  docker rmi -f mitre/emasser

Roadmap

The eMASSer implements all endpoints provided by the eMASS API, there is, all of the functions available from the eMASS GUI that are exposed by the API. If additional functions are useful (accessible via the CLI), please submit a request to eMass Tier III Support for possible inclusion into the API.

The Road Map seeks to add any useful features that facilitates organization that utilizes eMASS instances and have a need to automate their cybersecurity management process.

For additional capability create an issue, and email it to the SAF Team citing the issue link so we can help.

Some proposed capabilities (looking for a sponsor) are:

Update a system's record with met/not met NIST 800-53 Security and Privacy controls and/or common control indicators (CCI) based on scan results expressed in Heimdall Data Format (HDF).
Resolve a particular plan of action and milestone (POA&M) based on scan results or git-ops workflow.
PKCS11 support to run in an attended mode.

Design

Interactions with eMASS API

The eMASSer CLI leverages the emass_client, which provides a REST API client developed by MITRE based on the OpenAPI V3 standards for the official eMASS API specification. This design enables REST API clients to be generated in any supported programming language. The design enables the emass_client to be generated independently of the eMASSer CLI. Currently, a Ruby and a Typescript eMASS client API are provided. The TypeScript client is used with the Security Automation Framework CLI (SAF) CLI.

Business Logic

Because interactions with the API are handled by a dependency, the bulk of eMASSer business logic is for accepting user input/output, reading data from eMASS or from input, transforming data, and routing data to the appropriate eMASS API endpoint. This business logic is organized into Ruby Classes and Modules based on the command or subcommand requested by the user.

eMASSer CLI Architecture

The eMASSer CLI makes use of the emass_client ruby gem to communicate with an eMASS instance via the eMASS API as depicted in the diagram below:

NOTICE

Approved for Public Release; Distribution Unlimited. Case Number 18-3678.

NOTICE

MITRE hereby grants express written permission to use, reproduce, distribute, modify, and otherwise leverage this software to the extent permitted by the licensed terms provided in the LICENSE.md file included with this project.

NOTICE

This software was produced for the U. S. Government under Contract Number HHSM-500-2012-00008I, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data-General.

No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation.

For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.

Next Release Updates

Fixes to the (docs/features.md) - when viewing from the gh-pages.

The dashboard optional flags table - the problem may be that the [top] link needs an empty space after the last table entry.
Fix the dashboard entries alignment - all headers need a space after the [top] link
Align the dashboards [top] link with the dashboard group name
Remove bundle exec from help (emasser post artifacts upload help)
add --name to the artifacts upload
test the export artifacts endpoint
Add POST /api/api-key to the features documentation
user-uid is not require, need to make the variable in the .env optional. As of eMASS API specification v3.10 the use of accounts is not required to use the eMASS API
Test the artifacts export - out states that the file is exported to the temp directory - not there

Add the NOTICE file see here for content

Update the post.rb class Register
line 57: result = EmassClient::RegistrationApi.new.register_user(Emasser::POST_API_KEY_RETURN_TYPE)

Add to the `constants.rb

  POST_API_KEY_RETURN_TYPE = {
    debug_return_type: 'Object'
  }.freeze

Add to the README

Development

After checking out the repo, run bundle install (after making sure you have a compatible version of bundle installed) to install dependencies. Then, run bundle exec rake test to run all tests or bundle exec rake rubocop to run the linter.

If there are any additional components created (i.e. folders that contain gems in them somewhere), make sure to specify the top level folder in components.rb.

To install this gem onto your local machine, run bundle exec rake install.

mitre / emasser Goto Github PK

emasser's Introduction

eMASSer

About

Documentation

Installation Options

Installation Dependencies

Runtime Major Dependencies

Install via GitHub

Install via published RubyGems

Using Docker

Install

Run eMASSer API client commands

Delete (remove) the Docker Container

Roadmap

Design

Interactions with eMASS API

Business Logic

eMASSer CLI Architecture

NOTICE

NOTICE

NOTICE

emasser's People

Contributors

Stargazers

Watchers

Forkers

emasser's Issues

curl

Sample Response

Development

Fixes to the features.md

Recommend Projects

Recommend Topics

Recommend Org