24 lines
1.5 KiB
Markdown
24 lines
1.5 KiB
Markdown
# AGENTS
|
|
## Role
|
|
Connector for Microsoft Security Response Center (MSRC) CSAF advisories, handling authenticated downloads, throttling, and raw document persistence.
|
|
## Scope
|
|
- MSRC API onboarding (AAD client credentials), metadata discovery, and CSAF listing retrieval.
|
|
- Download pipeline with retry/backoff, checksum validation, and document deduplication.
|
|
- Mapping MSRC-specific identifiers (CVE, ADV, KB) and remediation guidance into connector metadata.
|
|
- Emitting trust metadata (AAD issuer, signing certificates) for policy weighting.
|
|
## Participants
|
|
- Worker schedules MSRC pulls honoring rate limits; WebService may trigger manual runs for urgent updates.
|
|
- CSAF normalizer processes retrieved documents into claims.
|
|
- Policy subsystem references connector trust hints for consensus scoring.
|
|
## Interfaces & contracts
|
|
- Implements `IVexConnector`, requires configuration options for tenant/client/secret or managed identity.
|
|
- Uses shared HTTP helpers, resume markers, and telemetry from Abstractions module.
|
|
## In/Out of scope
|
|
In: authenticated fetching, raw document storage, metadata mapping, retry logic.
|
|
Out: normalization/export, attestation, storage implementations (handled elsewhere).
|
|
## Observability & security expectations
|
|
- Log request batches, rate-limit responses, and token refresh events without leaking secrets.
|
|
- Track metrics for documents fetched, retries, and failure categories.
|
|
## Tests
|
|
- Connector tests with mocked MSRC endpoints and AAD token flow will live in `../StellaOps.Excititor.Connectors.MSRC.CSAF.Tests`.
|