Skip to content

Releases: apurvtyagi/security-asset-correlator

v1.1.0 — Risk Scoring, Drift Detection, Prometheus Metrics, 9 Source Loaders

Choose a tag to compare

@apurvtyagi apurvtyagi released this 23 May 04:20

What's new in 1.1.0

Risk Scoring

Every canonical asset is automatically scored on a 0–10 CVSS-aligned composite scale after each ingestion.

Component Max Signals
Vulnerabilities 5.0 Worst CVE severity + count bonus
Exposure 2.5 Public IP, server/unknown asset type
Coverage gaps 1.5 No EDR agent, no vulnerability scanner
Environment 1.0 prod, tier-1, critical tags
  • GET /api/v1/assets/{id}/risk — score + per-component breakdown
  • risk_score and risk_severity included on every asset in the list response
  • Subclass RiskScorer to tune any component weight

Drift Detection

The engine now records a structured event whenever a field changes between ingestion runs — distinct from cross-source conflicts.

  • GET /api/v1/assets/{id}/drift — full drift event log with field, old_value, new_value, source, detected_at

Prometheus Metrics

Standard Prometheus text-format scrape endpoint at GET /metrics.

Exports 7 gauges: asset_correlator_canonical_assets_total, _flagged_assets_total, _vulnerabilities_total, _assets_by_severity{level}, _assets_no_edr_total, _assets_no_scanner_total, _shadow_it_total.

Works without prometheus-client via a built-in text fallback.

9 Source Loaders (5 new)

Added out-of-the-box YAML configs for:

New source Tool
mde Microsoft Defender for Endpoint
wiz Wiz cloud asset inventory
lacework Lacework host inventory
prisma Prisma Cloud (Twistlock)
snyk Snyk code / container vulnerabilities

New transforms: mde_vulns, wiz_vulns, prisma_vulns, snyk_vulns, kv_tags.

Other fixes

  • POST /api/v1/assets/ingest now uses LoaderRegistry — all 9 sources work via the API, not just the original 4

Upgrade

pip install --upgrade security-asset-correlator

Full changelog: v1.0.0...v1.1.0

v1.0.0

Choose a tag to compare

@apurvtyagi apurvtyagi released this 23 May 02:41

First public release.

  • Config-driven loader architecture — add any security tool via YAML, no Python files needed
  • 4-layer matching engine with confidence scoring
  • Pluggable storage: InMemoryStore, SQLiteStore, PostgreSQLStore
  • Coverage gap analysis API (no-EDR, no-scanner, shadow-IT)
  • FastAPI with OpenAPI docs at /docs

Install
pip install security-asset-correlator