Skip to content

How to recommend development of a mapper

Camden Moors edited this page Mar 16, 2022 · 3 revisions

To recommend the development of a new converted from a given cyber security tool to the Heimdall Data Format (HDF), that can be viewable in Heimdall.

  1. Create an issue, and email (saf@groups.mitre.org) citing the issue link so we can help
  2. Provide a sample output, preferably the most detailed the tool can provide, and also preferably in a machine-readable format, such as xml, json, or csv - whichever is natively available. If it is sensitive we'll work that in #3. (If it's an API only, we'll also just talk about it in #3)
  3. Let's arrange a time to take a close look at the data it provides to get an idea of all it has to offer. We'll suggest an initial mapping of the HDF core elements.
  4. Note: if the tool doesn't provide a NIST SP 800-53 reference, we've worked on mappings to other references such as CWE or OWASP Top 10. (If you're working with CVE Associations then the default NIST tags are SI-2 and RA-5)
  5. If the tool doesn't provide something for #4, or another core element such as impact, we'll help you identify a custom mapping approach.
  6. We'll help you decide how to preserve any other information (non-core elements) the tool provides to ensure that all of the original tool's intent comes through for the user when the data is viewed in Heimdall.
  7. Finally, we'll provide a final peer review and support merging your pull request.

We appreciate your contributions, and we're here to help!