From 39da12949445ec4659e8605a57d9c187b9ec14c5 Mon Sep 17 00:00:00 2001
From: "Austin Songer,MIS,CEH,ESCA,Project+ (Navy Veteran)"
 <a.songer@protonmail.com>
Date: Wed, 25 Sep 2024 15:28:33 -0500
Subject: [PATCH] Update README.md

---
 README.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 62 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index ba34446..dfe6887 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # AuditBuddy [Not Production Ready] 
 
-- Create evidence from tools and other source and then commits evidence to the repo.
+This GitHub Action automates evidence collection for compliance frameworks like SOC 2, ISO 27001, FedRAMP, and PCI DSS. It integrates with various cloud providers (AWS, Azure, GCP) and security tools (Okta, Tenable, etc.) to extract relevant data based on the chosen framework and control. The collected evidence is then formatted and committed to a designated location within the user's GitHub repository, simplifying compliance audits.
 
 ## Evidence Collection
 
@@ -30,10 +30,70 @@
 |           |                        |                                                              |                                                       |                                                    |                            |              |
 |           |                        |                                                              |                                                       |                                                    |                            |              |
 
-
 #### Private Sector
 
 | Frequency | Auditor  Evidence ID # | Evidence                                                     | Github Action                                         | Evidence Output                                    | SOC2 Mapping               | NIST Mapping |
 | --------- | ---------------------- | ------------------------------------------------------------ | ----------------------------------------------------- | -------------------------------------------------- | :------------------------- | ------------ |
 |           |                        |                                                              |                                                       |                                                    |                            |              |
 |           |                        |                                                              |                                                       |                                                    |                            |              |
+
+
+
+
+## Framework Requirements:
+
+* Framework Specificity: 
+    * Each framework has control objectives and corresponding controls with evidence types (e.g., policies, procedures, logs).
+* Mapping Framework Controls to Evidence: 
+    * Create a mapping between specific framework controls and the type of evidence they require (e.g., Population for user access controls, Configurations for security settings).
+
+## Language and Configuration Files
+- Python
+- `YAML`
+- `json`
+
+## Integration with Cloud Providers and Security Tools
+
+* SDKs and APIs: 
+    * Utilize the official SDKs or APIs provided by each cloud provider (AWS, Azure, GCP) and security tool (Okta, OneLogin, Tenable, Elastic, Splunk, CrowdStrike) to interact with them. This will allow you to pull relevant evidence based on the framework and control being assessed.
+        * https://aws.amazon.com/sdk-for-python/
+        * https://github.com/Azure/azure-sdk-for-python
+        * https://github.com/googleapis/google-cloud-python
+        * https://github.com/okta/okta-sdk-python
+        * https://pypi.org/project/elasticsearch/
+        * https://github.com/CrowdStrike/falconpy
+        * https://github.com/splunk/splunk-sdk-python
+        * https://github.com/TheJumpCloud/jcapi-python
+        * https://github.com/onelogin/onelogin-python-sdk
+        * https://github.com/tenable/pyTenable
+        * https://github.com/onelogin/onelogin-python-sdk
+* Authentication: 
+    * Implement secure authentication methods (e.g., OAuth, API keys) to connect with each platform. Store these credentials securely within the Github Action workflow using secrets.
+
+## Evidence Collection Logic
+
+* Framework Selection: 
+    * Allow users to specify the framework they're targeting within the Github Action workflow.
+* Control Mapping: 
+    * Based on the chosen framework and control being assessed, use the mapping created earlier to identify the type of evidence needed.
+* Data Extraction: 
+    * Leverage the SDKs/APIs to extract relevant data from each cloud provider and security tool based on the control objective.
+* Data Formatting: 
+    * Format the extracted data according to your defined structure (Populations, Configurations, Rules, Samples).
+
+## Commit and Push Evidence
+* Version Control: 
+    * Use Git commands within the Github Action workflow to commit the collected evidence files to a dedicated branch.
+* Push Automation
+    * Configure the workflow to automatically push the committed evidence to the desired location in the repository.
+
+## Additional Considerations:
+
+* Error Handling: 
+    * Implement robust error handling mechanisms to address potential issues during data extraction or API calls.
+* Security: 
+    * Prioritize security throughout the development process. Use secure methods to store credentials and ensure proper access controls.
+* Testing: 
+    * Develop a comprehensive testing strategy to ensure the Github Action collects accurate evidence for various frameworks and controls.
+
+