stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
b851aa8300b7febfb2e661443c8e39df13fa4e22
git.stella-ops.org/docs/modules/concelier/connectors.md
master 254d8b9cfc Update documentation for 75-source catalog and mirror management 
connectors.md: categorized index of all 75 sources across 14 categories
with descriptions, auth requirements, priorities, regions, and status.
FSTEC BDU, NKCKI, and Kaspersky ICS promoted from beta to stable.

architecture.md: updated source families (75 sources, 14 categories),
added mirror domain management API (12 endpoints) to REST APIs section.

mirrors.md: added MirrorExportScheduler docs, multi-value filter support
(sourceCategory/sourceTag shorthands), mirror config UI sections (wizard,
dashboard, catalog integration).

docker.md: added section 7 with mirror env var reference (11 vars),
domain config via env vars, filter shorthand documentation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-15 14:34:49 +02:00

13 KiB
Raw Blame History

Concelier Connectors

This index lists Concelier connectors, their status, authentication expectations, and links to operational runbooks. For procedures and alerting, see docs/modules/concelier/operations/connectors/.

The catalog currently contains 75 source definitions across 14 categories. The authoritative source list is defined in src/Concelier/__Libraries/StellaOps.Concelier.Core/Sources/SourceDefinitions.cs.

Source categories

Category Description Source count
Primary Core vulnerability databases (NVD, OSV, GHSA, CVE) 4
Threat Threat intelligence, exploit prediction, and known-exploited (EPSS, KEV, MITRE ATT&CK, D3FEND) 4
Vendor Vendor PSIRTs and cloud provider security bulletins 14
Distribution Linux distribution security trackers 10
Ecosystem Language-ecosystem advisory feeds via OSV/GHSA 9
PackageManager Native package manager advisory databases (cargo-audit, pip-audit, govulncheck, bundler-audit) 4
Csaf CSAF/VEX structured document sources 3
Exploit Exploit databases and proof-of-concept repositories 3
Container Container image advisory sources 2
Hardware Hardware and firmware PSIRT advisories 3
Ics Industrial control systems and SCADA advisories 2
Cert National CERTs and government CSIRTs 13
Mirror StellaOps pre-aggregated mirrors 1
Other Uncategorized sources 0

Primary Databases

Connector Source ID Status Auth Priority Ops Runbook
NVD (NIST) nvd stable api-key (optional) 10 nvd.md
OSV (Google) osv stable none 15 osv.md
GitHub Security Advisories ghsa stable api-token 20 ghsa.md
CVE.org (MITRE) cve stable none 5 cve.md

Threat Intelligence & Exploit Scoring

Connector Source ID Status Auth Priority Ops Runbook
EPSS (FIRST) epss stable none 50 epss.md
CISA KEV kev stable none 25 cve-kev.md
MITRE ATT&CK mitre-attack stable none 140 --
MITRE D3FEND mitre-d3fend stable none 142 --

MITRE ATT&CK provides adversary tactics and techniques in STIX format from the mitre/cti GitHub repository. D3FEND provides the complementary defensive techniques knowledge base. Both are tagged threat-intel and consumed via the SourceType.Upstream connector. For future STIX/TAXII protocol feeds, the SourceType.StixTaxii enum value is available for connector extensibility.

Vendor Advisories

Connector Source ID Status Auth Priority Ops Runbook
Red Hat Security redhat stable none 30 redhat.md
Microsoft Security (MSRC) microsoft stable none 35 msrc.md
Amazon Linux Security amazon stable none 40 --
Google Security google stable none 45 --
Oracle Security oracle stable none 50 oracle.md
Apple Security apple stable none 55 apple.md
Cisco Security cisco stable oauth 60 cisco.md
Fortinet PSIRT fortinet stable none 65 --
Juniper Security juniper stable none 70 --
Palo Alto Security paloalto stable none 75 --
VMware Security vmware stable none 80 vmware.md
AWS Security Bulletins aws stable none 81 --
Azure Security Advisories azure stable none 82 --
GCP Security Bulletins gcp stable none 83 --

AWS, Azure, and GCP cloud provider advisories were added in Sprint 007. They track platform-level security bulletins for cloud infrastructure components and are categorized under Vendor alongside traditional PSIRTs.

Linux Distributions

Connector Source ID Status Auth Priority Regions Ops Runbook
Debian Security Tracker debian stable none 30 -- debian.md
Ubuntu Security Notices ubuntu stable none 32 -- ubuntu.md
Alpine SecDB alpine stable none 34 -- alpine.md
SUSE Security suse stable none 36 -- suse.md
RHEL Security rhel stable none 38 -- --
CentOS Security centos stable none 40 -- --
Fedora Security fedora stable none 42 -- --
Arch Security arch stable none 44 -- --
Gentoo Security gentoo stable none 46 -- --
Astra Linux Security astra stable none 48 RU, CIS astra.md

Language Ecosystems

Connector Source ID Status Auth Priority Ops Runbook
npm Advisories npm stable none 50 --
PyPI Advisories pypi stable none 52 --
Go Advisories go stable none 54 --
RubyGems Advisories rubygems stable none 56 --
NuGet Advisories nuget stable api-token 58 --
Maven Advisories maven stable none 60 --
Crates.io Advisories crates stable none 62 --
Packagist Advisories packagist stable none 64 --
Hex.pm Advisories hex stable none 66 --

Ecosystem connectors use OSV or GHSA GraphQL as the underlying data source. NuGet requires a GITHUB_PAT for GHSA GraphQL access.

Package Manager Native Advisories

Connector Source ID Status Auth Priority Ops Runbook
RustSec Advisory DB (cargo-audit) rustsec stable none 63 --
PyPA Advisory DB (pip-audit) pypa stable none 53 --
Go Vuln DB (govulncheck) govuln stable none 55 --
Ruby Advisory DB (bundler-audit) bundler-audit stable none 57 --

Package manager native advisory databases provide language-specific vulnerability data curated by the respective package manager maintainers. These complement the ecosystem feeds (OSV/GHSA) by providing authoritative tool-native data used by cargo-audit, pip-audit, govulncheck, and bundler-audit. They are categorized separately under PackageManager to allow targeted mirror export filtering.

CSAF/VEX Sources

Connector Source ID Status Auth Priority Ops Runbook
CSAF Aggregator csaf stable none 70 --
CSAF TC Trusted Publishers csaf-tc stable none 72 --
VEX Hub vex stable none 74 --

Exploit Databases

Connector Source ID Status Auth Priority Ops Runbook
Exploit-DB exploitdb stable none 110 --
PoC-in-GitHub poc-github stable api-token 112 --
Metasploit Modules metasploit stable none 114 --

Exploit databases track publicly available proof-of-concept code and exploit modules. Exploit-DB is sourced from the Offensive Security GitLab mirror. PoC-in-GitHub uses the GitHub search API to discover repositories containing vulnerability PoCs (requires GITHUB_PAT). Metasploit tracks Rapid7 Metasploit Framework module metadata for CVE-to-exploit correlation.

Container Sources

Connector Source ID Status Auth Priority Ops Runbook
Docker Official CVEs docker-official stable none 120 --
Chainguard Advisories chainguard stable none 122 --

Container-specific advisory sources track vulnerabilities in base images and hardened container distributions. Docker Official CVEs covers the Docker Hub official images program. Chainguard Advisories covers hardened distroless and Wolfi-based images.

Hardware/Firmware

Connector Source ID Status Auth Priority Ops Runbook
Intel PSIRT intel stable none 130 --
AMD Security amd stable none 132 --
ARM Security Center arm stable none 134 --

Hardware PSIRT advisories cover CPU microcode, firmware, and silicon-level vulnerabilities from the three major processor vendors. These sources are especially relevant for infrastructure operators tracking speculative execution (Spectre/Meltdown class) and firmware supply chain issues.

ICS/SCADA

Connector Source ID Status Auth Priority Regions Ops Runbook
Siemens ProductCERT siemens stable none 136 -- --
Kaspersky ICS-CERT kaspersky-ics stable none 102 RU, CIS, GLOBAL kaspersky-ics.md

Industrial control systems advisories cover SCADA and operational technology vulnerabilities. Siemens ProductCERT publishes CSAF-format advisories. Kaspersky ICS-CERT was promoted from beta to stable in Sprint 007 after endpoint stability verification.

National CERTs

Connector Source ID Status Auth Priority Regions Ops Runbook
CERT-FR cert-fr stable none 80 FR, EU cert-fr.md
CERT-Bund (Germany) cert-de stable none 82 DE, EU certbund.md
CERT.at (Austria) cert-at stable none 84 AT, EU --
CERT.be (Belgium) cert-be stable none 86 BE, EU --
NCSC-CH (Switzerland) cert-ch stable none 88 CH --
CERT-EU cert-eu stable none 90 EU --
JPCERT/CC (Japan) jpcert stable none 92 JP, APAC jvn.md
CISA (US-CERT) us-cert stable none 94 US, NA cert-cc.md
CERT-UA (Ukraine) cert-ua stable none 95 UA --
CERT.PL (Poland) cert-pl stable none 96 PL, EU --
AusCERT (Australia) auscert stable none 97 AU, APAC --
KrCERT/CC (South Korea) krcert stable none 98 KR, APAC --
CERT-In (India) cert-in stable none 99 IN, APAC cert-in.md

Five additional CERTs were added in Sprint 007: CERT-UA, CERT.PL, AusCERT, KrCERT/CC, and CERT-In, extending coverage to Eastern Europe, Oceania, and South/East Asia.

Russian/CIS Sources

Connector Source ID Status Auth Priority Regions Ops Runbook
FSTEC BDU fstec-bdu stable none 100 RU, CIS fstec-bdu.md
NKCKI nkcki stable none 101 RU, CIS nkcki.md

FSTEC BDU and NKCKI were promoted from beta to stable in Sprint 007. FSTEC BDU (Bank of Security Threats) provides vulnerability data maintained by Russia's Federal Service for Technical and Export Control. NKCKI is the National Coordination Center for Computer Incidents. Kaspersky ICS-CERT and Astra Linux are listed in their respective category sections above.

StellaOps Mirror

Connector Source ID Status Auth Priority Ops Runbook
StellaOps Mirror stella-mirror stable none (configurable) 1 --

The StellaOps Mirror connector consumes pre-aggregated advisory data from a StellaOps mirror instance. When using mirror mode, this source takes highest priority (1) and replaces direct upstream connections. See docs/modules/excititor/mirrors.md for mirror configuration details.

Reason Codes Reference: docs/modules/concelier/operations/connectors/reason-codes.md