stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9b58589ba01342d5df7ab3bbfd7370cc970cdd21
git.stella-ops.org/docs/features/unchecked/feedser/epss-signal-ready-layer.md

3.2 KiB
Raw Blame History

EPSS Signal-Ready Layer (Tenant-Scoped Actionable Events)

Module

Feedser

Status

IMPLEMENTED

Description

EPSS signal emission pipeline with change detection, signal flow integration, and signal attaching to risk evaluations. EPSS evidence feeds into the policy determinization scoring system.

Implementation Details

  • EPSS Signal Attacher: src/Feedser/StellaOps.Feedser.Core/Signals/EpssSignalAttacher.cs (implements ISignalAttacher) -- attaches EPSS probability scores to findings as risk signals, enabling downstream policy evaluation and scoring.
  • KEV Signal Attacher: src/Feedser/StellaOps.Feedser.Core/Signals/KevSignalAttacher.cs (implements ISignalAttacher) -- attaches CISA Known Exploited Vulnerabilities (KEV) status signals to findings.
  • Signal Attacher Interface: src/Feedser/StellaOps.Feedser.Core/Signals/ISignalAttacher.cs -- contract for signal attachment implementations.
  • Signal DI Extensions: src/Feedser/StellaOps.Feedser.Core/Signals/SignalAttacherServiceExtensions.cs -- registers EpssSignalAttacher and KevSignalAttacher in the DI container.
  • Function Signature Extractor: src/Feedser/StellaOps.Feedser.Core/FunctionSignatureExtractor.cs -- extracts function signatures from patch data for vulnerability correlation.
  • Hunk Signature Extractor: src/Feedser/StellaOps.Feedser.Core/HunkSigExtractor.cs -- extracts patch hunk signatures for binary-level vulnerability matching.
  • Patch Signature Model: src/Feedser/StellaOps.Feedser.Core/Models/PatchSignature.cs -- model for extracted patch signatures.
  • Binary Fingerprinting: src/Feedser/StellaOps.Feedser.BinaryAnalysis/BinaryFingerprintFactory.cs -- factory for creating binary fingerprints using multiple strategies.
  • Fingerprinters: src/Feedser/StellaOps.Feedser.BinaryAnalysis/Fingerprinters/InstructionHashFingerprinter.cs (instruction-level hashing), SimplifiedTlshFingerprinter.cs (TLSH fuzzy hashing).
  • Binary Fingerprint Model: src/Feedser/StellaOps.Feedser.BinaryAnalysis/Models/BinaryFingerprint.cs -- model for binary fingerprint data.
  • Tests: src/Feedser/__Tests/StellaOps.Feedser.Core.Tests/Signals/EpssSignalAttacherTests.cs, src/Feedser/__Tests/StellaOps.Feedser.Core.Tests/FunctionSignatureExtractorTests.cs, HunkSigExtractorTests.cs; src/Feedser/__Tests/StellaOps.Feedser.BinaryAnalysis.Tests/BinaryFingerprintTests.cs

E2E Test Plan

  • Attach an EPSS signal to a finding via EpssSignalAttacher and verify the EPSS probability score is available in the finding's signal set
  • Attach a KEV signal and verify the finding is marked as a known exploited vulnerability
  • Verify signal change detection: attach an EPSS signal, update the EPSS score, and confirm only the changed signal triggers a re-evaluation event
  • Extract function signatures from a patch file and verify they match expected signatures for the patched functions
  • Generate a binary fingerprint using InstructionHashFingerprinter and verify it produces a deterministic hash for the same binary input
  • Generate a TLSH fingerprint via SimplifiedTlshFingerprinter and verify it produces a similarity-preserving hash that detects near-duplicate binaries