Merge pull request #1 from mfosterrox/main

updates for 4.5

.vscode/settings.json

@@ -6,5 +6,6 @@
     ],
     "settings": {
         "asciidoc.antora.enableAntoraSupport": true
-    }
+    },
+    "asciidoc.antora.enableAntoraSupport": true
 }

content/modules/ROOT/nav.adoc

@@ -2,7 +2,7 @@
 * xref:01-visibility-and-navigation.adoc[1. Visibility & Navigation]
 * xref:02-vulnerability-management-lab.adoc[2. Vulnerability Management]
 * xref:03-risk-profiling.adoc[3. Risk profiling]
-* xref:04-policy-management.adoc[4.Policy Management]
+* xref:04-policy-management.adoc[4. Policy Management]
 * xref:05-cicd-and-automation.adoc[5. CI/CD Automation and Integration]
 * xref:06-compliance.adoc[6. Compliance]
 * xref:07-notifications.adoc[7. Notifications and Alerting]
@@ -11,7 +11,6 @@
 * xref:10-installation.adoc[10. Installation]
 
 * xref:misc-log-4-shell-lab.adoc[Black Hat - log4shell Example]
-// * xref:misc-reverse-shell.adoc[Black Hat - reverse shell runtime Example]
 * xref:misc-hacking-linux.adoc[Black Hat - CTF - hack a web application]
 * xref:partner-paladin.adoc[Partner - Paladin Cloud & RHACS Integration]
 

content/modules/ROOT/pages/00-setup-install-navigation.adoc

@@ -76,17 +76,13 @@ image::01-rhacs-login.png[RHACS console]
 
 image::01-rhacs-console-dashboard.png[RHACS console]
 
-====
-Congrats! Half way there.
-====
-
 === OpenShift admin access verification
 
 OpenShift admin access verification involves ensuring that users have the appropriate permissions and roles assigned to them for managing the OpenShift cluster. This can be done by checking the user roles and bindings within the cluster. You'll be verifying your permissions using the oc command-line tool.
 
 There are *TWO clusters* we need to verify access too.
 
-==== Verify access to the EKS cluster
+*Verify access to the EKS cluster*
 
 [source,sh,subs="attributes",role=execute]
 ----
@@ -121,7 +117,7 @@ ip-<IP_ADDRESS>.us-east-2.compute.internal   Ready    <none>   163m   v1.28.8-ek
 
 IMPORTANT: We should not have access with the *oc* command as it is an OpenShift command but you can see the EKS nodes and their information.
 
-==== Verify access to the OpenShift cluster
+*Verify access to the OpenShift cluster*
 
 Next, let's switch to the OpenShift cluster running and do our work (for now) in the OpenShift cluster
 
@@ -168,7 +164,7 @@ NAME                                        STATUS   ROLES                  AGE
 
 You will now see the OCP role using the *oc* command, as we are currently working on the OpenShift cluster
 
-IMPORTANT: We will be working with the OpenShift cluster in all modules unless otherwise specified. 
+NOTE: We will be working with the OpenShift cluster in all modules unless otherwise specified. 
 
 === roxctl CLI verification 
 
@@ -224,7 +220,7 @@ Access:
 	rw WorkflowAdministration
 ----
 
-NOTE: This output is showing that you have unrestricted access to the RHACS product. these permissions can be seen in the RHACS Access Control tab that we will review later.
+NOTE: This output is showing that you have unrestricted access to the RHACS product. these permissions can be seen in the **RHACS Access Control** tab that we will review later.
 
 image::01-rhacs-access-control.png[RHACS access control]
 
@@ -238,7 +234,7 @@ You now have access to the core apps. Next, you'll deploy insecure apps into the
 
 === Build a container image
 
-In this section, we will download the "Java app," give it a new tag, and push the image to Quay. Later, we'll deploy the image to the OpenShift Cluster and use it in future modules.
+In this section, we will download the "*Java app*" give it a new tag, and push the image to Quay. Later, we'll deploy the image to the OpenShift Cluster and use it in future modules.
 
 Let's export a few variables to make things easier. These variables will stay in the .bashrc file so they're saved in case you need to refresh the terminal.
 
@@ -247,6 +243,7 @@ TIP: With the variables saved in the ~/.bashrc file you will not have to declare
 [source,sh,subs="attributes",role=execute]
 ----
 echo export QUAY_USER={quay_admin_username} >> ~/.bashrc
+QUAY_USER={quay_admin_username}
 ----
 
 [start=2]
@@ -256,6 +253,7 @@ echo export QUAY_USER={quay_admin_username} >> ~/.bashrc
 [source,sh,subs="attributes",role=execute]
 ----
 echo export QUAY_URL=$(oc -n quay-enterprise get route quay-quay -o jsonpath='{.spec.host}') >> ~/.bashrc
+QUAY_URL=$(oc -n quay-enterprise get route quay-quay -o jsonpath='{.spec.host}')
 ----
 
 IMPORTANT: Verify that the variables are correct
@@ -436,12 +434,12 @@ In this tab you can add/remove users and update permissions, alter the privacy o
 image::quay-settings.png[link=self, window=blank, width=100%]
 
 [start=6]
-. Make your repository public before deploying our application in the next step by clicking the *Make Public* button under `Repository Visability`
-
-IMPORTANT: Make sure to make the repository public. Otherwise we will not be able to deploy the application in the next step.
+. Make your repository public before deploying our application in the next step by clicking the *Make Public* button under `Repository Visibility`
 
 image::quay-make-public.png[link=self, window=blank, width=100%]
 
+IMPORTANT: Make sure to make the repository public. Otherwise we will not be able to deploy the application in the next step.
+
 [start=7]
 . Click OK
 
@@ -486,7 +484,7 @@ Congratulations, you now know how to examine images in your registry for potenti
 
 == Deploy the workshop applications
 
-n the final part of this module, you'll deploy several insecure applications to the OpenShift cluster. You'll scan a few of these containers using the *roxctl* CLI to understand what you're deploying and what to expect when you dive into RHACS.
+In the final part of this module, you'll deploy several insecure applications to the OpenShift cluster. You'll scan a few of these containers using the *roxctl* CLI to understand what you're deploying and what to expect when you dive into RHACS.
 
 IMPORTANT: Make sure the variables are set before running the following commands. If not, go back to the Quay section to redo the previous commands.
 
@@ -598,16 +596,41 @@ image::https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExNnJoNHE2MXhocm52ZzFmeHVy
 
 Run roxctl against a few of your favorite container images. Try pulling from link:https://hub.docker.com/[docker hub] or link:https://quay.io/[quay.io]. Try modifying the command below to include your image of choice.
 
+For example:
+
+[.console-output]
+[source,bash,subs="+macros,+attributes"]
+----
+[lab-user@bastion ~]$ MYIMAGE=docker.io/ubuntu             
+[lab-user@bastion ~]$ roxctl --insecure-skip-tls-verify -e "$ROX_CENTRAL_ADDRESS:443" image scan --image=$MYIMAGE --force -o table --severity=CRITICAL
+----
+
+[.console-output]
+[source,bash,subs="+macros,+attributes"]
+----
+Scan results for image: docker.io/ubuntu
+(TOTAL-COMPONENTS: 0, TOTAL-VULNERABILITIES: 0, LOW: 0, MODERATE: 0, IMPORTANT: 0, CRITICAL: 0)
+
++-----------+---------+-----+----------+------+---------------+
+| COMPONENT | VERSION | CVE | SEVERITY | LINK | FIXED VERSION |
++-----------+---------+-----+----------+------+---------------+
++-----------+---------+-----+----------+------+---------------+
+----
+Showing that the latest version of Ubuntu from Docker.io has 0 critical vulnerabilities.
+
+*Your turn*
+
 [source,sh,subs="attributes",role=execute]
 ----
-roxctl --insecure-skip-tls-verify -e "$ROX_CENTRAL_ADDRESS:443" image scan --image=$QUAY_URL/$QUAY_USER/ctf-web-to-system:1.0 --force -o table --severity=CRITICAL
+MYIMAGE=<Add the registry URL here>
+roxctl --insecure-skip-tls-verify -e "$ROX_CENTRAL_ADDRESS:443" image scan $MYIMAGE --force -o table --severity=CRITICAL
 ----
 
 == Summary
 
 image::https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExbnY0NDA0ZnJqNXh6cGNqeHNxZGd5Zm5qMnlpOHhrbm1hY2pwcG5ydSZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/p18ohAgD3H60LSoI1C/giphy.gif[link=self, window=blank, width=100%, class="center"]
 
-Beautiful!
+*Beautiful!*
 
 In this module, you got access to all of the lab UI's and interfaces including the Showroom lab enviroment (Where you are reading this sentence). You downloaded and deployed some very insecure applications and setup the lab full of examples to dive into. 
 

content/modules/ROOT/pages/01-visibility-and-navigation.adoc

@@ -133,22 +133,23 @@ As you can see, the content is only relevant to the violations tab, but the sear
 
 === 2. Navigation menu
 
-image::01-acs-nav-01.png[link=self, window=blank, width=100%, Navigation Menu]
+image::acs-nav-01.png[link=self, window=blank, width=100%, Navigation Menu]
 
 The left-hand navigation menu provides access to each of the security use cases, as well as product configuration to integrate RHACS with your existing tooling. The navigation menu has the following items:
 
 - *Dashboard:* Summary view of your environment
-- *Network Graph:* Configured and actual network flows and the creation of Network Policies to implement network segmentation
-- *Violations:* Events that do not match the defined security policies
-- *Compliance:* Our new compliance dashboard (Next gen compliance) update is in progress. With plans to make compliance reporting even easier with tailored compliance profiles and reporting by application, namespace and cluster. 
-- *Vulnerability Management:* Over the past year, we've revamped our Vulnerability Management process, focusing on filtering important and critical issues. We've also introduced node, platform, and workload-specific vulnerability dashboards. This segmentation helps the operations team quickly identify where a vulnerability exists and determine which team to contact, making the process much more efficient. 
+- *Network Graph:* Real time network flows and public ports that are available. Enables to automated creation of Network Policies to implement network segmentation
+- *Violations:* Events that are in violation of the default and your defined security policies
+- *Compliance:* Our new compliance dashboard (Self titled *NextGen Compliance*) update is in progress. With plans to make compliance reporting even easier with tailored compliance profiles and reporting by application, namespace and cluster. 
+- *Vulnerability Management:* Over the past year, we've revamped our Vulnerability Management workflows, focusing on filtering important and critical issues. We've also introduced node, platform, and workload-specific vulnerability dashboards. This segmentation helps the operations team quickly identify where a vulnerability exists and determine which team to contact, making the process much more efficient. 
 - *Configuration Management:* The configuration management tab enables you to identify potential misconfigurations that can lead to security issues
 - *Risk:* The Risk tab points out major risky applications by using configuration, runtime, and vulnerability data, helping you focus on the "high-risk" workloads.
 - *Platform Configuration:* RHACS configuration, policy management and integration details, including;
 * Clusters
 * Policy Management
 * Collections
 * Integrations
+* Exception Configuration
 * Access Control
 * System Configuration
 * Administration Events
@@ -215,7 +216,7 @@ The network graph tab allows you to visualize all the network connections in you
 
 image::00-network-2.png[link=self, window=blank, width=100%, Dashboard Filter]
 
-The listening endpoints tab allows you to see all of the deployments across all of your clusters and audit for any reported listening endpoints as you drill down through cluster namespace and into deployments, you will see the exact process ID Port protocol pod ID and container name and if they are exposed.
+With the *Listening Endpoints tab*, you can see all of the deployments across your clusters and audit for any reported listening endpoints. As you drill down through cluster namespace and into deployments, you will see the exact process ID, Port protocol pod ID, container name and whether they are exposed.
 
 image::00-network-3.png[link=self, window=blank, width=100%, Dashboard Filter]
 
@@ -240,65 +241,79 @@ image::01-violations-1.png[link=self, window=blank, width=100%]
 
 Don't worry, you'll go through this policy violation workflow in later modules.
 
-=== Compliance (Next Gen Dashboard)
+=== Compliance (Next-Gen Dashboard)
 
 Red Hat Advanced Cluster Security for Kubernetes supports OpenShift Container Platform configuration compliance standards through an integration with the OpenShift Container Platform Compliance Operator. In addition, it allows you to measure and report on configuration security best practices for OpenShift and supported Kubernetes platforms.
 
 The OpenShift Compliance Operator allows OpenShift Container Platform administrators to define the desired compliance state of a cluster and provides an overview of gaps and ways to remediate any non-compliant policy. We will be installing and managing the compliance operator in  later modules
 
-image::00-compliance-1.png[link=self, window=blank, width=100%]
+image::01-compliance-1.png[link=self, window=blank, width=100%]
 
-The Compliance 2.0 tab is in tech preview this was just released in ACS 4.4, and we are currently in the process of migrating The existing 1.0 dashboard into 2.0
+The Compliance dropdown has three tabs to choose from. 
 
-=== Compliance 1.0
+- Coverage
+- Schedules
+- Dashboard
 
-The Compliance 1.0 dashboard should be empty when you're in here for the first time. It's because you have not completed a scan.
+----
+Coverage
+----
 
-.Procedure
+The *Coverage* tab will contain all of your scanned clusters and workloads after the *Compliance Operator* is setup. You will go through this in the Compliance section later in the roadshow.
 
-. We will go into this in a later module, but for now, hit the *Scan environment* button in the top right of the page to kick off your first scan. 
+image::01-compliance-2.png[link=self, window=blank, width=100%]
 
-image::00-compliance-2.png[link=self, window=blank, width=100%]
+----
+Schedules
+----
 
-image::00-compliance-3.png[link=self, window=blank, width=100%]
+The schedules tab contains all of the created scan schedules that report on the various CIS, PCI-DSS and DISA-STIG compliance standards you wish to evaluate.
 
-[start=2]
+image::01-compliance-3.png[link=self, window=blank, width=100%]
 
-. Ensure you see the bar graphs fill up with data before moving. We we will dissthesethis compliance results in a later module
+----
+Compliance Dashboard (Previously Compliance 1.0)
+----
 
-image::00-compliance-4.png[link=self, window=blank, width=100%]
+The Compliance dashboard should be empty when you're in here for the first time. It's because you have not completed a scan.
 
-=== Vulnerability Management 2.0
+.Procedure
 
-Next, we have the vulnerability management 2.0 tab, similar to the compliance 2.0 tab  vulnerability management is currently getting an overhaul.
+. We will go into this in a later module, but for now, hit the *Scan environment* button in the top right of the page to kick off your first scan. 
 
-image::00-vuln-1.png[link=self, window=blank, width=100%]
+image::01-compliance-4.png[link=self, window=blank, width=100%]
 
-The vulnerability management 2.0 tab contains a workload cve Tab and a vulnerability reporting tab with the workload CV tab currently in Tech preview
+image::01-compliance-5.png[link=self, window=blank, width=100%]
 
-image::00-vuln-2.png[link=self, window=blank, width=100%]
+[start=2]
+
+. Ensure you see the bar graphs fill up with data before moving. We we will review these compliance results in a later module.
 
-Feel free to click around however we will be exploring the vulnerability management section in the upcoming module
+image::01-compliance-6.png[link=self, window=blank, width=100%]
 
-=== Vulnerability Management 1.0
+=== Vulnerability Management
 
-The Vulnerability Management 1.0 tab has the original vulnerability management dashboard and the risk acceptance workflow.
+Next, we have the *Vulnerability Management* tab, which has been overhauled for greater visibility and efficient filtering.
 
-image::00-vuln-3.png[link=self, window=blank, width=100%]
+image::00-vuln-1.png[link=self, window=blank, width=100%]
 
-The underlying vulnerability data is the same as how we display, categorize and show it to the user. It is essential to to manage vulnerabilities at scale and make them actionable, which is a high priority in ACS. This is why we're prioritizing the vulnerability management workflow and eventually moving all features and functionality into a single tab
+The Vulnerability Management tab contains *a lot* of information including 
 
-image::00-vuln-4.png[link=self, window=blank, width=100%]
+- Workload CVEs
+- Exception Management
+- Vulnerability Reporting
+- Platform CVEs
+- Node CVEs
+- Dashboard (Deprecated)
 
-Again, feel free to click around however we will be exploring the vulnerability management section in the upcoming module.
+Feel free to click around, and get your questions ready as the upcoming module will be exploring the Vulnerability Management tab in detail. 
 
 === Configuration Management
 
 The Configuration Management tab contains a bunch of information about the security configuration across your OpenShift and Kubernetes clusters
 
 image::00-config-1.png[link=self, window=blank, width=100%]
 
-
 This information includes:
 
 - Policy violations by severity
@@ -308,7 +323,7 @@ This information includes:
 
 === Risk
 
-Another risk tab is a combination of security configuration management Network detection run time and incident response and vulnerability management all coming together so that users can gain a greater context and prioritize security issues throughout OpenShift and Kubernetes clusters
+The *Risk tab* is a combination of security configuration management, Network detection, runtime information, incident response, and vulnerability management all coming together so that users can gain a greater context and prioritize security issues throughout OpenShift and Kubernetes clusters.
 
 image::00-risk-1.png[link=self, window=blank, width=100%]
 
@@ -349,27 +364,33 @@ The integration tab holds all of your options for:
 - Cloud Source Integrations 
 - and authentication tokens
 
-==== Access Control
+==== Exception Configuration
+
+Configure exception behavior for vulnerabilities
 
 image::00-pc-5.png[link=self, window=blank, width=100%]
 
+==== Access Control
+
+image::00-pc-6.png[link=self, window=blank, width=100%]
+
 The access control tab is where you set up your authentication providers and the roles that you would like to have an ACS, along with permission sets and access scopes.
 
 ==== System Configuration
 
-image::00-pc-6.png[link=self, window=blank, width=100%]
+image::00-pc-7.png[link=self, window=blank, width=100%]
 
 The system configuration tab manages things like private data retention configuration cluster deletion public configuration and all of these are settings are editable
 
 ==== Administration Events
 
-image::00-pc-7.png[link=self, window=blank, width=100%]
+image::00-pc-8.png[link=self, window=blank, width=100%]
 
 The administration events tab is handy for troubleshooting platform issues by reviewing event logs now, these logs are approached after four days by default, but you can change that in the system configuration tab. We will have a whole section on the administration events later, but it is beneficial for diagnosing issues and looking into domains such as authentication image scanning Integrations and more 
 
 ==== System Health
 
-image::00-pc-8.png[link=self, window=blank, width=100%]
+image::00-pc-9.png[link=self, window=blank, width=100%]
 
 And lastly, the system Health Tap will help you handle things like Administration usage, generate diagnostic bundles that you monitor cluster status sensor upgrades, credential expiration, and more.
 
@@ -379,4 +400,4 @@ image::https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExcTYwZWZlazBoanhlcXV3Njkx
 
 Nice job!
 
-In this module, you learned how to navigate the ACS dashboard and perform basic search queries. You have the navigational basics to move through the ACI UI proficiently. On to *Vulnerability Management*!!
+In this module, you learned how to navigate the ACS dashboard and perform basic search queries. You have the navigational basics to move through the ACS UI proficiently. On to *Vulnerability Management*!!