Skip to content
/ hdf2asff Public

Tool for converting Heimdall Data Format -> Amazon Security Findings Format.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mitre/hdf2asff

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
src
src
 
 
.gitignore
.gitignore
 
 
.prettierrc
.prettierrc
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
setup.ps1
setup.ps1
 
 

Repository files navigation

hdf2ASFF

This tool converts and uploads Heimdall Data Format (HDF) into Amazon Security Findings Format (ASFF).

How to Install:

Windows/Linux/MacOS:

  1. Clone the repository: git clone https://github.com/mitre/hdf2asff
  2. Install dependencies: npm install
  3. Build the app: npm run build

Windows:

  1. Download and extract the most recent version from here.
  2. Lower your PowerShell Execution Policy with Set-Executionpolicy Unrestricted (Press Win+X and choose Open PowerShell as Administrator)
  3. Open setup.ps1
    • If you encounter an error running this script try running Unblock-File -Path C:\path\to\setup.ps1 in PowerShell
  4. Follow the on-screen steps to install NodeJS and build the app
  5. Restore PowerShell Execution policy with Set-ExecutionPolicy Default

How to Use:

  1. Open CMD/Powershell/Terminal and enter the directory of hdf2ASFF
    • Windows Shortcut: Shift + Right Click inside folder
    • Mac Shortcut: Right-Click hdf2ASFF folder from parent directory -> Services -> New Terminal at Folder
  2. Start the program with npm start -- . For example:

    • To convert and upload controls using credentials setup in the AWS CLI:

      • npm start -- --input <path/to/input.json> --aws-account-id <AWS Account ID> --region <Security Hub Region> --target <Target Name> --upload

Tips

  • If control information is cut off, it can be found inside of 'Finding Provider Fields' or by opening the JSON of the finding by clicking the ID.
  • Holding your mouse over a Finding Provider Field will show it with newlines and propper formatting for some browsers.
  • Use "Workflow Status" to mark findings as New/Notified/Suppressed/Resolved.
  • Uploading a results set with the same tests and same target (-t) will update findings across time.

Usage

Usage:
  -V, --version                     output the version number
  -i, --input <infile>              Input HDF/InSpec JSON
  -a, --aws-account-id <accountid>  AWS Account ID
  -r, --region <region>             AWS Account Region
  -t, --target <target>             Name of targeted host (re-use target to preserve findings across time)
  -o, --output <outfile>            Output ASFF Findings JSON
  -u, --upload                      Automattically upload findings to Security Hub (AWS CLI must be configured)
  -h, --help                        display help for command

About

Tool for converting Heimdall Data Format -> Amazon Security Findings Format.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages