Skip to content

Releases: CiscoSecurity/tr-05-serverless-cyberscan

Release 1.0.0

21 Jul 15:17
7e9900f
Compare
Choose a tag to compare

Implementation Details

Implemented Relay Endpoints

  • POST /health

    • Verifies the Authorization Bearer JWT and decodes it to restore the original
      credentials.
    • Authenticates to the underlying external service to check that the provided
      credentials are valid and the service is available at the moment.
  • POST /observe/observables

    • Accepts a list of observables and filters out unsupported ones.
    • Verifies the Authorization Bearer JWT and decodes it to restore the original credentials.
    • Makes a series of requests to the underlying external service to query for some
      cyber threat intelligence data on each supported observable.
    • Maps the fetched data into appropriate CTIM entities.
    • Returns a list per each of the following CTIM entities (if any extracted):
      • Sighting
  • POST /refer/observables

    • Accepts a list of observables and filters out unsupported ones.
    • Builds a search link per each supported observable to pivot back to the underlying external service and look up the observable there.
    • Returns a list of those links.
  • POST /version

    • Returns the current version of the application

Supported Types of Observables

  • ip
  • domain