Training Materials

Structured training content for security practitioners, administrators, and managed service providers working with the Donjon Platform.

Quick Start Tutorial (15 Minutes)

Minute 0-3: Setup

1. Clone and install

   git clone https://github.com/DonjonSec/donjon-platform.git
   cd donjon-platform
   python3 -m venv venv
   source venv/bin/activate  # Windows: venv\Scripts\activate
   pip install -r requirements.txt

2. Populate quick intelligence

   python3 bin/update-intel.py --quick

   This downloads KEV + EPSS + 14-day NVD data (~2 minutes).

Minute 3-5: Launch

1. Start the platform

   python3 bin/donjon-launcher

   The TUI main menu appears. The web dashboard is available at https://localhost:8443.

Minute 5-10: First Scan

1. Start a network scan via API

   curl -X POST http://localhost:8443/api/v1/scans \
     -H "Content-Type: application/json" \
     -d '{
       "scanner": "network",
       "targets": ["127.0.0.1"],
       "scan_type": "quick"
     }'

   Note the session_id in the response.

2. Check scan status

   curl http://localhost:8443/api/v1/scans/<session_id>

Minute 10-15: Review Results

1. Get findings

   curl http://localhost:8443/api/v1/scans/<session_id>/findings

2. Ask AI about the results

   curl -X POST http://localhost:8443/api/v1/ai/query \
     -H "Content-Type: application/json" \
     -d '{
       "question": "Summarize the findings and recommend next steps",
       "context": { "session_id": "<session_id>" }
     }'

3. Export results

   curl "http://localhost:8443/api/v1/scans/<session_id>/export?format=json" \
     -o scan-results.json

Vulnerability Assessment Workflow

Phase 1: Scoping and Planning

Step	Action	Donjon Feature
1	Define target scope (IPs, ranges, domains)	Asset inventory API
2	Obtain written authorization	N/A (organizational requirement)
3	Register assets in inventory	POST /api/v1/assets
4	Select compliance frameworks	Configuration file

Phase 2: Discovery

Step	Action	Donjon Feature
5	Network discovery scan	POST /api/v1/discovery/scan
6	Review discovered hosts	GET /api/v1/discovery/hosts
7	DNS and certificate enumeration	ASM scanner (Pro+)

Phase 3: Scanning

Step	Action	Donjon Feature
8	Quick network scan (port discovery)	Network scanner - quick
9	Vulnerability assessment	Vulnerability scanner
10	Web application scan	Web scanner
11	SSL/TLS assessment	SSL scanner
12	Compliance scan	Compliance scanner
13	Container security (if applicable)	Container scanner (Pro+)
14	Cloud security (if applicable)	Cloud scanner (Pro+)

Phase 4: Analysis

Step	Action	Donjon Feature
15	Review findings by severity	Dashboard, API
16	Check intelligence enrichment (EPSS, KEV, SSVC)	Automatic enrichment
17	AI triage and prioritization	POST /api/v1/ai/triage
18	FAIR risk quantification	Risk quantifier, GET /api/v1/risks/posture

Phase 5: Reporting

Step	Action	Donjon Feature
19	Generate executive report	GET /api/v1/reports/executive
20	Generate compliance report	GET /api/v1/reports/compliance/{fw}
21	Export findings for client	Export API (HTML/PDF for Pro+)
22	Create remediation items	POST /api/v1/remediation

Compliance Assessment Workflow

Supported Frameworks

Compliance Assessment Steps

1. Select applicable frameworks

   Configure the frameworks in config/active/config.yaml. Community tier supports 3 frameworks; Pro and above support unlimited.

   compliance:
     frameworks:
       - 'NIST-800-53'
       - 'HIPAA'
       - 'PCI-DSS-v4'

2. Run a compliance scan

   The compliance scanner evaluates systems against the selected frameworks.

   POST /api/v1/scans
   { "scanner": "compliance", "targets": ["10.0.1.0/24"], "scan_type": "standard" }

3. Review framework-specific report

   GET /api/v1/reports/compliance/NIST-800-53

   The report shows control-by-control status: passing, failing, and not assessed.

4. Address gaps

   Create remediation items for failing controls. Use AI for remediation guidance.

5. Re-scan and verify

   After remediation, re-run the compliance scan and generate a delta report to show improvement.

MSSP/MSP Multi-Client Management

Managed Tier Exclusive Features

Feature	Description
Client Provisioning	Automated onboarding and configuration of client tenants
Per-Client Dashboards	Isolated security overview for each client
Consolidated Rollup	Aggregate reporting across all client tenants
Bulk Scan Orchestration	Schedule and coordinate scans across multiple clients
Cross-Client Reporting	Comparative analysis and benchmarking across your client portfolio
Usage Metering API	Track usage for billing integration
License Sub-Allocation	Distribute license seats across client organizations
Per-Client Branding	White-label reports with each client's branding
Scan Template Library	Create and distribute standardized scan templates
Unlimited Clients	No cap on the number of client tenants

MSSP Workflow

1. Provision a new client

   Use client provisioning to create an isolated tenant with its own data, dashboards, and configurations.

2. Configure scan templates

   Create standardized scan templates from the scan template library. Apply consistent assessment methodology across all clients.

3. Schedule recurring scans

   Use bulk scan orchestration to schedule scans across multiple clients. Configure different schedules per client based on their SLA.

4. Generate client reports

   Use per-client branding to generate white-labeled reports. Each client receives reports with their own logo and branding.

5. Review consolidated rollup

   Use the consolidated rollup dashboard to get a portfolio-wide view of security posture across all clients.

6. Track billing

   Use the usage metering API to track scan volume, AI queries, and other usage metrics for billing integration.

Integration Guide

CI/CD Pipeline Integration

GitHub Actions

# .github/workflows/security-scan.yml
name: Security Scan
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install Donjon
        run: |
          pip install -r requirements.txt

      - name: Security Scan
        run: |
          python3 bin/donjon-launcher quick --output sarif

      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: data/reports/scan.sarif

GitLab CI

# .gitlab-ci.yml
security_scan:
  stage: test
  image: python:3.11
  script:
    - pip install -r requirements.txt
    - python3 bin/donjon-launcher quick --output sarif
  artifacts:
    reports:
      sast: data/reports/scan.sarif

Jenkins

// Jenkinsfile
pipeline {
    agent any
    stages {
        stage('Security Scan') {
            steps {
                sh 'python3 bin/donjon-launcher quick --output sarif'
            }
            post {
                always {
                    archiveArtifacts artifacts: 'data/reports/*.sarif'
                }
            }
        }
    }
}

SIEM Integration

Donjon integrates with SIEM systems through multiple channels:

• Webhook notifications — Push real-time alerts to your SIEM webhook endpoint
• Syslog — Forward log entries to your syslog collector
• REST API — Pull scan data programmatically on a schedule
• Audit log export — Enterprise tier exports structured audit logs for SIEM ingestion

Ticketing System Integration

System	Method	Description
Jira	REST API	Automatically create Jira tickets for findings via the export API
ServiceNow	REST API	Create ServiceNow incidents from scan findings
Slack	Webhook	Push finding notifications to Slack channels (Pro+)
Microsoft Teams	Webhook	Push finding notifications to Teams channels (Pro+)

Certification Study Guide

Donjon Platform concepts map directly to industry certification domains. Use the platform as a hands-on learning tool.

CompTIA Security+ (SY0-701)

Domain	Donjon Feature	Hands-On Exercise
1.0 General Security Concepts	Post-quantum cryptography, license verification	Review Security Guide on ML-DSA-65 and Ed25519
2.0 Threats, Vulnerabilities, and Mitigations	Vulnerability scanning, CVE database, EPSS scoring	Run a vulnerability scan, analyze CVSS/EPSS/KEV enrichment
3.0 Security Architecture	Network scanning, cloud security, container security	Scan a network segment, review architecture findings
4.0 Security Operations	SIEM integration, incident response, audit logs	Configure webhooks, review audit trail, export SARIF
5.0 Security Program Management	Compliance mapping, risk quantification, FAIR	Generate compliance reports, run FAIR risk analysis

CISSP Domains

CISSP Domain	Donjon Feature
1. Security and Risk Management	FAIR risk quantification, compliance frameworks, risk register
2. Asset Security	Asset inventory, data classification, credential management
3. Security Architecture and Engineering	Post-quantum cryptography, secure licensing, air-gap design
4. Communication and Network Security	Network scanning, SSL/TLS assessment, firewall analysis
5. Identity and Access Management	SSO (Enterprise), RBAC, API key authentication, credential scanning
6. Security Assessment and Testing	Vulnerability scanning, web app testing, compliance scanning
7. Security Operations	Remediation tracking, notification channels, scheduled scans, audit trail
8. Software Development Security	SBOM generation, CI/CD integration, SARIF export, container security

CompTIA CySA+ (CS0-003)

Domain	Donjon Feature
1. Security Operations	Threat intelligence (KEV, EPSS, SSVC), vulnerability database, AI triage
2. Vulnerability Management	All scanners, FAIR risk quantification, remediation tracking
3. Incident Response	Audit trail, notification channels, risk exception management
4. Reporting and Communication	Executive reports, compliance reports, delta reports, AI summaries