Skip to content

Collect security alerts from different sources and provide a normalized API to query

License

Notifications You must be signed in to change notification settings

inexio/cve-alert-manager

Repository files navigation

cve-alert-manager

Go Report Card GitHub license GitHub code style GoDoc doc

Description

Suit to pull CVE incidents from different sources (for example CERT-Bund), to normalize them and store them in a database in order to provide an unified REST-API to manage CVE alerts. All components are written in golang.

Features

CVE Alert Fetcher (cve-alert-fetcher)

  • Fetches CVE alerts from various sources (currently only "cert-bund")
  • Normalizes all received alerts and puts them in the database
  • Parameters (such as access data) can be specified on command line, config file and environment variables
  • Features for source "cert-bund":
    • Retrieves PGP-signed multipart-MIME-mail via POP3
    • Check the PGP signature via public key

CVE Alert Rest API (cve-alert-restapi)

  • Option to search and list cve alerts
  • Option to filter certain categories
  • Option to add, change or delete comments
  • Option to list a specific comment
  • Option to import,add and export filter
  • Configurable search filters

Requirements

You need to register to the "Warning and Information Service of CERT-Bund and subscribe to the desired messages. Also you need to provide a datatbase to store and manage the cases.

Installation

go get github.com/inexio/cve-alert-manager

or

git clone https://github.com/inexio/cve-alert-manager.git

Setup

After installation you have to setup your config or set environment variables.

Configs

Default config file paths (3 paths):

$HOME/.cve-alert-manager
../config
/var/opt/cve-alert-manager

You need to specify all settings of "certBundPop3" and "cveDatabase" in the config.yaml either in a config file in one of those paths, in a file you specify with the config flag or in your environment variables.

One of those paths needs to contain the filter_config.yaml if you want to use the init-db function.

If you don't change the username and password for the restAPI, it will be available without verification. Default port for the restAPI is 1323.

Usage

How to run cve-alert-fetcher

First change directory to cve-alert-fetcher:

cd go/src/cve-alert-manager/cve-alert-fetcher

Then run the main.go (and maybe set args and flags):

go run main.go 

Initialize the DB with filters and filter categories provided by us:

go run main.go --init-db

How to run cve-alert-restapi

First start change directory to cve-alert-restapi:

cd go/src/cve-alert-manager/cve-alert-restapi

Then run the main.go (and maybe set args and flags):

go run main-go --port 19000 #Run on port 19000

Now create a new tab on your shell and log in to your server where your framework is running:

curl -X GET http://localhost:1323/cvecases
#This request gets all CveCases that are saved in the database

Full documentation of our API is available at SwaggerHub.

Architexture and Components

Here is a graphic that shows the components and the architexture of the cve-alert-manager cve-alert-manager

cve-alert-fetcher email parsing for cert-bund

Here is a graphic that shows how cve-alert-fetcher parse emails from cert-bund

cve-alert-manager

Relationship between filter_categories and case_categories

Here is a graphic that shows the relationship between these two Database tables cve-alert-manager

Getting Help

If there are any problems. or something does not work as intended, open an issue on GitHub.

Contribution

Contribution to the project are welcome.

We are looking forward to your bug reports, suggestions and fixes.

If you want to make any contributions make sure your go reports match up with our projects score A+.

When you contribute make sure you code is confirm to the uber-go coding style.