1.7 KiB
1.7 KiB
AGENTS
Role
Implement the CERT/CC (Carnegie Mellon CERT Coordination Center) advisory connector so Concelier can ingest US CERT coordination bulletins.
Scope
- Identify CERT/CC advisory publication format (VU#, blog, RSS, JSON) and define fetch cadence/windowing.
- Implement fetch, parse, and mapping jobs with cursor persistence and dedupe.
- Normalise advisory content (summary, impacted vendors, products, recommended mitigations, CVEs).
- Produce canonical
Advisoryobjects including aliases, references, affected packages, and range primitive metadata. - Supply fixtures and deterministic regression tests.
Participants
Source.Common(HTTP/fetch utilities, DTO storage).Storage.Mongo(raw/document/DTO/advisory stores and state).Concelier.Models(canonical structures).Concelier.Testing(integration tests and snapshots).
Interfaces & Contracts
- Job kinds:
certcc:fetch,certcc:parse,certcc:map. - Persist upstream caching metadata (ETag/Last-Modified) when available.
- Aliases should capture CERT/CC VU IDs and referenced CVEs.
In/Out of scope
In scope:
- End-to-end connector with range primitive instrumentation and telemetry.
Out of scope:
- ICS-CERT alerts (handled by dedicated connector) or blog posts unrelated to advisories.
Observability & Security Expectations
- Log fetch and mapping statistics; surface failures with backoff.
- Sanitise HTML sources before persistence.
- Respect upstream throttling via retry/backoff.
Tests
- Add
StellaOps.Concelier.Connector.CertCc.Teststo cover fetch/parse/map with canned fixtures. - Snapshot canonical advisories and support UPDATE flag for regeneration.
- Ensure deterministic ordering and timestamp normalisation.