Skip to main content
MITRE SAF Training
MITRE SAF Training
Classes
SAF User Class
Beginner Security Automation Developer Class
Advanced Security Automation Developer Class
Security Guidance Developer Class
InSpec Profile Development & Testing
Resources
Class Resources
Training Lab Environments
Training Development Docs
Installation
Courses
The MITRE SAF Team
Less than 1 minute
Catalog
#
1. Beginner Security Automation Developer Class
#
2. What is an InSpec Profile?
#
3. Studying an InSpec Profile - NGINX Example
#
4. How to Get Started - InSpec Commands & Docs
#
5. Writing InSpec Controls
#
6. Inputs in InSpec
#
7. InSpec Control Enhancements
#
8. Generating InSpec Results
#
9. Viewing and Analyzing Results
#
10. Profile Dependencies and Overlays
#
11. From STIG to Profile
#
12. Put it in Practice!
#
13. Next Steps
#
1. InSpec Advanced Profile Development
#
2. Review the Fundamentals
#
3. Practice the Fundamentals
#
4. Exploring InSpec Resources
#
5. Create a Custom Resource - The Git Example
#
6. Create a Custom Resource - The Docker Example
#
7. Exercise - Develop Your Own Resources
#
8. CI/CD Pipelines
#
9. GitHub Actions
#
10. Building Out Our Pipeline
#
11. Verifying Results With The SAF CLI
#
12. Next Steps
#
Appendix A - Writing Plural Resources
#
Appendix B - Custom Resource Examples from InSpec
#
Appendix C - Adding Your Resource to InSpec
#
Appendix D - Example Pipeline for Validating an InSpec Profile
#
Appendix E - More Resource Examples
#
1. Security Guidance Developer Class
#
2. Security Guidance
#
3. Security Technical Implementation Guides
#
4. Anatomy of a STIG
#
5. Using Vulcan
#
6. Components Of a Vulcan Project
#
7. Editing Components
#
8. Check and Fix
#
9. Automated InSpec Testing
#
10. Combining Requirements
#
11. Peer Review
#
12. Exporting Your Content
#
13. Publishing a STIG
#
14. Next Steps
#
Development & Testing InSpec Profile
#
Repository Organization
#
Environment Setup
#
Test your Test Environment
#
AWS Testing Suite
#
Docker Testing Suite
#
Updating - Choosing Your Approach
#
Secruity Benchmarks vs Traditional Software
#
Types of Profile Updates
#
What Is Done for a Control?
#
Rules of the Road
#
Creating a `Patch Update`
#
Creating a `Release Update`
#
Creating a `Major Version Update`
#
Test Kitchen
#
Test Kitchen - Create
#
Test Kitchen - Converge
#
Test Kitchen - Validate
#
Test Kitchen - Destroy
#
Test Kitchen - .kitchen/ directory
#
Test Kitchen - `kitchen.yml` File
#
Test Kitchen - `kitchen.ec2.yml` File
#
Test Kitchen - `kitchen.container.yml`
#
GitHub Actions
#
InSpec Delta - Laying the Ground for a Clean Release Branch
#
InSpec Delta - Making the Delta Release Branch
#
Tips, Tricks & Troubleshooting
#
Background & Definitions
#
Terms & Definitions
#
SAF User Class
#
2. The Goal of the SAF
#
3. What's the SAF?
#
4. Getting Started - Plan
#
5. Validation with InSpec Profiles
#
6. How to Run InSpec
#
7. Tailoring Inputs for InSpec
#
8. Running InSpec (NGINX Example)
#
9. Visualize Results - Heimdall
#
10. Harden
#
11. Comparing Results
#
12. Manual Attestations
#
13. InSpec Exercise - RedHat
#
14. Normalize Other Data!
#
15. Next Steps
#
Appendix A - Running InSpec In An Airgapped Environment
