32 lines
3.2 KiB
Markdown
32 lines
3.2 KiB
Markdown
# EPSS Signal-Ready Layer (Tenant-Scoped Actionable Events)
|
|
|
|
## Module
|
|
Feedser
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
EPSS signal emission pipeline with change detection, signal flow integration, and signal attaching to risk evaluations. EPSS evidence feeds into the policy determinization scoring system.
|
|
|
|
## Implementation Details
|
|
- **EPSS Signal Attacher**: `src/Feedser/StellaOps.Feedser.Core/Signals/EpssSignalAttacher.cs` (implements `ISignalAttacher`) -- attaches EPSS probability scores to findings as risk signals, enabling downstream policy evaluation and scoring.
|
|
- **KEV Signal Attacher**: `src/Feedser/StellaOps.Feedser.Core/Signals/KevSignalAttacher.cs` (implements `ISignalAttacher`) -- attaches CISA Known Exploited Vulnerabilities (KEV) status signals to findings.
|
|
- **Signal Attacher Interface**: `src/Feedser/StellaOps.Feedser.Core/Signals/ISignalAttacher.cs` -- contract for signal attachment implementations.
|
|
- **Signal DI Extensions**: `src/Feedser/StellaOps.Feedser.Core/Signals/SignalAttacherServiceExtensions.cs` -- registers `EpssSignalAttacher` and `KevSignalAttacher` in the DI container.
|
|
- **Function Signature Extractor**: `src/Feedser/StellaOps.Feedser.Core/FunctionSignatureExtractor.cs` -- extracts function signatures from patch data for vulnerability correlation.
|
|
- **Hunk Signature Extractor**: `src/Feedser/StellaOps.Feedser.Core/HunkSigExtractor.cs` -- extracts patch hunk signatures for binary-level vulnerability matching.
|
|
- **Patch Signature Model**: `src/Feedser/StellaOps.Feedser.Core/Models/PatchSignature.cs` -- model for extracted patch signatures.
|
|
- **Binary Fingerprinting**: `src/Feedser/StellaOps.Feedser.BinaryAnalysis/BinaryFingerprintFactory.cs` -- factory for creating binary fingerprints using multiple strategies.
|
|
- **Fingerprinters**: `src/Feedser/StellaOps.Feedser.BinaryAnalysis/Fingerprinters/InstructionHashFingerprinter.cs` (instruction-level hashing), `SimplifiedTlshFingerprinter.cs` (TLSH fuzzy hashing).
|
|
- **Binary Fingerprint Model**: `src/Feedser/StellaOps.Feedser.BinaryAnalysis/Models/BinaryFingerprint.cs` -- model for binary fingerprint data.
|
|
- **Tests**: `src/Feedser/__Tests/StellaOps.Feedser.Core.Tests/Signals/EpssSignalAttacherTests.cs`, `src/Feedser/__Tests/StellaOps.Feedser.Core.Tests/FunctionSignatureExtractorTests.cs`, `HunkSigExtractorTests.cs`; `src/Feedser/__Tests/StellaOps.Feedser.BinaryAnalysis.Tests/BinaryFingerprintTests.cs`
|
|
|
|
## E2E Test Plan
|
|
- [ ] Attach an EPSS signal to a finding via `EpssSignalAttacher` and verify the EPSS probability score is available in the finding's signal set
|
|
- [ ] Attach a KEV signal and verify the finding is marked as a known exploited vulnerability
|
|
- [ ] Verify signal change detection: attach an EPSS signal, update the EPSS score, and confirm only the changed signal triggers a re-evaluation event
|
|
- [ ] Extract function signatures from a patch file and verify they match expected signatures for the patched functions
|
|
- [ ] Generate a binary fingerprint using `InstructionHashFingerprinter` and verify it produces a deterministic hash for the same binary input
|
|
- [ ] Generate a TLSH fingerprint via `SimplifiedTlshFingerprinter` and verify it produces a similarity-preserving hash that detects near-duplicate binaries
|