cossas / soarca Goto Github PK
View Code? Open in Web Editor NEWSOARCA - The Open Source CACAO-based Security Orchestrator!
Home Page: https://cossas.github.io/SOARCA/
License: Apache License 2.0
SOARCA - The Open Source CACAO-based Security Orchestrator!
Home Page: https://cossas.github.io/SOARCA/
License: Apache License 2.0
Branches not adhering to the schema: (feature|bugfix|hotfix|development|release|master)/* are rejected in CI/CD
Change usage of net/http package in http capability to use SOARCA's utils/http
Describe the solution you'd like
Fin controller package to allow for fin registration
Additional context
SOARCA has a extensible architecture realised by so called Fins, these need to be managed.
The api will use the same object for every run which does not allow for dynamic loading
Is your feature request related to a problem? Please describe.
There is no latest build for docker hub this feature will add that
Is your feature request related to a problem? Please describe.
Describe the bug
The cacao model misses the properties:
Is your feature request related to a problem? Please describe.
The docs are not deployed on a git push of a tag this issue will fix that
Currently the CACAO schema validation is performed at schemas at models/validators/schema.go, with the CACAO V2 draft 1. The most up to date is the CACAO V2 draft 3, at: "https://raw.githubusercontent.com/cyentific-rni/cacao-json-schemas/cacao-v2.0-csd03/schemas/playbook.json".
This feature request is to change the schema validation from CACAO V2 draft 1, to CACAO V2 draft 3
Describe the bug
Command.Headers are a map[string]string, but the spec says map[string][]string, so a list of strings instead
Authentication information is an optional property. Currently, no authentication information corresponds to an empty authentication information struct passed to the capability.Execute() function, so it is always passed as either a populated or empty authentication information struct.
Http.utils addAuthTo function checks if authentication information is passed, by checking if it has nil value, or not. If it has nil value, then no auth headers are added, and no further auth info checks are performed.
The bug is in the fact that authentication information will never be "nil", but either a completely empty struct, or a non-completely empty struct. Hence it is always != "nil", and subsequent checks fail.
In this MR, the check is changed to compare the authentication information (passed to Execute for http and OpenC2 capabilities) to an empty struct, instead of to nil value.
Add correct ci configuration to github pages ci and deploy them per branch
Documentation is updated for all pull request this is not a usable strategy as other pr do not update docs regularly.
The solution is to create feature/docs/ matcher to only allow these to update docs live until we have a development deployment available for documentation.
Describe the bug
The CI does not run on feature/docs/*
In CACAO V2 there is no http_url property in the agent/target object. The location for such information is in address[dname] (see section 7.8 in CACAO V2). At the moment our code still uses http_url.
Using http_url through the code and not address[dname] is also inconsistent with the official schemas (at https://github.com/oasis-open/cacao-json-schemas/blob/main/schemas/playbook.json), and fails validation with the official schemas.
The solution to this issue would be to
Describe the bug
The variable definition has the field name
this is missing in the docs.
Describe the bug
Docker build produces a not executable container
To Reproduce provide details logs and steps
Run the following docker compose:
version: '3.7' services: soarca: image: cossas/soarca:0.8.99-test-zip3 container_name: soarca_server environment: PORT: 8080 MONGODB_URI: "mongodb://mongodb_container:27017" DATABASE_NAME: "soarca" DB_USERNAME: "root" DB_PASSWORD: "rootpassword" PLAYBOOK_API_LOG_LEVEL: trace DATABASE: "false" ports: - 127.0.0.1:8080:8080
output:
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "./soarca": permission denied: unknown
Expected behavior
output:
soarca_server | {"component":"MAIN","level":"info","msg":"Version: 0.8.99-54-gbe76886","time":"2024-03-11T07:32:41Z"}
soarca_server |
soarca_server | _____ ____ _____ _____
soarca_server | / ___|/ __ \ /\ | __ \ / | /\
soarca_server | | ( | | | | / \ | |) | | / \
soarca_server | _ | | | |/ /\ \ | _ /| | / /\ \
soarca_server | ) | |__| / ____ | | \ | | / ____ \
soarca_server | |__/ _// __| _\_____// _
soarca_server |
soarca_server |
soarca_server |
soarca_server | [GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
soarca_server | - using env: export GIN_MODE=release
soarca_server | - using code: gin.SetMode(gin.ReleaseMode)
soarca_server |
soarca_server | {"component":"MAIN","level":"info","msg":"Buildtime: 2024-03-10T11:26:29+0100","time":"2024-03-11T07:32:41Z"}
soarca_server | {"component":"MAIN","level":"warning","msg":"Failed to read env variable, but will continue","time":"2024-03-11T07:32:41Z"}
soarca_server | {"component":"soarca/internal/controller","level":"info","msg":"Testing if this works","time":"2024-03-11T07:32:41Z"}
soarca_server | [GIN-debug] GET /coa/ --> soarca/routes/coa.Helloworld (1 handlers)
soarca_server | [GIN-debug] POST /coa/:coa-id --> soarca/routes/coa.id_tester (1 handlers)
soarca_server | [GIN-debug] PUT /coa/:coa-id --> soarca/routes/coa.id_tester (1 handlers)
soarca_server | [GIN-debug] DELETE /coa/:coa-id --> soarca/routes/coa.id_tester (1 handlers)
soarca_server | [GIN-debug] GET /status/ --> soarca/routes/status.Helloworld (1 handlers)
soarca_server | [GIN-debug] GET /status/playbook/:id --> soarca/routes/status.id_tester (1 handlers)
soarca_server | [GIN-debug] GET /status/coa/:id --> soarca/routes/status.id_tester (1 handlers)
soarca_server | [GIN-debug] GET /status/history --> soarca/routes/status.Helloworld (1 handlers)
soarca_server | [GIN-debug] POST /operator/coa/:coa-id --> soarca/routes/operator.Helloworld (1 handlers)
soarca_server | [GIN-debug] POST /trigger/playbook --> soarca/routes/trigger.(*TriggerApi).Execute-fm (1 handlers)
soarca_server | [GIN-debug] GET /swagger/*any --> github.com/swaggo/gin-swagger.CustomWrapHandler.func1 (1 handlers)
soarca_server | [GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
soarca_server | Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
soarca_server | [GIN-debug] Listening and serving HTTP on :8080
Environment information
Docker compose see reproduce
Is your feature request related to a problem? Please describe.
Add 3 playbooks to show each capability
Is your feature request related to a problem? Please describe.
The project readme is not in COSSAS template style this needs to be changed
Is your feature request related to a problem? Please describe.
This feature will introduce command interpolations into commands and targets in SOARCA
Describe the bug
When receiving the result structure SOARCA needs to acknowledge this message.
When using sudo docker-compose up
you get an error:
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.soarca.environment.ENABLE_FINS contains true, which is an invalid type, it should be a string, number, or a null
This is because ENABLE_FINS: true
is not between "", the setting should be ENABLE_FINS: "true"
.
If you change this manually it works.
Add logging in test to the testing framework.
Link the fin controller to the executor and decomposer.
Describe the bug
The Http and Fin capability do not implement GetType() string function so they cant be used as ICapability
It is not yet evident from the documentation how and where to implement and connect fins.
The sequence for connecting a fin is roughly:
It would be nice to have this process described explicitly in the documentation
Design and implement additions to the architecture to integrate reporting of playbook handling and execution.
Reporting functionality should be extendible to allow implementation of integrations to report on third party tools.
Is your feature request related to a problem? Please describe.
Add docker compose
file for soarca running
Add docker deployment and release ci to ci/cd
https://cossas.github.io/SOARCA/docs/core-components/api-design/ - “cacao playbook JSON” & “GET /status/playbook”: presents the CACAO v1.1 (instead of CACAO v2)
Few URLs are resolving to the main page instead of the dedicated website. (E.g., fin ref for python and go in https://cossas.github.io/SOARCA/docs/soarca-extensions/)
https://cossas.github.io/SOARCA/docs/core-components/modules/ - SSH capability: states the support for “private key” authentication. (The correct name is “public key” authentication. Nevertheless, CACAO v2 does not have that capability)
Inconsistency between two pages regarding soarca agent type:
Describe the solution you'd like
Add ci/cd to github repo
Describe the bug
.gitignore does not contain a **.env
Is your feature request related to a problem? Please describe.
Expand executor interface to handle the playbook step types
Is your feature request related to a problem? Please describe.
Add openC2 to initialisation
Is your feature request related to a problem? Please describe.
Update executor documentation to implement all step types
Describe the bug
A clear and concise description of what the bug is.
To Reproduce provide details logs and steps
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Environment information
For example, docker deployment, native run (platform).
Additional context
Add any other context about the problem here.
Currently SOARCA does not support versioning for stored playbooks.
Feature request that has been received from the community:
This feature will be discussed internally with the team and put on the milestones.
Describe the bug
The docker image is missing ca-certificates, so it can't validate http calls and fail.
To Reproduce provide details logs and steps
run docker container and execute playbook
{"component":"soarca/models/decoder","level":"error","msg":"jsonschema https://raw.githubusercontent.com/opencybersecurityalliance/cacao-roaster/main/lib/cacao-json-schemas/schemas/playbook.json compilation failed: Get "https://raw.githubusercontent.com/opencybersecurityalliance/cacao-roaster/main/lib/cacao-json-schemas/schemas/playbook.json\": tls: failed to verify certificate: x509: certificate signed by unknown authority","time":"2024-03-18T10:45:37Z"}
Expected behavior
Playbook execution
Is your feature request related to a problem? Please describe.
The playbook-action step needs to load a playbook this needs a new executor
Describe the bug
Variable naming in ssh, http and openc2 is not consistent with that of playbooks
cacao.Variables{"__soarca_ssh_result__": {Name: "result", Value: string(response)}}
cacao.Variables{"__soarca_http_result__": {Name: "result", Value: string(response)}}
cacao.Variables{"__soarca_openc2_http_result__": {Name: "result", Value: string(response)}}
This should be:
cacao.Variables{"__soarca_ssh_result__": {Name: "__soarca_ssh_result__", Value: string(response)}}
cacao.Variables{"__soarca_http_result__": {Name: "__soarca_http_result__", Value: string(response)}}
cacao.Variables{"__soarca_openc2_http_result__": {Name: "__soarca_openc2_http_result__", Value: string(response)}}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.