Giter Club home page Giter Club logo

tr-05-serverless-have-i-been-pwned's Introduction

Gitter Chat

NOTE! This code has been upgraded and the current release no longer supports installation in AWS

If you wish to deploy in AWS, use this previous release.

Have I Been Pwned Relay (Cisco Hosted)

A Cisco SecureX Concrete Relay implementation using Have I Been Pwned as a third-party Cyber Threat Intelligence service provider.

The Relay itself is just a simple application written in Python that can be easily packaged and deployed. This relay is now Cisco Hosted and no longer requires AWS Lambda.

The code is provided here purely for educational purposes.

Rationale

  • We need an application that will translate API requests from SecureX Threat Response to the third-party integration, and vice versa.
  • We need an application that can be completely self contained within a virtualized container using Docker.

Testing (Optional)

Open the code folder in your terminal.

cd code

If you want to test the application you will require Docker and several dependencies from the Pipfile file:

pip install --no-cache-dir --upgrade pipenv && pipenv install --dev

You can perform two kinds of testing:

  • Run static code analysis checking for any semantic discrepancies and PEP 8 compliance:

    flake8 .

  • Run the suite of unit tests and measure the code coverage: coverage run --source api/ -m pytest --verbose tests/unit/ && coverage report

NOTE. If you need input data for testing purposes you can use data from the observables.json file.

Building the Docker Container

In order to build the application, we need to use a Dockerfile.

  1. Open a terminal. Build the container image using the docker build command.
docker build -t tr-05-have-i-been-pwned .
  1. Once the container is built, and an image is successfully created, start your container using the docker run command and specify the name of the image we have just created. By default, the container will listen for HTTP requests using port 9090.
docker run -dp 9090:9090 --name tr-05-have-i-been-pwned tr-05-have-i-been-pwned
  1. Watch the container logs to ensure it starts correctly.
docker logs tr-05-have-i-been-pwned
  1. Once the container has started correctly, open your web browser to http://localhost:9090. You should see a response from the container.
curl http://localhost:9090

Implementation Details

This application was developed and tested under Python version 3.9.

Implemented Relay Endpoints

  • POST /health

    • Verifies the Authorization Bearer JWT and decodes it to restore the original credentials.
    • Authenticates to the underlying external service to check that the provided credentials are valid and the service is available at the moment.

  • POST /observe/observables

    • Accepts a list of observables and filters out unsupported ones.
    • Verifies the Authorization Bearer JWT and decodes it to restore the original credentials.
    • Makes a series of requests to the underlying external service to query for some cyber threat intelligence data on each supported observable.
    • Maps the fetched data into appropriate CTIM entities.
    • Returns a list per each of the following CTIM entities (if any extracted):
      • Indicator,
      • Sighting,
      • Relationship.

  • POST /refer/observables

    • Accepts a list of observables and filters out unsupported ones.
    • Builds a search link per each supported observable to pivot back to the underlying external service and look up the observable there.
    • Returns a list of those links.

  • POST /version

    • Returns the current version of the application.

Supported Types of Observables

  • email

CTIM Mapping Specifics

Each HIBP breach for an email generates 3 CTIM entities: an Indicator, a Sighting, and the corresponding Relationship between them. The actual mapping from HIBP fields to CTIM fields is quite straightforward.

The only non-obvious piece of the mapping is the logic for inferring the actual values for the confidence and severity fields. Suppose there is a breach for an email. If the breach is verified (field IsVerified, type boolean), then the value for confidence will be High, otherwise Medium. At the same time, each breach also knows some information about the nature of the data compromised in the breach as a string array of impacted data classes (field DataClasses, type string[]). Thus, if the breach is verified and the password is also known to be compromised (i.e. the data classes contain the Passwords data class), then the value for severity will be High, otherwise Medium.

The rules mentioned above can be easily expressed in Python using the following code snippet:

entity['confidence'] = ['Medium', 'High'][breach['IsVerified']]

entity['severity'] = ['Medium', 'High'][
    breach['IsVerified'] and 'Passwords' in breach['DataClasses']
]

(the entity here is either an Indicator or a Sighting).

tr-05-serverless-have-i-been-pwned's People

Contributors

anastasiiarozlyvan avatar ceilingduster avatar gdavoian avatar maxmhonc avatar mdougal avatar mistergreen22 avatar mmysk avatar mstoro avatar opavlyshyn avatar oshtaier avatar oshynk avatar tarasmaliuchenko avatar yevhenlysen avatar ytsek avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

brbuxton pscjar

tr-05-serverless-have-i-been-pwned's Issues

Error when running zappa status dev

Hi I get the following error when I run zappa status dev after following all the steps. I even tried to run zappa init and it asked me where my your_module.app and I could not find that anywhere. Thanks

(Werkzeug 1.0.1 (/Users/vsem/venv/lib/python3.7/site-packages), Requirement.parse('Werkzeug<1.0'), {'zappa'})
Oh no! An error occurred! :(

==============

Traceback (most recent call last):
File "/Users/vsem/venv/lib/python3.7/site-packages/zappa/cli.py", line 2778, in handle
sys.exit(cli.handle())
File "/Users/vsem/venv/lib/python3.7/site-packages/zappa/cli.py", line 491, in handle
self.load_settings_file(self.vargs.get('settings_file'))
File "/Users/vsem/venv/lib/python3.7/site-packages/zappa/cli.py", line 2180, in load_settings_file
settings_file = self.get_json_or_yaml_settings()
File "/Users/vsem/venv/lib/python3.7/site-packages/zappa/cli.py", line 2160, in get_json_or_yaml_settings
raise ClickException("Please configure a zappa_settings file or call zappa init.")
click.exceptions.ClickException: Please configure a zappa_settings file or call zappa init.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.