Update documentation for 75-source catalog and mirror management
connectors.md: categorized index of all 75 sources across 14 categories with descriptions, auth requirements, priorities, regions, and status. FSTEC BDU, NKCKI, and Kaspersky ICS promoted from beta to stable. architecture.md: updated source families (75 sources, 14 categories), added mirror domain management API (12 endpoints) to REST APIs section. mirrors.md: added MirrorExportScheduler docs, multi-value filter support (sourceCategory/sourceTag shorthands), mirror config UI sections (wizard, dashboard, catalog integration). docker.md: added section 7 with mirror env var reference (11 vars), domain config via env vars, filter shorthand documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
master
@@ -240,12 +240,31 @@ Legacy `Advisory`, `Affected`, and merge-centric entities remain in the reposito
|
||||
|
||||
## 4) Source families & precedence
|
||||
|
||||
The source catalog contains **75 definitions** across **14 categories**. The authoritative definition lives in `src/Concelier/__Libraries/StellaOps.Concelier.Core/Sources/SourceDefinitions.cs`; for the full connector index see `docs/modules/concelier/connectors.md`.
|
||||
|
||||
### 3.1 Families
|
||||
|
||||
* **Vendor PSIRTs**: Microsoft, Oracle, Cisco, Adobe, Apple, VMware, Chromium…
|
||||
* **Linux distros**: Red Hat, SUSE, Ubuntu, Debian, Alpine…
|
||||
* **OSS ecosystems**: OSV, GHSA (GitHub Security Advisories), PyPI, npm, Maven, NuGet, Go.
|
||||
* **CERTs / national CSIRTs**: CISA (KEV, ICS), JVN, ACSC, CCCS, KISA, CERT‑FR/BUND, etc.
|
||||
* **Primary databases**: NVD, OSV, GHSA, CVE.org (MITRE).
|
||||
* **Vendor PSIRTs**: Microsoft, Oracle, Cisco, Apple, VMware, Fortinet, Juniper, Palo Alto, plus cloud providers (AWS, Azure, GCP).
|
||||
* **Linux distros**: Debian, Ubuntu, Alpine, SUSE, RHEL, CentOS, Fedora, Arch, Gentoo, Astra Linux.
|
||||
* **OSS ecosystems**: npm, PyPI, Go, RubyGems, NuGet, Maven, Crates.io, Packagist, Hex.pm.
|
||||
* **Package manager native**: RustSec (cargo-audit), PyPA (pip-audit), Go Vuln DB (govulncheck), Ruby Advisory DB (bundler-audit).
|
||||
* **CSAF/VEX**: CSAF Aggregator, CSAF TC Trusted Publishers, VEX Hub.
|
||||
* **Exploit databases**: Exploit-DB, PoC-in-GitHub, Metasploit Modules.
|
||||
* **Container**: Docker Official CVEs, Chainguard Advisories.
|
||||
* **Hardware/firmware**: Intel PSIRT, AMD Security, ARM Security Center.
|
||||
* **ICS/SCADA**: Siemens ProductCERT, Kaspersky ICS-CERT.
|
||||
* **CERTs / national CSIRTs**: CERT-FR, CERT-Bund, CERT.at, CERT.be, NCSC-CH, CERT-EU, JPCERT/CC, CISA (US-CERT), CERT-UA, CERT.PL, AusCERT, KrCERT/CC, CERT-In.
|
||||
* **Russian/CIS**: FSTEC BDU, NKCKI (both promoted to stable).
|
||||
* **Threat intelligence**: EPSS (FIRST), CISA KEV, MITRE ATT&CK, MITRE D3FEND.
|
||||
* **StellaOps Mirror**: Pre-aggregated advisory mirror for offline/air-gap deployments.
|
||||
|
||||
### Source category enum
|
||||
|
||||
```
|
||||
Primary, Vendor, Distribution, Ecosystem, Cert, Csaf, Threat,
|
||||
Exploit, Container, Hardware, Ics, PackageManager, Mirror, Other
|
||||
```
|
||||
|
||||
### 3.2 Precedence (when claims conflict)
|
||||
|
||||
@@ -490,6 +509,25 @@ GET /advisories?scheme=CVE&value=CVE-2025-12345
|
||||
GET /affected?productKey=pkg:rpm/openssl&limit=100
|
||||
```
|
||||
|
||||
**Mirror domain management** (under `/api/v1/mirror`)
|
||||
|
||||
```
|
||||
GET /config → current mirror config (mode, signing, refresh interval)
|
||||
PUT /config → update mirror mode/signing/refresh settings
|
||||
GET /domains → list all mirror domains with export counts
|
||||
POST /domains → create a new mirror domain with exports/filters
|
||||
GET /domains/{domainId} → domain detail (exports, status)
|
||||
PUT /domains/{domainId} → update domain (name, auth, rate limits, exports)
|
||||
DELETE /domains/{domainId} → remove a mirror domain
|
||||
POST /domains/{domainId}/exports → add an export to a domain
|
||||
DELETE /domains/{domainId}/exports/{exportKey} → remove an export from a domain
|
||||
POST /domains/{domainId}/generate → trigger on-demand bundle generation
|
||||
GET /domains/{domainId}/status → domain sync status (last generate, staleness)
|
||||
POST /test → test mirror endpoint connectivity
|
||||
```
|
||||
|
||||
Mirror domains group export plans with shared rate limits and authentication rules. Exports support multi-value filter shorthands: `sourceCategory` (e.g., `"Distribution"` resolves to all distro sources), `sourceTag` (e.g., `"linux"`), and comma-separated `sourceVendor` values. Domain configuration is persisted in `excititor.mirror_domains` / `excititor.mirror_exports` tables, with env-var config as fallback. The `MirrorExportScheduler` background service periodically regenerates stale bundles (configurable via `RefreshIntervalMinutes`, default 60 minutes).
|
||||
|
||||
**AuthN/Z:** Authority tokens (OpTok) with roles: `concelier.read`, `concelier.admin`, `concelier.export`.
|
||||
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user