Resource Surveillance State Database - RSSD

Resource Surveillance State Database is a SQLite database generated by the Surveilr tool, which can be used independently to provide machine-attested evidence of compliance and security across various work products and disciplines within an organization. This helps overcome the limitations of human-based compliance verification processes.

RSSD-Architecture

Characteristics of a RSSD

Independence: Once the RSSD is generated, it is no longer tied to surveilr and can be used by any other tool, service, application, or ETL’d into a data warehouse which makes it a versatile data source.
Consumption: It can be consumed by any computing environment that supports SQLite , allowing it to be integrated into various systems and workflows
Evidence Collection: It is designed to collect machine attestation artifacts like code, test results, emails, issues/tickets, and wikis to prove that security, privacy, safety and regulatory compliance policies are being followed. This provides a more reliable and automated way to demonstrate compliance compared to relying on human attestation.

How to generate an RSSD

Generating a RSSD requires you to execute a survielr ingest command which can either be file ingestion or task ingestion. Suppose you have folder named my-files and it is located within your current working directory, you can ingest the files in this folder by navigating into the folder ( cd ), and executing this script:

$ surveilr ingest files

An RSSD will be created inside my-files

if you prefer not cd into my-files before performing file ingestion, there is a -r flag that allows you to specify my-files as the folder you wish to ingest its content(s) without having to leave your root directory.

$ surveilr ingest files -r <PATH>/my-files

The outcome of the execution of this script above is a resource-surveillance.sqlite.db file ( known as resource surveillance state database - RSSD ) created in your root directory. The database consist of several tables which can you can learn about here.

Configuring Unique Identifiers for RSSD Databases

surveilr uses a default SQLite database named resource-surveillance.sqlite.db for storing file system state data. However, in environments with multiple surveillance databases, it’s beneficial to distinguish each RSSD by including unique identifiers in the filename, such as the hostname. This setup simplifies merging of databases. Unique identifiers can be configured for RSSD databases in two ways:

Using an environment variable: During a terminal session, you can set a custom RSSD path as an environment variable. This path will serve as an identifier for the generated SQLite database during ingestion. Note that the environment variable will be cleared once the terminal session is closed.
Terminal window
```
export SURVEILR_STATEDB_FS_PATH="resource-surveillance-$(hostname).sqlite.db"
```
Note
- SURVEILR_STATEDB_FS_PATH can take the path you want the RSSD to be stored as value (SURVEILR_STATEDB_FS_PATH="<path>/resource-surveillance-$(hostname).sqlite.db"). If a path isn’t specified, the RSSD will be stored in the current working directory.
- SURVEILR_STATEDB_FS_PATH can take any string as the identifier as long it has .db extension (SURVEILR_STATEDB_FS_PATH="my-identifier.db").
Argument Passing: When performing an ingestion, you need to set the RSSD’s unique identifier by passing it as an argument with the -d flag, as shown below.
Terminal window
```
$ surveilr ingest files -d "resource-surveillance-$(hostname).sqlite.db"
```