stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f4eb64fefcd7d2353b42aed44cb732780e861ea4
git.stella-ops.org/docs/modules/concelier/connectors.md
master 254d8b9cfc Update documentation for 75-source catalog and mirror management 
connectors.md: categorized index of all 75 sources across 14 categories
with descriptions, auth requirements, priorities, regions, and status.
FSTEC BDU, NKCKI, and Kaspersky ICS promoted from beta to stable.

architecture.md: updated source families (75 sources, 14 categories),
added mirror domain management API (12 endpoints) to REST APIs section.

mirrors.md: added MirrorExportScheduler docs, multi-value filter support
(sourceCategory/sourceTag shorthands), mirror config UI sections (wizard,
dashboard, catalog integration).

docker.md: added section 7 with mirror env var reference (11 vars),
domain config via env vars, filter shorthand documentation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-15 14:34:49 +02:00

199 lines
13 KiB
Markdown
Raw Blame History

# Concelier Connectors
This index lists Concelier connectors, their status, authentication expectations, and links to operational runbooks. For procedures and alerting, see `docs/modules/concelier/operations/connectors/`.
The catalog currently contains **75 source definitions** across **14 categories**. The authoritative source list is defined in `src/Concelier/__Libraries/StellaOps.Concelier.Core/Sources/SourceDefinitions.cs`.
---
## Source categories
| Category | Description | Source count |
| --- | --- | --- |
| Primary | Core vulnerability databases (NVD, OSV, GHSA, CVE) | 4 |
| Threat | Threat intelligence, exploit prediction, and known-exploited (EPSS, KEV, MITRE ATT&CK, D3FEND) | 4 |
| Vendor | Vendor PSIRTs and cloud provider security bulletins | 14 |
| Distribution | Linux distribution security trackers | 10 |
| Ecosystem | Language-ecosystem advisory feeds via OSV/GHSA | 9 |
| PackageManager | Native package manager advisory databases (cargo-audit, pip-audit, govulncheck, bundler-audit) | 4 |
| Csaf | CSAF/VEX structured document sources | 3 |
| Exploit | Exploit databases and proof-of-concept repositories | 3 |
| Container | Container image advisory sources | 2 |
| Hardware | Hardware and firmware PSIRT advisories | 3 |
| Ics | Industrial control systems and SCADA advisories | 2 |
| Cert | National CERTs and government CSIRTs | 13 |
| Mirror | StellaOps pre-aggregated mirrors | 1 |
| Other | Uncategorized sources | 0 |
---
## Primary Databases
| Connector | Source ID | Status | Auth | Priority | Ops Runbook |
| --- | --- | --- | --- | --- | --- |
| NVD (NIST) | `nvd` | stable | api-key (optional) | 10 | [nvd.md](docs/modules/concelier/operations/connectors/nvd.md) |
| OSV (Google) | `osv` | stable | none | 15 | [osv.md](docs/modules/concelier/operations/connectors/osv.md) |
| GitHub Security Advisories | `ghsa` | stable | api-token | 20 | [ghsa.md](docs/modules/concelier/operations/connectors/ghsa.md) |
| CVE.org (MITRE) | `cve` | stable | none | 5 | [cve.md](docs/modules/concelier/operations/connectors/cve.md) |
## Threat Intelligence & Exploit Scoring
| Connector | Source ID | Status | Auth | Priority | Ops Runbook |
| --- | --- | --- | --- | --- | --- |
| EPSS (FIRST) | `epss` | stable | none | 50 | [epss.md](docs/modules/concelier/operations/connectors/epss.md) |
| CISA KEV | `kev` | stable | none | 25 | [cve-kev.md](docs/modules/concelier/operations/connectors/cve-kev.md) |
| MITRE ATT&CK | `mitre-attack` | stable | none | 140 | -- |
| MITRE D3FEND | `mitre-d3fend` | stable | none | 142 | -- |
MITRE ATT&CK provides adversary tactics and techniques in STIX format from the `mitre/cti` GitHub repository. D3FEND provides the complementary defensive techniques knowledge base. Both are tagged `threat-intel` and consumed via the `SourceType.Upstream` connector. For future STIX/TAXII protocol feeds, the `SourceType.StixTaxii` enum value is available for connector extensibility.
## Vendor Advisories
| Connector | Source ID | Status | Auth | Priority | Ops Runbook |
| --- | --- | --- | --- | --- | --- |
| Red Hat Security | `redhat` | stable | none | 30 | [redhat.md](docs/modules/concelier/operations/connectors/redhat.md) |
| Microsoft Security (MSRC) | `microsoft` | stable | none | 35 | [msrc.md](docs/modules/concelier/operations/connectors/msrc.md) |
| Amazon Linux Security | `amazon` | stable | none | 40 | -- |
| Google Security | `google` | stable | none | 45 | -- |
| Oracle Security | `oracle` | stable | none | 50 | [oracle.md](docs/modules/concelier/operations/connectors/oracle.md) |
| Apple Security | `apple` | stable | none | 55 | [apple.md](docs/modules/concelier/operations/connectors/apple.md) |
| Cisco Security | `cisco` | stable | oauth | 60 | [cisco.md](docs/modules/concelier/operations/connectors/cisco.md) |
| Fortinet PSIRT | `fortinet` | stable | none | 65 | -- |
| Juniper Security | `juniper` | stable | none | 70 | -- |
| Palo Alto Security | `paloalto` | stable | none | 75 | -- |
| VMware Security | `vmware` | stable | none | 80 | [vmware.md](docs/modules/concelier/operations/connectors/vmware.md) |
| AWS Security Bulletins | `aws` | stable | none | 81 | -- |
| Azure Security Advisories | `azure` | stable | none | 82 | -- |
| GCP Security Bulletins | `gcp` | stable | none | 83 | -- |
AWS, Azure, and GCP cloud provider advisories were added in Sprint 007. They track platform-level security bulletins for cloud infrastructure components and are categorized under `Vendor` alongside traditional PSIRTs.
## Linux Distributions
| Connector | Source ID | Status | Auth | Priority | Regions | Ops Runbook |
| --- | --- | --- | --- | --- | --- | --- |
| Debian Security Tracker | `debian` | stable | none | 30 | -- | [debian.md](docs/modules/concelier/operations/connectors/debian.md) |
| Ubuntu Security Notices | `ubuntu` | stable | none | 32 | -- | [ubuntu.md](docs/modules/concelier/operations/connectors/ubuntu.md) |
| Alpine SecDB | `alpine` | stable | none | 34 | -- | [alpine.md](docs/modules/concelier/operations/connectors/alpine.md) |
| SUSE Security | `suse` | stable | none | 36 | -- | [suse.md](docs/modules/concelier/operations/connectors/suse.md) |
| RHEL Security | `rhel` | stable | none | 38 | -- | -- |
| CentOS Security | `centos` | stable | none | 40 | -- | -- |
| Fedora Security | `fedora` | stable | none | 42 | -- | -- |
| Arch Security | `arch` | stable | none | 44 | -- | -- |
| Gentoo Security | `gentoo` | stable | none | 46 | -- | -- |
| Astra Linux Security | `astra` | stable | none | 48 | RU, CIS | [astra.md](docs/modules/concelier/operations/connectors/astra.md) |
## Language Ecosystems
| Connector | Source ID | Status | Auth | Priority | Ops Runbook |
| --- | --- | --- | --- | --- | --- |
| npm Advisories | `npm` | stable | none | 50 | -- |
| PyPI Advisories | `pypi` | stable | none | 52 | -- |
| Go Advisories | `go` | stable | none | 54 | -- |
| RubyGems Advisories | `rubygems` | stable | none | 56 | -- |
| NuGet Advisories | `nuget` | stable | api-token | 58 | -- |
| Maven Advisories | `maven` | stable | none | 60 | -- |
| Crates.io Advisories | `crates` | stable | none | 62 | -- |
| Packagist Advisories | `packagist` | stable | none | 64 | -- |
| Hex.pm Advisories | `hex` | stable | none | 66 | -- |
Ecosystem connectors use OSV or GHSA GraphQL as the underlying data source. NuGet requires a `GITHUB_PAT` for GHSA GraphQL access.
## Package Manager Native Advisories
| Connector | Source ID | Status | Auth | Priority | Ops Runbook |
| --- | --- | --- | --- | --- | --- |
| RustSec Advisory DB (cargo-audit) | `rustsec` | stable | none | 63 | -- |
| PyPA Advisory DB (pip-audit) | `pypa` | stable | none | 53 | -- |
| Go Vuln DB (govulncheck) | `govuln` | stable | none | 55 | -- |
| Ruby Advisory DB (bundler-audit) | `bundler-audit` | stable | none | 57 | -- |
Package manager native advisory databases provide language-specific vulnerability data curated by the respective package manager maintainers. These complement the ecosystem feeds (OSV/GHSA) by providing authoritative tool-native data used by `cargo-audit`, `pip-audit`, `govulncheck`, and `bundler-audit`. They are categorized separately under `PackageManager` to allow targeted mirror export filtering.
## CSAF/VEX Sources
| Connector | Source ID | Status | Auth | Priority | Ops Runbook |
| --- | --- | --- | --- | --- | --- |
| CSAF Aggregator | `csaf` | stable | none | 70 | -- |
| CSAF TC Trusted Publishers | `csaf-tc` | stable | none | 72 | -- |
| VEX Hub | `vex` | stable | none | 74 | -- |
## Exploit Databases
| Connector | Source ID | Status | Auth | Priority | Ops Runbook |
| --- | --- | --- | --- | --- | --- |
| Exploit-DB | `exploitdb` | stable | none | 110 | -- |
| PoC-in-GitHub | `poc-github` | stable | api-token | 112 | -- |
| Metasploit Modules | `metasploit` | stable | none | 114 | -- |
Exploit databases track publicly available proof-of-concept code and exploit modules. Exploit-DB is sourced from the Offensive Security GitLab mirror. PoC-in-GitHub uses the GitHub search API to discover repositories containing vulnerability PoCs (requires `GITHUB_PAT`). Metasploit tracks Rapid7 Metasploit Framework module metadata for CVE-to-exploit correlation.
## Container Sources
| Connector | Source ID | Status | Auth | Priority | Ops Runbook |
| --- | --- | --- | --- | --- | --- |
| Docker Official CVEs | `docker-official` | stable | none | 120 | -- |
| Chainguard Advisories | `chainguard` | stable | none | 122 | -- |
Container-specific advisory sources track vulnerabilities in base images and hardened container distributions. Docker Official CVEs covers the Docker Hub official images program. Chainguard Advisories covers hardened distroless and Wolfi-based images.
## Hardware/Firmware
| Connector | Source ID | Status | Auth | Priority | Ops Runbook |
| --- | --- | --- | --- | --- | --- |
| Intel PSIRT | `intel` | stable | none | 130 | -- |
| AMD Security | `amd` | stable | none | 132 | -- |
| ARM Security Center | `arm` | stable | none | 134 | -- |
Hardware PSIRT advisories cover CPU microcode, firmware, and silicon-level vulnerabilities from the three major processor vendors. These sources are especially relevant for infrastructure operators tracking speculative execution (Spectre/Meltdown class) and firmware supply chain issues.
## ICS/SCADA
| Connector | Source ID | Status | Auth | Priority | Regions | Ops Runbook |
| --- | --- | --- | --- | --- | --- | --- |
| Siemens ProductCERT | `siemens` | stable | none | 136 | -- | -- |
| Kaspersky ICS-CERT | `kaspersky-ics` | stable | none | 102 | RU, CIS, GLOBAL | [kaspersky-ics.md](docs/modules/concelier/operations/connectors/kaspersky-ics.md) |
Industrial control systems advisories cover SCADA and operational technology vulnerabilities. Siemens ProductCERT publishes CSAF-format advisories. Kaspersky ICS-CERT was promoted from beta to stable in Sprint 007 after endpoint stability verification.
## National CERTs
| Connector | Source ID | Status | Auth | Priority | Regions | Ops Runbook |
| --- | --- | --- | --- | --- | --- | --- |
| CERT-FR | `cert-fr` | stable | none | 80 | FR, EU | [cert-fr.md](docs/modules/concelier/operations/connectors/cert-fr.md) |
| CERT-Bund (Germany) | `cert-de` | stable | none | 82 | DE, EU | [certbund.md](docs/modules/concelier/operations/connectors/certbund.md) |
| CERT.at (Austria) | `cert-at` | stable | none | 84 | AT, EU | -- |
| CERT.be (Belgium) | `cert-be` | stable | none | 86 | BE, EU | -- |
| NCSC-CH (Switzerland) | `cert-ch` | stable | none | 88 | CH | -- |
| CERT-EU | `cert-eu` | stable | none | 90 | EU | -- |
| JPCERT/CC (Japan) | `jpcert` | stable | none | 92 | JP, APAC | [jvn.md](docs/modules/concelier/operations/connectors/jvn.md) |
| CISA (US-CERT) | `us-cert` | stable | none | 94 | US, NA | [cert-cc.md](docs/modules/concelier/operations/connectors/cert-cc.md) |
| CERT-UA (Ukraine) | `cert-ua` | stable | none | 95 | UA | -- |
| CERT.PL (Poland) | `cert-pl` | stable | none | 96 | PL, EU | -- |
| AusCERT (Australia) | `auscert` | stable | none | 97 | AU, APAC | -- |
| KrCERT/CC (South Korea) | `krcert` | stable | none | 98 | KR, APAC | -- |
| CERT-In (India) | `cert-in` | stable | none | 99 | IN, APAC | [cert-in.md](docs/modules/concelier/operations/connectors/cert-in.md) |
Five additional CERTs were added in Sprint 007: CERT-UA, CERT.PL, AusCERT, KrCERT/CC, and CERT-In, extending coverage to Eastern Europe, Oceania, and South/East Asia.
## Russian/CIS Sources
| Connector | Source ID | Status | Auth | Priority | Regions | Ops Runbook |
| --- | --- | --- | --- | --- | --- | --- |
| FSTEC BDU | `fstec-bdu` | stable | none | 100 | RU, CIS | [fstec-bdu.md](docs/modules/concelier/operations/connectors/fstec-bdu.md) |
| NKCKI | `nkcki` | stable | none | 101 | RU, CIS | [nkcki.md](docs/modules/concelier/operations/connectors/nkcki.md) |
FSTEC BDU and NKCKI were promoted from beta to stable in Sprint 007. FSTEC BDU (Bank of Security Threats) provides vulnerability data maintained by Russia's Federal Service for Technical and Export Control. NKCKI is the National Coordination Center for Computer Incidents. Kaspersky ICS-CERT and Astra Linux are listed in their respective category sections above.
## StellaOps Mirror
| Connector | Source ID | Status | Auth | Priority | Ops Runbook |
| --- | --- | --- | --- | --- | --- |
| StellaOps Mirror | `stella-mirror` | stable | none (configurable) | 1 | -- |
The StellaOps Mirror connector consumes pre-aggregated advisory data from a StellaOps mirror instance. When using mirror mode, this source takes highest priority (1) and replaces direct upstream connections. See `docs/modules/excititor/mirrors.md` for mirror configuration details.
---
**Reason Codes Reference:** [docs/modules/concelier/operations/connectors/reason-codes.md](docs/modules/concelier/operations/connectors/reason-codes.md)
Reference in New Issue View Git Blame Copy Permalink