```
#                 COPYRIGHT & LICENSE TERMS NOTICE
# =============================================================================
# All following code and content is © 2024 Ross Blair,
# and falls under the licensing terms of Ross Blair's
# derivative of the Business Source License \(BSL\).
# The precise license and warranty terms of the BSL can be found in the file 
# `LICENSE.BSL.md`, which should have been distributed
# along with this code file.  All other use of original-work code and content
# falling outside of this BSL license is prohibited.
# =============================================================================
```

# The DRSF Workbench

<!-- TODO: Content within this section remains a work in progress. -->

## What the Workbench Is

The DRSF Workbench is a Jupyter notebook file containing a collection of documentation and code within its notebook cells.

<div class="alert alert-block alert-info">
<b>Tip:</b> If you're not familiar with how to work with Jupyter notebook files, and the broader Jupyter ecosystem of tools, please refer to the <a href="https://docs.jupyter.org/en/latest/">Jupyter Project's docs</a> for further information.</div>

## What the Workbench Does

The workbench is designed to allow you to create, edit, and publish their Detection & Response Strategic Framework \(DRSF\) documentation on your local machine.  The documentation cells below will walk you through every step needed to:
1. Create a DRSF from scratch.
2. Create DRSF entries.
3. Execute certain edits to DRSF entries in a semi-automatic process.
4. Publish the DRSF to one or more formats.

While the steps above will be documented in a logical order, note that you can make use of these documentation and code cells in a different order.  For example, you may wish to make edits to multiple DRSF entries that already exist in an existing DRSF, in which case you'd skip to the relevant documentation/code cell.



# Programmatically Instantiating the DRSF 

<!-- TODO: Content within this section remains a work in progress. -->

<div class="alert alert-block alert-warning">
<b>IMPORTANT:</b> You should read the following section in detail and configure and run its corresponding code cells below before performing any other operations using this Jupyter notebook.  No matter which operations you're using the DRSF Workbench for, proper instantiation of the codebase is always necessary.</div>

The following three code cell sets important file path variable constants and execute the proper instantiation of the `DRSFDocProcessor` object.  It's this "processor's" functions that will coordinate the documentation actions and calculations of the DRSF.

Let's get into the details of these constants, since you do need to understand them to ensure proper use of the DRSF Workbench.

The first set of file path variables **definitely need to be changed by the user**, since they will be different from one DRSF build to another.  These file path variables are:
* `DRSF_SOURCE_DOCS_DEV_DIR`: The directory which holds all the DRSF source document documentation that the DRSF, and the DRSF Jupyter book, is built from.  When you're creating new DRSF entries, or editing existing DRSF entries, you'll be working within this directory.  Note: if you're working collaboratively with a team when building your DRSF, your Git pull will already have this directory present and full of documentation.
* `DRSF_SOURCE_DOCS_STAGING_DIR`: The staging directory to view the outputs of the DRSF codebase's changes to the original source documentation of the DEV directory explained just above.  By running the calculations of the DRSF and writing those results back into the STAGING directory, we can troubleshoot DRSF code or source doc formatting issues while preserving the integrity of our original draft documents in the DEV directory.
* `DRSF_SOURCE_DOCS_BUILD_DIR`: The directory containing the final draft of your latest DRSF work.  Note that this directory can contain everything from the myst-markdown source documents to the html site files, to PDF copies of the DRSF documentation.  Use this directory as a "latest good draft" while you're working the DEV and STAGING directories.

The second set of file path variables **should NOT be changed by the typical end user** of this notebook file, unless they are involved in active  development of the DRSF core codebase.  These file path variables are:
* `DRSF_BASE_CONFIG_MAPPINGS`: The relative path of the json file containing all base configurations for the DRSF.  This file's contents contain critically important configurations and mappings that ensure the proper instantiation and operation of the DRSF and all its respective entries.  You'll see `drsf_base_config_mappings` passed as a parameter to several DRSF objects and many helper functions.
* `DRSF_SOURCE_DOC_TEMPLATES_DIR`: The relative file path of the directory containing template markdown files for building DRSF entries.  Each type of DRSF entry will have its own template file. The DRSF code uses these template files to build a DRSF entry's source document, which in turn is used to instantiate a DRSF entry object.


In [1]:
### TO BE MANUALLY CONFIGURED ###

# Constants to be changed by the end user for their own DRSF build.
# Specify where the various Jupyter Book source document files
# are located, and where processed source doc files are to be written
# to.
DRSF_SOURCE_DOCS_DEV_DIR = "./DRSF_Source_Docs_DEV"
DRSF_SOURCE_DOCS_STAGING_DIR = "./DRSF_Source_Docs_STAGING"
DRSF_SOURCE_DOCS_BUILD_DIR = "./DRSF_Source_Docs_BUILD"

### TO BE MANUALLY CONFIGURED ###

In [2]:
### DO NOT MANUALLY CONFIGURE ###

# Constants that should only be changed by active developers.
DRSF_BASE_CONFIG_MAPPINGS = "./00-drsf_base_config_mappings.json"
DRSF_SOURCE_DOCS_TEMPLATE_DIR = "./00-drsf_source_docs_template_dir"
DRSF_ENTRY_TEMPLATES_DIR = "./00-drsf_entry_markdown_templates"

### DO NOT MANUALLY CONFIGURE ###

In [None]:
### DO NOT MANUALLY CONFIGURE ###

# Execute the pip package-management-program to perform
# an "editable installation" of the core DRSF codebase.
# This is necessary for the successful imports of the
# drsf module in the rest of this notebook's code cells.
%pip install -e ../../../drsf

### DO NOT MANUALLY CONFIGURE ###

# Creating a DRSF from Scratch

<!-- TODO: Content within this section remains a work in progress. -->

<div class="alert alert-block alert-warning">
<b>IMPORTANT:</b> The code cells of this section should only be run when you wish to completely wipe the directories of all existing DRSF content and "start from scratch" with your DRSF content.  This content would include all your entries and the contents of any existing DRSF Jupyter Book contained with the DEV, STAGING, and BUILD directories you specified earlier in the instantiation section.  Proceed with caution here!</div>

The following code is designed to wipe any exisitng slate of work clean, and instantiate a new template DRSF within the specified DEV directory.

In [4]:
### WARNING: READ DOC CELL ABOVE BEFORE EXECUTING ###

### DO NOT MANUALLY CONFIGURE ###

# Import statments of DRSF codebase.
from drsf import drsf_doc_processor

# Instantiation of the DRSFDocProcessor object.
doc_processor = drsf_doc_processor.DRSFDocProcessor(DRSF_BASE_CONFIG_MAPPINGS, DRSF_SOURCE_DOCS_TEMPLATE_DIR, DRSF_ENTRY_TEMPLATES_DIR, DRSF_SOURCE_DOCS_DEV_DIR, DRSF_SOURCE_DOCS_STAGING_DIR, DRSF_SOURCE_DOCS_BUILD_DIR)

# Wipe all DRSF document directories.
# Rebuild DEV directory from a template directory.
### WARNING: READ DOC CELL ABOVE BEFORE EXECUTING ###
doc_processor.wipe_source_doc_dirs_and_build_from_scratch()

### DO NOT MANUALLY CONFIGURE ###

# Building New DRSF Entries

<!-- TODO: Content within this section remains a work in progress. -->

To ensure proper naming, ID generation, and myst-markdown document formatting for new DRSF entries, you should always use the DRSF codebase to create a new entry from a entry template.  This can be done with the`DRSFDocProcessor` object's `create_new_drsf_entry()` method.


In [5]:
### DO NOT MANUALLY CONFIGURE ###

# Code for the instantiation of the DRSFDocProcessor object.

# Import statments of DRSF codebase.
from drsf import drsf_doc_processor

# Instantiation of the DRSFDocProcessor object.
doc_processor = drsf_doc_processor.DRSFDocProcessor(DRSF_BASE_CONFIG_MAPPINGS, DRSF_SOURCE_DOCS_TEMPLATE_DIR, DRSF_ENTRY_TEMPLATES_DIR, DRSF_SOURCE_DOCS_DEV_DIR, DRSF_SOURCE_DOCS_STAGING_DIR, DRSF_SOURCE_DOCS_BUILD_DIR)

### DO NOT MANUALLY CONFIGURE ###

In [11]:
### MANUAL CONFIGURATION CODE COMMENTED ###
###   OUT FOR DEMONSTRATION PURPOSES    ###

# BUILDING NEW DRSF ENTRIES

# Enter the title and entry type of the new DRSF entry here.
# new_entry_title = ""
# new_entry_type = ""

# Then have the DRSF codebase cross-reference the title for any conflicts,
# generate a new unique ID, and create the entry's documentation draft from
# a template.
# new_entry = doc_processor.create_new_drsf_entry(new_entry_type, new_entry_title)
# print(new_entry.id)

### MANUAL CONFIGURATION CODE COMMENTED ###
###   OUT FOR DEMONSTRATION PURPOSES    ###

In [6]:
### DO NOT MANUALLY CONFIGURE ###
### DEMONSTRATION CODE BLOCK  ###

# DEMO CODE WITH MULTIPLE ENTRIES CREATED
test_atk_entry_01 = doc_processor.create_new_drsf_entry("attack", "Drive-By Download")
test_threat_entry_01 = doc_processor.create_new_drsf_entry("threat", "Malware On Laptop")
test_atk_entry_02 = doc_processor.create_new_drsf_entry("attack", "AWS Credential Exfil")
test_ae_entry_01 = doc_processor.create_new_drsf_entry("adverse_event", "Manufacturing AWS Compromised")

### DO NOT MANUALLY CONFIGURE ###
### DEMONSTRATION CODE BLOCK  ###

# Editing DRSF Entries

<!-- TODO: Content within this section remains a work in progress. -->

It is up to you whether you'd like to edit DRSF entries manually within each entry's myst-markdown document, or programatically via the `DRSFDocProcessor` object's `edit_existing_entry_foundational_build_field()` function.

Note that currently the DRSF Workbench only provides automation for certain edits to a DRSF entry's "foundational build fields", such as creating associations between one or more DRSF entries.

The code cell below presents some functions to you for programmatically editing DRSF entries.  Here you should feel free to insert some additional code cells of your own if you wish to further automate entry editing.

In [7]:
### DO NOT MANUALLY CONFIGURE ###

# Code for the instantiation of the DRSFDocProcessor object.

# Import statments of DRSF codebase.
from drsf import drsf_doc_processor

# Instantiation of the DRSFDocProcessor object.
doc_processor = drsf_doc_processor.DRSFDocProcessor(DRSF_BASE_CONFIG_MAPPINGS, DRSF_SOURCE_DOCS_TEMPLATE_DIR, DRSF_ENTRY_TEMPLATES_DIR, DRSF_SOURCE_DOCS_DEV_DIR, DRSF_SOURCE_DOCS_STAGING_DIR, DRSF_SOURCE_DOCS_BUILD_DIR)

### DO NOT MANUALLY CONFIGURE ###

In [14]:
### MANUAL CONFIGURATION CODE COMMENTED ###
###   OUT FOR DEMONSTRATION PURPOSES    ###

# EDITING EXISTING DRSF ENTRIES

# Enter the id of the entry you'd like to edit here.
# entry_to_edit_id = ""

# Then enter the name of the "foundational build field" that you'd
# like to edit, and the new value for that field.  Note that this
# value could be a string, or a list of strings.  Which you choose
# depends on the field that you're editing.
# field_to_edit = ""
# new_field_value = "" # or []

# Have the DRSF codebase edit this field and insert the new value.
# edited_entry = doc_processor.edit_existing_entry_foundational_build_field(entry_to_edit_id, field_to_edit, new_field_value)

### MANUAL CONFIGURATION CODE COMMENTED ###
###   OUT FOR DEMONSTRATION PURPOSES    ###

In [8]:
### DO NOT MANUALLY CONFIGURE ###
### DEMONSTRATION CODE BLOCK  ###

# DEMO CODE WITH MULTIPLE ENTRIES EDITED
test_ae_entry_01 = doc_processor.edit_existing_entry_foundational_build_field(test_ae_entry_01.id, "preceeding_attacks", [test_atk_entry_02.id])
test_atk_entry_02 = doc_processor.edit_existing_entry_foundational_build_field(test_atk_entry_02.id, "preceeding_threats", [test_threat_entry_01.id])
test_threat_entry_01 = doc_processor.edit_existing_entry_foundational_build_field(test_threat_entry_01.id, "preceeding_attacks", [test_atk_entry_01.id])

### DO NOT MANUALLY CONFIGURE ###
### DEMONSTRATION CODE BLOCK  ###

# Exploring Your DRSF for Insights

<!-- TODO: Content within this section remains a work in progress. -->

Being able to programmatically ennummerate and analyze every entry in the framework, as well as the relationships between entries, is a critically important and powerful capability of the DRSF.

The following code cell instantiates a DRSF object from your DRSF source docs.  This object's methods allow you to explore your DRSF's entry database and mastergraph data structures.

You're welcome and encouraged to add additional code cells in this section which automate and document the exploration of your DRSF's data structures.

In [9]:
### DO NOT MANUALLY CONFIGURE ###

# Import statments of DRSF codebase.
from drsf import drsf_doc_processor

# Instantiation of the DRSFDocProcessor object.
doc_processor = drsf_doc_processor.DRSFDocProcessor(DRSF_BASE_CONFIG_MAPPINGS, DRSF_SOURCE_DOCS_TEMPLATE_DIR, DRSF_ENTRY_TEMPLATES_DIR, DRSF_SOURCE_DOCS_DEV_DIR, DRSF_SOURCE_DOCS_STAGING_DIR, DRSF_SOURCE_DOCS_BUILD_DIR)

# Instantiating the DRSF code object.
drsf_obj = doc_processor.instantiate_drsf_obj_from_source_doc_dir(doc_processor.SOURCE_DOCS_DEV_DIR)

### DO NOT MANUALLY CONFIGURE ###

# Publishing Your DRSF Documentation

<!-- TODO: Content within this section remains a work in progress. -->

Once you believe that you have properly created and organized all your DRSF content - from the general content of your DRSF Jupyter Book through all your DRSF's entries - it's time to start publishing this content for the benefit of your teams.

There are several stages to the publication process.



## Deploying DRSF Source Content from Dev to Staging

<!-- TODO: Content within this section remains a work in progress. -->

The first step in the publication process is to deploy the DRSF source content in your DEV \(`DRSF_SOURCE_DOCS_DEV_DIR`\) directory to your STAGING \(`DRSF_SOURCE_DOCS_STAGING_DIR`\) directory.  This kicks off a complicated chain of actions in the DRSF codebase.  The following is a general summary of what happens.
1. All DRSF entry source document files are parsed, and a list of `DRSF_Entry` objects is created.
2. That list of entries is then used to instantiate a `DRSF` object.
3. The DRSF's database is created from the list of DRSF entries, and entry associations \(e.g. populating a threat's "proceeding attacks"\) are processed.
4. The DRSF's master graph is then built from the DRSF database.  Further DRSF metrics may be calculated at this time, and written back into the database.
5. Once the `DRSF` object's database and graph have run through all their operations, the resulting DRSF entry associations and calculated metrics are then written back into the DRSF entry source documents in the STAGING directory.  This stage involves in-line changes to those myst-markdown documents, as well as a few other complicated operations.

At this point, you may be asking yourself an important question...  **Why even have a staging directory?  Why not simply validate the DRSF documents in the dev directory, and then just build the Jupyter book right there?**

The first reason is that we need to edit DRSF documents in-line before a Jupyter book is built from them.  For example, when you created a new DRSF entry document from a template file, you may have noticed a section that said "Automated Documentation Section".  These sections are automatically edited by the DRSF codebase for a variety of reasons.  Just one example is the automatic insertion of links to related DRSF entries: such as "Preceeding Attacks", "Associated Detection Signatures", etc.  When we're creating our new DRSF entries and building them up, we want to make it clear to the contributor that those sections should not be manually edited.

The second reason is that when the DRSF documents are pushed to staging, the DRSF codebase completely removes the Foundational Build Syntax section from each entry's myst-markdown document.  While this section is critically important when building our DRSF and its documentation, it is not useful for the SOC Analyst or executive who's reading the final  DRSF Jupyter Book published product.

With all these in-line changes to these STAGING source documents, we want to keep the two collections of source documents completely separate.  If we were also making changes to the drsf codebase itself - changing how the dev source documents were edited - then changing source documents in a separate staging directory instead of the original dev directory would be critically important. 

In [10]:
### DO NOT MANUALLY CONFIGURE ###

# Import statments of DRSF codebase.
from drsf import drsf_doc_processor

# Instantiation of the DRSFDocProcessor object.
doc_processor = drsf_doc_processor.DRSFDocProcessor(DRSF_BASE_CONFIG_MAPPINGS, DRSF_SOURCE_DOCS_TEMPLATE_DIR, DRSF_ENTRY_TEMPLATES_DIR, DRSF_SOURCE_DOCS_DEV_DIR, DRSF_SOURCE_DOCS_STAGING_DIR, DRSF_SOURCE_DOCS_BUILD_DIR)

# Instantiating the DRSF code object.
drsf_obj = doc_processor.instantiate_drsf_obj_from_source_doc_dir(doc_processor.SOURCE_DOCS_DEV_DIR)

# DEPLOY DRSF SOURCE DOCS TO STAGING DIRECTORY
doc_processor.deploy_dev_source_docs_to_staging_dir()

### DO NOT MANUALLY CONFIGURE ###

## Deploying DRSF Source Content from Staging to Build

<!-- TODO: Content within this section remains a work in progress. -->

With the DRSF source content in the staging \(`DRSF_SOURCE_DOCS_STAGING_DIR`\) directory validated, you can now finally deploy it to the build directory \(`DRSF_SOURCE_DOCS_BUILD_DIR`\).

The build directory will be where you invoke the Jupyter Book program from the CLI, and process your DRSF source content into a clean published format.

In [11]:
### DO NOT MANUALLY CONFIGURE ###

# Import statments of DRSF codebase.
from drsf import drsf_doc_processor

# Instantiation of the DRSFDocProcessor object.
doc_processor = drsf_doc_processor.DRSFDocProcessor(DRSF_BASE_CONFIG_MAPPINGS, DRSF_SOURCE_DOCS_TEMPLATE_DIR, DRSF_ENTRY_TEMPLATES_DIR, DRSF_SOURCE_DOCS_DEV_DIR, DRSF_SOURCE_DOCS_STAGING_DIR, DRSF_SOURCE_DOCS_BUILD_DIR)

# DEPLOY STAGING DOCS TO BUILD DIRECTORY
book_url = doc_processor.deploy_staging_source_docs_to_build_dir()

### DO NOT MANUALLY CONFIGURE ###

## Publishing DRSF Source Content Using Jupyter Book

<!-- TODO: Content within this section remains a work in progress. -->

With the source doc build directory \(`DRSF_SOURCE_DOCS_BUILD_DIR`\) successfully created, you're now ready to use the Jupyter Book program to process that DRSF source content into an intuitive published format.

At the current time, harnessing Jupyter Book's capabilities must be done manually through invoking its CLI utility.

The `jupyter-book` CLI utility allows you to publish your source content into several formats.  For now, the DRSF Workbench is focused on exporting DRSF documentation to html files that can facilitate a static website.

### Publishing Your DRSF Source Documentation to HTML

1. Open your CLI and navigate to the build directory you specified with the constant variable `DRSF_SOURCE_DOCS_BUILD_DIR`.
2. From the build directory, run this command on your CLI: `jupyter-book build --all ./`.
3. The Jupyter Book CLI utility will display a lot of output to your terminal.  Review that output for any errors in the publishing process.
4. Assuming that the build process has executed without any errors, the program should present you will a local filesystem link for viewing the html files in your local machine's browser.
