stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
10212d67c0dfa0dd849fd798c24502b773664749
git.stella-ops.org/docs/modules/concelier/feeds/icscisa-kisa.md
master 10212d67c0
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
Refactor code structure for improved readability and maintainability; removed redundant code blocks and optimized function calls.
2025-11-20 07:50:52 +02:00

2.5 KiB
Raw Blame History

ICSCISA / KISA Feed Remediation Plan (v0.1 · 2025-11-19)

Purpose

Define a minimal, actionable plan to refresh overdue ICSCISA and KISA connectors, restore provenance freshness, and publish normalized payload fields for downstream Advisory AI and Concelier consumers.

Owners

  • Feed owners: Concelier Feed Guild
  • Product advisory liaison: Product Advisory Guild
  • Backup: Docs Guild

Scope & cadence

  • Feeds: ICSCISA, KISA (security advisories)
  • Refresh cadence: weekly pull; publish hashlist and timestamps per run
  • Staleness budget: <14 days; alert if exceeded

Deliverables (for PREP-FEEDCONN-ICS-KISA-PLAN)

  1. Provenance refresh SOP
    • Mirror source URLs to internal cache
    • Record source_url, fetched_at (UTC), sha256, signature (if present)
    • Store run log under out/feeds/icscisa-kisa/<YYYYMMDD>/fetch.log
  2. Normalized payload fields
    • advisory_id, title, summary, published, updated, severity (pass-through), cvss (if provided), cwe, affected_products (list), references (list of URL strings), signature (object or null)
    • Preserve source values; no inference or merging
  3. Backlog cleanup
    • Reprocess last 60 days; compare hash to prior ingests; flag changed advisories
    • Emit delta report (out/feeds/icscisa-kisa/<YYYYMMDD>/delta.json): added/updated/removed ids, counts
  4. Provenance note
    • Publish docs/modules/concelier/feeds/icscisa-kisa-provenance.md with current signing keys/fingerprints, expected headers, and fallback when signatures missing
  5. Next review date
    • Set to 2025-12-03 (two-week check) and capture SIG verification status

Actions & timeline

  • T0 (2025-11-19): adopt SOP + field map; create delta report template
  • T0+2d (2025-11-21): run backlog reprocess, publish artefacts + hashes
  • T0+14d (2025-12-03): review staleness, adjust cadence if needed

Artefact locations

  • Normalized advisories: out/feeds/icscisa-kisa/<YYYYMMDD>/advisories.ndjson
  • Fetch log + hashes: out/feeds/icscisa-kisa/<YYYYMMDD>/fetch.log, hashes.sha256
  • Delta report: out/feeds/icscisa-kisa/<YYYYMMDD>/delta.json
  • Provenance note: docs/modules/concelier/feeds/icscisa-kisa-provenance.md

Risks & mitigations

  • Source downtime → mirror last good snapshot; retry daily for 3 days.
  • Missing signatures → record signature=null, log skip_reason in provenance note; do not infer validity.
  • Schema drift → treat as new fields, store raw, add to field map after review (no drop).