How to recommend development of a mapper

To recommend the development of a new converted from a given cyber security tool to the Heimdall Data Format (HDF), that can be viewable in Heimdall.

1. Create an issue, and email ([email protected]) citing the issue link so we can help
2. Provide a sample output, preferably the most detailed the tool can provide, and also preferably in a machine-readable format, such as xml, json, or csv - whichever is natively available. If it is sensitive we'll work that in #3. (If it's an API only, we'll also just talk about it in #3)
3. Let's arrange a time to take a close look at the data it provides to get an idea of all it has to offer. We'll suggest an initial mapping of the HDF core elements.
4. Note: if the tool doesn't provide a NIST SP 800-53 reference, we've worked on mappings to other references such as CWE or OWASP Top 10. (If you're working with CVE Associations then the default NIST tags are SI-2 and RA-5)
5. If the tool doesn't provide something for #4, or another core element such as impact, we'll help you identify a custom mapping approach.
6. We'll help you decide how to preserve any other information (non-core elements) the tool provides to ensure that all of the original tool's intent comes through for the user when the data is viewed in Heimdall.
7. Finally, we'll provide a final peer review and support merging your pull request.

We appreciate your contributions, and we're here to help!