Skip to content

Commit

Permalink
Merge pull request #110 from CamrynCarter/stig-intro
Browse files Browse the repository at this point in the history 
STIGATRON intro update
  • Loading branch information
@CamrynCarter
CamrynCarter authored Oct 31, 2024
2 parents 94a319e + f82d1e6 commit 5fe59ee
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 21 deletions.
6 changes: 3 additions & 3 deletions docs/stigatron-docs/create-scan.md
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# Creating STIGATRON Scans

1. After installing STIGATRON on your downstream cluster, when you navigate to that downstream cluster, you should see STIGATRON on the left navigation menu. Click there.
1. After installing STIGATRON on your downstream cluster, when you navigate to that downstream cluster, you should see `STIGATRON` on the left navigation menu. Click there.

![STIGATRON Menu Selection](/img/stigatron/stigatron-menu.png)

2. To trigger a scan, click Create in the upper left, create a name, select a profile, and click Create
2. To trigger a scan, click `Create` in the upper left, enter a name, select a profile, and click `Create`.

![Create A Scan](/img/stigatron/create-scan.png)

3. After the scan runs (should only take a few minutes at most), click the 3-dot menu next to the scan and go to Open Visualizer. This will give you insight into the current state of your cluster in relation to the RKE2 STIG.
3. After the scan runs (should only take a few minutes at most), click the 3-dot menu next to the scan and go to `Open Visualizer`. This will give you insight into the current state of your cluster in relation to the RKE2 STIG.

![Open Visualizer](/img/stigatron/open-visualizer.png)

Expand Down
4 changes: 2 additions & 2 deletions docs/stigatron-docs/installation.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@

### Enabling UI Extensions

On the `local` cluster running Rancher MCM, you'll need to first enable Extensions.
On the `local` cluster running Rancher, you'll need to first enable Extensions.

1. Log into the Rancher MCM as an administrator.
1. Log into Rancher as an administrator.
2. Click the menu in the upper-left of the main dashboard and click the `Extensions` link near the bottom.
3. Click the `Enable` button on the Extensions screen.
4. Click `Ok`, when prompted to Enable Extension Support.
Expand Down
24 changes: 12 additions & 12 deletions docs/stigatron-docs/introduction.md
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
# Introduction

This page will walk through Installation and Usage of the STIGATRON component of Rancher Government Carbide.
This section will walk through installation and usage of the STIGATRON component of Rancher Government Carbide.

## IOC Expectations
## What is STIGATRON?

As our product is still at Initial Operation Capability (IOC), there are some expectations to level-set:
Our Federal/Government-driven Kubernetes Distribution, RKE2, is the first Kubernetes distribution outside of the upstream project to obtain full DISA STIG Certification.

- Installation and packaging is still in progress and improving.
STIGATRON was developed to alleviate the pain points of traditional management and maintenance of assessing system compliance, with features including:

If you see issues and areas for improvement, please submit Github issues [here](https://github.com/rancherfederal/carbide-charts/issues).
1. STIGATRON provides the ability to perform a real-time scan against all downstream clusters being managed by Rancher.
2. These scans will provide a mapping of the current state of the cluster against the controls with the RKE2 DISA STIG.
3. Users can visualize the results of these scans from the Rancher UI by accessing the MITRE Heimdall2 interface. This provides current compliance status, tree maps mapping to NIST 800-53 controls, and a detailed breakdown of each check performed, including the commands executed, the output of those commands, and what steps can be performed to mitigate any failures.
4. Users can also export the scan results into the common formats required by Cyber Systems within the federal space. This includes `XCCDF` and `results.json`.

## What is this?
## IOC Expectations

With our Federal/Government driven Kubernetes Distribution RKE2, we worked dilligently to provide the first Kubernetes distribution outside of the upstream project to obtain full DISA STIG Certification.
As our product is still at Initial Operation Capability (IOC), there are some expectations to level-set:

While having the STIG provides immense benefits to our customers, we also wanted to improve the UX around working with that STIG. That is why we developed STIGATRON. STIGATRON will give our users capabilities that alleviate a lot of the pain points that go with traditional management of maintaining and assessing compliance of your systems:
- Installation and packaging is still in progress and improving.

1. STIGATRON provides the ability to perform a real-time scan against all downstream clusters being managed by the Rancher Multi-cluster Manager.
2. These scans will provide a mapping of the current state of the cluster against the controls with the RKE2 DISA STIG.
3. Users can visualize the results of these scans from the Rancher UI by access the MITRE Heimdall2 interface. This provides current compliance status, tree maps mapping to NIST 800-53 controls, and a detailed breakdown of each check performed, including the commands executed, the output of those commands, and what steps can be performed to mitigate any failures.
4. Users can also export the scan results into the common formats required by Cyber Systems within the federal space. This includes `XCCDF` and `results.json`.
If you see issues and areas for improvement, please submit Github issues [here](https://github.com/rancherfederal/carbide-charts/issues).
9 changes: 5 additions & 4 deletions docs/stigatron-docs/uninstall.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## Local Cluster

On the `local` cluster running Rancher MCM, run the following Helm command to remove the UI Extension.
On the `local` cluster running Rancher, run the following Helm command to remove the UI Extension.

```bash
helm uninstall -n carbide-stigatron-system stigatron-ui
Expand All @@ -20,14 +20,15 @@ helm uninstall -n carbide-stigatron-system stigatron

If you want to uninstall CIS Benchmark, after uninstall STIGATRON, perform the following:

1. Log into the Rancher MCM.
1. Log into Rancher.
2. In the UI, navigate to each downstream cluster in the Cluster Explorer.
3. On the left menu, select `Apps`, then select `Installed Apps`.
4. Find the app named `rancher-cis-benchmark`, select the 3-dot menu on the right, and select `Delete`. (IMPORTANT: Delete this before the CRD application)
5. Find the app named `rancher-cis-benchmark-crd`, select the 3-dot menu on the right, and select `Delete`.

## Disable UI Extensions (Optional)

If you want to disable UI Extensions, after uninstall STIGATRON UI, perform the following:
If you want to [disable all UI Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions#uninstalling-extensions) after uninstalling the STIGATRON UI extension, perform the following:

### TODO: List
1. On the extensions management page in Rancher, click the 3-dot menu.
2. Select `Disable Extension Support`.

0 comments on commit 5fe59ee

Please sign in to comment.