An open API service indexing awesome lists of open source software.

https://github.com/inexio/cve-alert-manager

Collect security alerts from different sources and provide a normalized API to query
https://github.com/inexio/cve-alert-manager

cve golang security security-vulnerability

Last synced: 4 months ago
JSON representation

Collect security alerts from different sources and provide a normalized API to query

Awesome Lists containing this project

README

          

# cve-alert-manager
[![Go Report Card](https://goreportcard.com/badge/github.com/inexio/cve-alert-manager)](https://goreportcard.com/report/github.com/inexio/cve-alert-manager)
[![GitHub license](https://img.shields.io/badge/license-BSD-blue.svg)](https://github.com/inexio/check_eve_ng/blob/master/LICENSE)
[![GitHub code style](https://img.shields.io/badge/code%20style-uber--go-brightgreen)](https://github.com/uber-go/guide/blob/master/style.md)
[![GoDoc doc](https://img.shields.io/badge/godoc-reference-blue)](https://godoc.org/github.com/inexio/cve-alert-manager)

## Description

Suit to pull CVE incidents from different sources (for example [CERT-Bund](https://www.cert-bund.de/wid)), to normalize them and store them in a database in order to provide an unified REST-API to manage CVE alerts.
All components are written in golang.

## Features

### CVE Alert Fetcher (cve-alert-fetcher)

- Fetches CVE alerts from various sources (currently only "cert-bund")
- Normalizes all received alerts and puts them in the database
- Parameters (such as access data) can be specified on command line, config file and environment variables
- Features for source "cert-bund":
- Retrieves PGP-signed multipart-MIME-mail via POP3
- Check the PGP signature via public key

### CVE Alert Rest API (cve-alert-restapi)

- Option to search and list cve alerts
- Option to filter certain categories
- Option to add, change or delete comments
- Option to list a specific comment
- Option to import,add and export filter
- Configurable search filters

## Requirements

You need to register to the "Warning and Information Service of [CERT-Bund](https://www.cert-bund.de/wid) and subscribe to the desired messages. Also you need to provide a datatbase to store and manage the cases.

## Installation

```
go get github.com/inexio/cve-alert-manager
```

or

```
git clone https://github.com/inexio/cve-alert-manager.git
```

## Setup

After installation you have to setup your config or set environment variables.

### Configs

Default config file paths (3 paths):

```
$HOME/.cve-alert-manager
../config
/var/opt/cve-alert-manager
```

You need to specify all settings of "certBundPop3" and "cveDatabase" in the config.yaml either in a config file in one of those paths, in a file you specify with the config flag or in your environment variables.

One of those paths needs to contain the filter_config.yaml if you want to use the init-db function.

If you don't change the username and password for the restAPI, it will be available without verification. Default port for the restAPI is 1323.

## Usage

### How to run cve-alert-fetcher

First change directory to cve-alert-fetcher:

```
cd go/src/cve-alert-manager/cve-alert-fetcher
```

Then run the main.go (and maybe set args and flags):

```
go run main.go
```

Initialize the DB with filters and filter categories provided by us:

```
go run main.go --init-db
```

### How to run cve-alert-restapi

First start change directory to cve-alert-restapi:

```
cd go/src/cve-alert-manager/cve-alert-restapi
```

Then run the main.go (and maybe set args and flags):

```
go run main-go --port 19000 #Run on port 19000
```

Now create a new tab on your shell and log in to your server where your framework is running:

```
curl -X GET http://localhost:1323/cvecases
#This request gets all CveCases that are saved in the database
```

Full documentation of our API is available at [SwaggerHub](https://app.swaggerhub.com/apis-docs/TheFireMike/cve-alert-manager/1.0.0).

## Architexture and Components

Here is a graphic that shows the components and the architexture of the cve-alert-manager
![cve-alert-manager](https://user-images.githubusercontent.com/60655329/77415211-6bed0580-6dc2-11ea-83fe-1f17f5febd17.png)

## cve-alert-fetcher email parsing for cert-bund

Here is a graphic that shows how cve-alert-fetcher parse emails from cert-bund

![cve-alert-manager](https://user-images.githubusercontent.com/60655329/77415280-8c1cc480-6dc2-11ea-995a-ed114840eed5.png)

## Relationship between filter_categories and case_categories

Here is a graphic that shows the relationship between these two Database tables
![cve-alert-manager](https://user-images.githubusercontent.com/60655329/77415386-b66e8200-6dc2-11ea-89f9-5da061e560b3.png)

## Getting Help

If there are any problems. or something does not work as intended, open an issue on GitHub.

## Contribution

Contribution to the project are welcome.

We are looking forward to your bug reports, suggestions and fixes.

If you want to make any contributions make sure your go reports match up with our projects score **A+**.

When you contribute make sure you code is confirm to the **uber-go** coding style.