master
607e72e2a1
Some checks failed
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Build Test Deploy / authority-container (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
3.7 KiB
3.7 KiB
Feedser Connector Research – 2025-10-11
Snapshot of direct network checks performed on 2025-10-11 (UTC) for the national/vendor connectors in scope. Use alongside each module’s TASKS.md notes.
ACSC (Australia)
- Enumerated feed slugs
/acsc/view-all-content/{alerts,advisories,news,publications,threats}/rss; every endpoint negotiates HTTP/2 then aborts withINTERNAL_ERROR(curl exit 92). Forcing HTTP/1.1 hangs >600 s and sitemap/HTML fetches fail the same way. - Next actions: prototype
SocketsHttpHandlersettings (RequestVersionOrLower, allow fallback to relay), capture successful headers from partner vantage (need retention + cache semantics), and keepFEEDCONN-SHARED-HTTP2-001open for downgrade work.
CCCS (Canada)
- RSS endpoint (
https://cyber.gc.ca/api/cccs/rss/v1/get?...) 301s to Atom feed (/api/cccs/atom/v1/get?...) with 50-entry window, HTML-heavy<content>fields, and no cache headers. - Next actions: enumerate additional
feedquery values, sanitise inline HTML for DTO storage, and track retention depth via HTML pagination (?page=).
CERT-Bund (Germany)
https://wid.cert-bund.de/content/public/securityAdvisory/rssresponds 200 without cookies (250-item window, German taxonomy). Detail links load an Angular SPA that fetches JSON behind session cookies.- Next actions: script SPA cookie/bootstrap, discover JSON detail endpoint, and capture advisory schema for parser planning.
KISA / KNVD (Korea)
https://knvd.krcert.or.kr/rss/securityInfo.doand/rss/securityNotice.doreturn UTF-8 RSS (10-item window) withdetailDos.do?IDX=links. No cookies required for feed fetch.- Next actions: trace SPA detail requests to identify JSON endpoints, normalise Hangul content, and finalise localisation plan.
BDU (Russia / FSTEC)
- Candidate endpoints (
https://bdu.fstec.ru/component/rsform/form/7-bdu?format=xml/json) return 403/404; TLS chain requires Russian Trusted Sub CA and WAF expects additional headers. - Next actions: acquire official PEM chain, point
feedser:httpClients:source.bdu:trustedRootPaths(orfeedser:sources:bdu:http:trustedRootPaths) at the Offline Kit PEM, keepallowInvalidCertificates=false, script session bootstrap, then capture RSS/HTML schema for parser work.
NKTsKI / cert.gov.ru (Russia)
https://cert.gov.ru/rss/advisories.xmlserved via Bitrix returns 403/404 even withAccept-Language: ru-RU; TLS chain also requires Russian trust anchors.- Next actions: source trust store, configure
feedser:httpClients:source.nkcki:trustedRootPaths(Offline Kit root viafeedser:offline:root), prepare proxy fallback, and once accessible document taxonomy/retention plus attachment handling.
CISA ICS (United States)
curl -I https://www.cisa.gov/cybersecurity-advisories/ics-advisories.xmlreturns HTTP 403 +x-reference-error(Akamai). Same for legacy feed paths.- Next actions: secure GovDelivery access, document token rotation, and build HTML/email fallback with throttling.
Cisco PSIRT
https://api.cisco.com/security/advisories/latestreturnsERR_596_SERVICE_NOT_FOUNDwhen unauthenticated. openVuln REST requires Mashery OAuth (client credentials) with quotas ~5 req/s, 30/min, 5 000/day; supportspageIndex/pageSizepagination.- Next actions: register OAuth app, capture pagination/delta parameters, and compare API vs RSS coverage.
Microsoft MSRC
- REST endpoint (
https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerabilities) requires Azure AD token +api-version(current2024-08-01) and supports delta filters (lastModifiedStartDateTime). CVRF ZIP remains available for offline use. - Next actions: finalise AAD app registration, implement token cache, and design combined REST+CVRF ingestion path for determinism.