Skip to main content
MITRE SAF Training
MITRE SAF Training
Classes
SAF User Class
Beginner Security Automation Developer Class
Advanced Security Automation Developer Class
Security Guidance Developer Class
InSpec Profile Development & Testing
SAF Delta Class
Resources
Class Resources
Training Lab Environments
Training Development Docs
Installation
Courses
The MITRE SAF Team
Less than 1 minute
Catalog
1. Beginner Security Automation Developer Class
2. What is an InSpec Profile?
3. Studying an InSpec Profile - NGINX Example
4. How to Get Started - InSpec Commands & Docs
5. Writing InSpec Controls
6. Inputs in InSpec
7. InSpec Control Enhancements
8. Generating InSpec Results
9. Viewing and Analyzing Results
10. Profile Dependencies and Overlays
11. From STIG to Profile
12. Put it in Practice!
13. Next Steps
1. Delta Process Developer Class
2. Delta Process Requirements
3. Delta Process CLI Tools
4. Delta Use Cases
5. Delta Logging Capabilities
6. Delta Formatting
7. Additional Technical Details and Resources
1. Developing & Testing InSpec Profiles
2. Understanding Repository Organization
3. Environment Setup Guide
4. Test your Test Environment
5. AWS Testing Suite
6. Testing with Docker Containers
7. Pull Request Strategies - Choosing Your Approach
8. Security Benchmarks vs Traditional Software
9. What Is `Done` for a Control?
10. Security Benchmark Profile Management
11. Understanding Profile Updates
12. Understanding Profile Patch Updates
13. Understanding Release Updates
14. Understanding Major Version Updates
15. Understanding Test Kitchen
16. Test Kitchen - Create
17. Test Kitchen - Converge
18. Test Kitchen - Verify
19. Test Kitchen - Destroy
20. Test Kitchen - `kitchen.yml` File
21. Test Kitchen - `kitchen.ec2.yml` File
22. Test Kitchen - `kitchen.container.yml` File
23. GitHub Actions
24. Tips, Tricks, and Troubleshooting
25. Background & Definitions
26. Terms & Definitions
1. InSpec Advanced Profile Development
2. Review the Fundamentals
3. Practice the Fundamentals
4. Exploring InSpec Resources
5. Create a Custom Resource - The Git Example
6. Create a Custom Resource - The Docker Example
7. Exercise - Develop Your Own Resources
8. CI/CD Pipelines
9. GitHub Actions
10. Building Out Our Pipeline
11. Verifying Results With The SAF CLI
12. Next Steps
Appendix A - Writing Plural Resources
Appendix B - Custom Resource Examples from InSpec
Appendix C - Adding Your Resource to InSpec
Appendix D - Example Pipeline for Validating an InSpec Profile
Appendix E - More Resource Examples
1. Security Guidance Developer Class
2. Security Guidance
3. Security Technical Implementation Guides
4. Anatomy of a STIG
5. Using Vulcan
6. Components Of a Vulcan Project
7. Editing Components
8. Check and Fix
9. Automated InSpec Testing
10. Combining Requirements
11. Peer Review
12. Exporting Your Content
13. Publishing a STIG
14. Next Steps
SAF User Class
2. The Goal of the SAF
3. What's the SAF?
4. Getting Started - Plan
5. Validation with InSpec Profiles
6. How to Run InSpec
7. Tailoring Inputs for InSpec
8. Running InSpec (NGINX Example)
9. Visualize Results - Heimdall
10. Harden
11. Comparing Results
12. Manual Attestations
13. InSpec Exercise - RedHat
14. Normalize Other Data!
15. Next Steps
Appendix A - Running InSpec In An Airgapped Environment
