2-June-2022 DC CAW
The Security Posture Attribute Collection and Evaluation (PACE) Architecture includes a Posture Collection Service (PCS), Posture Evaluation Service (PES), and Posture Attribute Repository (PAR). The PCS is an OpenC2 Consumer that collects information as directed using the Posture Attribute Collection (PAC) actuator profile, which defines the format of collection commands and responses. The PCS then stores posture information for each device in the PAR.
The PAR Schema includes:
The Posture portion of the PAR Schema is defined by the Results portion of the PAC actuator profile. The PAR Schema is translated into GraphQL Schema Definition Language (SDL) for deployment. This manual translation derives the PAR API from the PAC actuator profile.
listDevices
then items
.
You should see device information (id, manufacturer, model, serial, etc.) plus posture information
under attrs
and sboms
.In the GraphiQL pane, click the Run button to execute the query. The id
field should be
added to the query automatically, and the list of device IDs should appear in the results pane:
Check additional boxes under “items” to add them to the query, then run the query again:
filter
list, then serial
, and under gt
type “X4” and run the query.
Only devices with serial numbers that match the filter should be listed:
The Posture Collection Service uses Mutations to update the contents of the PAR.
Click “ADD NEW MUTATION”, select createDevice
,
then under input
select a kind
from the menu and type a manufacturer
name.
Select some results to display (e.g., ‘id’ and ‘createdAt`) and run the mutation:
null
for fields
that were not included in the createDevice.id
field for the new device, click “ADD NEW MUTATION”, select deleteDevice
,
paste the id into the input id
field, run the mutation, then run the listDevices
query again
to show that the newly-created device is gone.PACE Software includes a script to initialize the PAR with example Device and SBOM data. This illustrates how to operate the PAR using the GraphQL API.
Note that the PAR proof of concept has no access controls and is shared by all CAW participants. Please play nice.