hackmyagent 0.11.12 → 0.11.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -15
- package/dist/arp/engine/correlation.d.ts +27 -0
- package/dist/arp/engine/correlation.d.ts.map +1 -0
- package/dist/arp/engine/correlation.js +95 -0
- package/dist/arp/engine/correlation.js.map +1 -0
- package/dist/arp/engine/event-engine.d.ts +1 -0
- package/dist/arp/engine/event-engine.d.ts.map +1 -1
- package/dist/arp/engine/event-engine.js +16 -0
- package/dist/arp/engine/event-engine.js.map +1 -1
- package/dist/arp/index.d.ts +2 -0
- package/dist/arp/index.d.ts.map +1 -1
- package/dist/arp/index.js +5 -1
- package/dist/arp/index.js.map +1 -1
- package/dist/arp/intelligence/anomaly.d.ts +4 -0
- package/dist/arp/intelligence/anomaly.d.ts.map +1 -1
- package/dist/arp/intelligence/anomaly.js +71 -0
- package/dist/arp/intelligence/anomaly.js.map +1 -1
- package/dist/arp/intelligence/nanomind-l1.d.ts +72 -0
- package/dist/arp/intelligence/nanomind-l1.d.ts.map +1 -0
- package/dist/arp/intelligence/nanomind-l1.js +268 -0
- package/dist/arp/intelligence/nanomind-l1.js.map +1 -0
- package/dist/arp/monitors/network.d.ts +16 -1
- package/dist/arp/monitors/network.d.ts.map +1 -1
- package/dist/arp/monitors/network.js +55 -1
- package/dist/arp/monitors/network.js.map +1 -1
- package/dist/arp/proxy/server.d.ts +7 -0
- package/dist/arp/proxy/server.d.ts.map +1 -1
- package/dist/arp/proxy/server.js +24 -0
- package/dist/arp/proxy/server.js.map +1 -1
- package/dist/cli.js +24 -2
- package/dist/cli.js.map +1 -1
- package/dist/output/asff.d.ts +37 -0
- package/dist/output/asff.d.ts.map +1 -0
- package/dist/output/asff.js +111 -0
- package/dist/output/asff.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AWS Security Finding Format (ASFF) adapter.
|
|
3
|
+
*
|
|
4
|
+
* Transforms HMA security findings into ASFF JSON for import
|
|
5
|
+
* into AWS Security Hub via BatchImportFindings API.
|
|
6
|
+
*
|
|
7
|
+
* Usage:
|
|
8
|
+
* hackmyagent secure --format asff
|
|
9
|
+
* hackmyagent secure --format asff | aws securityhub batch-import-findings --findings file:///dev/stdin
|
|
10
|
+
*
|
|
11
|
+
* Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
|
|
12
|
+
*/
|
|
13
|
+
export interface SecurityFinding {
|
|
14
|
+
checkId: string;
|
|
15
|
+
name: string;
|
|
16
|
+
severity: string;
|
|
17
|
+
passed: boolean;
|
|
18
|
+
fixed?: boolean;
|
|
19
|
+
message?: string;
|
|
20
|
+
file?: string;
|
|
21
|
+
line?: number;
|
|
22
|
+
recommendation?: string;
|
|
23
|
+
category?: string;
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Convert HMA findings to AWS Security Finding Format.
|
|
27
|
+
*/
|
|
28
|
+
export declare function toASSF(findings: SecurityFinding[], options?: {
|
|
29
|
+
awsAccountId?: string;
|
|
30
|
+
awsRegion?: string;
|
|
31
|
+
targetDir?: string;
|
|
32
|
+
}): string;
|
|
33
|
+
/**
|
|
34
|
+
* Split ASFF findings into batches of 100 (AWS API limit).
|
|
35
|
+
*/
|
|
36
|
+
export declare function batchASSF(assfJson: string): string[];
|
|
37
|
+
//# sourceMappingURL=asff.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"asff.d.ts","sourceRoot":"","sources":["../../src/output/asff.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAiDD;;GAEG;AACH,wBAAgB,MAAM,CACpB,QAAQ,EAAE,eAAe,EAAE,EAC3B,OAAO,GAAE;IACP,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACf,GACL,MAAM,CAuER;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CASpD"}
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* AWS Security Finding Format (ASFF) adapter.
|
|
4
|
+
*
|
|
5
|
+
* Transforms HMA security findings into ASFF JSON for import
|
|
6
|
+
* into AWS Security Hub via BatchImportFindings API.
|
|
7
|
+
*
|
|
8
|
+
* Usage:
|
|
9
|
+
* hackmyagent secure --format asff
|
|
10
|
+
* hackmyagent secure --format asff | aws securityhub batch-import-findings --findings file:///dev/stdin
|
|
11
|
+
*
|
|
12
|
+
* Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
|
|
13
|
+
*/
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.toASSF = toASSF;
|
|
16
|
+
exports.batchASSF = batchASSF;
|
|
17
|
+
const SEVERITY_MAP = {
|
|
18
|
+
critical: 'CRITICAL',
|
|
19
|
+
high: 'HIGH',
|
|
20
|
+
medium: 'MEDIUM',
|
|
21
|
+
low: 'LOW',
|
|
22
|
+
informational: 'INFORMATIONAL',
|
|
23
|
+
info: 'INFORMATIONAL',
|
|
24
|
+
};
|
|
25
|
+
const CATEGORY_TYPE_MAP = {
|
|
26
|
+
credentials: 'Software and Configuration Checks/Vulnerabilities/CVE',
|
|
27
|
+
mcp: 'Software and Configuration Checks/Industry and Regulatory Standards',
|
|
28
|
+
network: 'Software and Configuration Checks/Vulnerabilities/CVE',
|
|
29
|
+
injection: 'Software and Configuration Checks/Vulnerabilities/CVE',
|
|
30
|
+
supply_chain: 'Software and Configuration Checks/Vulnerabilities/CVE',
|
|
31
|
+
governance: 'Software and Configuration Checks/Industry and Regulatory Standards',
|
|
32
|
+
config: 'Software and Configuration Checks/AWS Security Best Practices',
|
|
33
|
+
};
|
|
34
|
+
/**
|
|
35
|
+
* Convert HMA findings to AWS Security Finding Format.
|
|
36
|
+
*/
|
|
37
|
+
function toASSF(findings, options = {}) {
|
|
38
|
+
const accountId = options.awsAccountId || process.env.AWS_ACCOUNT_ID || '000000000000';
|
|
39
|
+
const region = options.awsRegion || process.env.AWS_REGION || 'us-east-1';
|
|
40
|
+
const targetDir = options.targetDir || process.cwd();
|
|
41
|
+
const now = new Date().toISOString();
|
|
42
|
+
const productArn = `arn:aws:securityhub:${region}:${accountId}:product/${accountId}/default`;
|
|
43
|
+
// Only include failed (not passed, not fixed) findings
|
|
44
|
+
const failed = findings.filter(f => !f.passed && !f.fixed);
|
|
45
|
+
const assfFindings = failed.map(f => {
|
|
46
|
+
const severity = SEVERITY_MAP[f.severity] || 'INFORMATIONAL';
|
|
47
|
+
const category = f.category || f.checkId.split('-')[0].toLowerCase();
|
|
48
|
+
const types = CATEGORY_TYPE_MAP[category]
|
|
49
|
+
? [CATEGORY_TYPE_MAP[category]]
|
|
50
|
+
: ['Software and Configuration Checks'];
|
|
51
|
+
const title = f.name || f.checkId;
|
|
52
|
+
const description = (f.message || f.name || f.checkId).slice(0, 1024);
|
|
53
|
+
const finding = {
|
|
54
|
+
SchemaVersion: '2018-10-08',
|
|
55
|
+
Id: `opena2a/hma/${f.checkId}/${Date.now()}`,
|
|
56
|
+
ProductArn: productArn,
|
|
57
|
+
GeneratorId: `hackmyagent/${f.checkId}`,
|
|
58
|
+
AwsAccountId: accountId,
|
|
59
|
+
Types: types,
|
|
60
|
+
CreatedAt: now,
|
|
61
|
+
UpdatedAt: now,
|
|
62
|
+
Severity: {
|
|
63
|
+
Label: severity,
|
|
64
|
+
Original: f.severity,
|
|
65
|
+
},
|
|
66
|
+
Title: title.slice(0, 256),
|
|
67
|
+
Description: description,
|
|
68
|
+
Resources: [{
|
|
69
|
+
Type: 'Other',
|
|
70
|
+
Id: f.file || targetDir,
|
|
71
|
+
}],
|
|
72
|
+
ProductFields: {
|
|
73
|
+
'opena2a/checkId': f.checkId,
|
|
74
|
+
'opena2a/scanner': 'hackmyagent',
|
|
75
|
+
'opena2a/scannerVersion': '0.11.11',
|
|
76
|
+
},
|
|
77
|
+
RecordState: 'ACTIVE',
|
|
78
|
+
Workflow: { Status: 'NEW' },
|
|
79
|
+
};
|
|
80
|
+
if (f.recommendation) {
|
|
81
|
+
finding.Remediation = {
|
|
82
|
+
Recommendation: {
|
|
83
|
+
Text: f.recommendation.slice(0, 512),
|
|
84
|
+
Url: `https://hackmyagent.com/docs/checks/${f.checkId.toLowerCase()}`,
|
|
85
|
+
},
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
if (f.file) {
|
|
89
|
+
finding.Resources[0].Details = {
|
|
90
|
+
Other: {
|
|
91
|
+
filePath: f.file,
|
|
92
|
+
...(f.line ? { lineNumber: String(f.line) } : {}),
|
|
93
|
+
},
|
|
94
|
+
};
|
|
95
|
+
}
|
|
96
|
+
return finding;
|
|
97
|
+
});
|
|
98
|
+
return JSON.stringify(assfFindings, null, 2);
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Split ASFF findings into batches of 100 (AWS API limit).
|
|
102
|
+
*/
|
|
103
|
+
function batchASSF(assfJson) {
|
|
104
|
+
const findings = JSON.parse(assfJson);
|
|
105
|
+
const batches = [];
|
|
106
|
+
for (let i = 0; i < findings.length; i += 100) {
|
|
107
|
+
batches.push(JSON.stringify(findings.slice(i, i + 100), null, 2));
|
|
108
|
+
}
|
|
109
|
+
return batches;
|
|
110
|
+
}
|
|
111
|
+
//# sourceMappingURL=asff.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"asff.js","sourceRoot":"","sources":["../../src/output/asff.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AAiEH,wBA8EC;AAKD,8BASC;AAlHD,MAAM,YAAY,GAA2B;IAC3C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;IACV,aAAa,EAAE,eAAe;IAC9B,IAAI,EAAE,eAAe;CACtB,CAAC;AAEF,MAAM,iBAAiB,GAA2B;IAChD,WAAW,EAAE,uDAAuD;IACpE,GAAG,EAAE,qEAAqE;IAC1E,OAAO,EAAE,uDAAuD;IAChE,SAAS,EAAE,uDAAuD;IAClE,YAAY,EAAE,uDAAuD;IACrE,UAAU,EAAE,qEAAqE;IACjF,MAAM,EAAE,+DAA+D;CACxE,CAAC;AAEF;;GAEG;AACH,SAAgB,MAAM,CACpB,QAA2B,EAC3B,UAII,EAAE;IAEN,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,cAAc,CAAC;IACvF,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC;IAC1E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,MAAM,UAAU,GAAG,uBAAuB,MAAM,IAAI,SAAS,YAAY,SAAS,UAAU,CAAC;IAE7F,uDAAuD;IACvD,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAE3D,MAAM,YAAY,GAAiB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAChD,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC;QAC7D,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACrE,MAAM,KAAK,GAAG,iBAAiB,CAAC,QAAQ,CAAC;YACvC,CAAC,CAAC,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,mCAAmC,CAAC,CAAC;QAE1C,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC;QAClC,MAAM,WAAW,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAEtE,MAAM,OAAO,GAAe;YAC1B,aAAa,EAAE,YAAY;YAC3B,EAAE,EAAE,eAAe,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE;YAC5C,UAAU,EAAE,UAAU;YACtB,WAAW,EAAE,eAAe,CAAC,CAAC,OAAO,EAAE;YACvC,YAAY,EAAE,SAAS;YACvB,KAAK,EAAE,KAAK;YACZ,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE;gBACR,KAAK,EAAE,QAAQ;gBACf,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC1B,WAAW,EAAE,WAAW;YACxB,SAAS,EAAE,CAAC;oBACV,IAAI,EAAE,OAAO;oBACb,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,SAAS;iBACxB,CAAC;YACF,aAAa,EAAE;gBACb,iBAAiB,EAAE,CAAC,CAAC,OAAO;gBAC5B,iBAAiB,EAAE,aAAa;gBAChC,wBAAwB,EAAE,SAAS;aACpC;YACD,WAAW,EAAE,QAAQ;YACrB,QAAQ,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;SAC5B,CAAC;QAEF,IAAI,CAAC,CAAC,cAAc,EAAE,CAAC;YACrB,OAAO,CAAC,WAAW,GAAG;gBACpB,cAAc,EAAE;oBACd,IAAI,EAAE,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACpC,GAAG,EAAE,uCAAuC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE;iBACtE;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;YACX,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG;gBAC7B,KAAK,EAAE;oBACL,QAAQ,EAAE,CAAC,CAAC,IAAI;oBAChB,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAClD;aACF,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CAAC,QAAgB;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|