RELEASE-01/TIER-02
The application tier should be deployable as a self-contained binary executable for a variety of platforms and architectures. It serves route(s) to allow clients to forward processed security events in the body of POST requests (e.g. traffic/gateway events, Linux Auditing System events, Windows Security events, as well as e.g. tier-to-tier audited events …
The application tier should be deployable as a self-contained binary executable for a variety of platforms and architectures. It serves route(s) to allow clients to forward processed security events in the body of POST requests (e.g. traffic/gateway events, Linux Auditing System events, Windows Security events, as well as e.g. tier-to-tier audited events & alerts). Moreover, it serves route(s) to allow clients to request statistics reports about the number of forwarded & audited events by source, session, destination, log, schema, feature, instance, period, and duration in URLs of GET requests; a more robust report DSL is intended to be implemented as part of a follow-up release & deliverable. This scheduled milestone & deliverable should be accompanied by a performance & security risk assessment (including a SQLi vulnerability assessment) prior to its tagged publication; automated risk assessment, e.g. towards a self-contained SQLi scanner, are proposed as part of a future deliverable & release. Modules should be implemented to parse raw Linux Auditing System & Windows Security events in JSON format and moreover as processed security events, with appropriate tests; all JSON object fields should validated to mitigate SQLi risks, e.g. that the field does contain a valid SQLite3 keyword in this release, and e.g. that the JSON object contains the appropriate field names for its Linux message type or Windows task category. More tightly constrained parsing/validation for the possible field combinations that can be included in each type of forwarded event will be implemented as part of a future deliverable & release.
There are no open issues in this milestone.
Add issues to milestones to help organize your work for a particular release or project.
Create new issueOr find and add issues with no milestone in this repo.