Suit to pull CVE incidents from different sources (for example CERT-Bund), to normalize them and store them in a database in order to provide an unified REST-API to manage CVE alerts. All components are written in golang.
- Fetches CVE alerts from various sources (currently only "cert-bund")
- Normalizes all received alerts and puts them in the database
- Parameters (such as access data) can be specified on command line, config file and environment variables
- Features for source "cert-bund":
- Retrieves PGP-signed multipart-MIME-mail via POP3
- Check the PGP signature via public key
- Option to search and list cve alerts
- Option to filter certain categories
- Option to add, change or delete comments
- Option to list a specific comment
- Option to import,add and export filter
- Configurable search filters
You need to register to the "Warning and Information Service of CERT-Bund and subscribe to the desired messages. Also you need to provide a datatbase to store and manage the cases.
go get github.com/inexio/cve-alert-manager
or
git clone https://github.com/inexio/cve-alert-manager.git
After installation you have to setup your config or set environment variables.
Default config file paths (3 paths):
$HOME/.cve-alert-manager
../config
/var/opt/cve-alert-manager
You need to specify all settings of "certBundPop3" and "cveDatabase" in the config.yaml either in a config file in one of those paths, in a file you specify with the config flag or in your environment variables.
One of those paths needs to contain the filter_config.yaml if you want to use the init-db function.
If you don't change the username and password for the restAPI, it will be available without verification. Default port for the restAPI is 1323.
First change directory to cve-alert-fetcher:
cd go/src/cve-alert-manager/cve-alert-fetcher
Then run the main.go (and maybe set args and flags):
go run main.go
Initialize the DB with filters and filter categories provided by us:
go run main.go --init-db
First start change directory to cve-alert-restapi:
cd go/src/cve-alert-manager/cve-alert-restapi
Then run the main.go (and maybe set args and flags):
go run main-go --port 19000 #Run on port 19000
Now create a new tab on your shell and log in to your server where your framework is running:
curl -X GET http://localhost:1323/cvecases
#This request gets all CveCases that are saved in the database
Full documentation of our API is available at SwaggerHub.
Here is a graphic that shows the components and the architexture of the cve-alert-manager
Here is a graphic that shows how cve-alert-fetcher parse emails from cert-bund
Here is a graphic that shows the relationship between these two Database tables
If there are any problems. or something does not work as intended, open an issue on GitHub.
Contribution to the project are welcome.
We are looking forward to your bug reports, suggestions and fixes.
If you want to make any contributions make sure your go reports match up with our projects score A+.
When you contribute make sure you code is confirm to the uber-go coding style.