chore: add .gitignore, remove target/ from tracking
CD - Develop / build-and-deploy (push) Failing after 11m21s
CD - Develop / build-and-deploy (push) Failing after 11m21s
This commit is contained in:
+13
@@ -0,0 +1,13 @@
|
||||
target/
|
||||
*.class
|
||||
*.jar
|
||||
!**/src/main/**
|
||||
.DS_Store
|
||||
.idea/
|
||||
*.iml
|
||||
*.iws
|
||||
*.ipr
|
||||
.settings/
|
||||
.project
|
||||
.classpath
|
||||
.env
|
||||
@@ -1,73 +0,0 @@
|
||||
spring.application.name=hiveops-aria
|
||||
|
||||
# Server
|
||||
server.port=8095
|
||||
|
||||
# Database
|
||||
spring.datasource.url=${DB_URL:jdbc:postgresql://localhost:5432/hiveiq_aria}
|
||||
spring.datasource.username=${DB_USERNAME:hiveiq}
|
||||
spring.datasource.password=${DB_PASSWORD}
|
||||
spring.datasource.driver-class-name=org.postgresql.Driver
|
||||
|
||||
# JPA/Hibernate
|
||||
spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
|
||||
spring.jpa.hibernate.ddl-auto=validate
|
||||
|
||||
# Flyway
|
||||
spring.flyway.enabled=true
|
||||
spring.flyway.locations=classpath:db/migration
|
||||
spring.flyway.baseline-on-migrate=true
|
||||
spring.flyway.baseline-version=1
|
||||
spring.flyway.validate-on-migrate=true
|
||||
spring.jpa.show-sql=false
|
||||
spring.jpa.properties.hibernate.format_sql=true
|
||||
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
|
||||
|
||||
# Logging
|
||||
logging.level.root=WARN
|
||||
logging.level.com.hiveops.aria=INFO
|
||||
logging.level.org.springframework.security=DEBUG
|
||||
|
||||
# Error responses
|
||||
server.error.include-message=always
|
||||
|
||||
# Actuator
|
||||
management.endpoints.web.exposure.include=health,info,loggers
|
||||
management.endpoint.loggers.enabled=true
|
||||
|
||||
# Pagination
|
||||
spring.data.web.pageable.default-page-size=25
|
||||
spring.data.web.pageable.max-page-size=100
|
||||
|
||||
# Jackson
|
||||
spring.jackson.default-property-inclusion=non_null
|
||||
spring.jackson.serialization.write-dates-as-timestamps=false
|
||||
spring.jackson.time-zone=UTC
|
||||
|
||||
# JWT
|
||||
jwt.secret=${JWT_SECRET}
|
||||
jwt.expiration=86400000
|
||||
|
||||
# OpenAPI
|
||||
springdoc.api-docs.enabled=${SWAGGER_ENABLED:false}
|
||||
springdoc.swagger-ui.enabled=${SWAGGER_ENABLED:false}
|
||||
|
||||
# Internal service auth (used by agent ingestion endpoint)
|
||||
aria.internal.service-secret=${ARIA_SERVICE_SECRET:}
|
||||
|
||||
# Sequence detection window (minutes)
|
||||
aria.sequence.window.minutes=${ARIA_SEQUENCE_WINDOW_MINUTES:15}
|
||||
|
||||
# Auto-response — disabled by default for safe initial deployment
|
||||
aria.autoresponse.shutdown.enabled=${ARIA_AUTORESPONSE_SHUTDOWN_ENABLED:false}
|
||||
|
||||
# hiveops-incident (for auto-response fleet tasks)
|
||||
aria.incident.url=${INCIDENT_SERVICE_URL:http://hiveiq-incident:8080}
|
||||
aria.incident.service-secret=${INTERNAL_SERVICE_SECRET:}
|
||||
|
||||
# Kafka
|
||||
spring.kafka.bootstrap-servers=${KAFKA_BOOTSTRAP_SERVERS:localhost:9092}
|
||||
spring.kafka.admin.fail-fast=false
|
||||
spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer
|
||||
spring.kafka.producer.value-serializer=org.springframework.kafka.support.serializer.JsonSerializer
|
||||
spring.kafka.producer.properties.spring.json.add.type.headers=false
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
Binary file not shown.
BIN
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,98 +0,0 @@
|
||||
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
|
||||
|
||||
CREATE TYPE ioc_type AS ENUM (
|
||||
'FILENAME', 'MD5', 'REGISTRY_KEY', 'DIRECTORY', 'SERVICE_NAME', 'IP', 'FILE_PATH'
|
||||
);
|
||||
|
||||
CREATE TYPE ioc_source AS ENUM ('FBI_FLASH', 'FS_ISAC', 'MANUAL');
|
||||
|
||||
CREATE TYPE confidence_level AS ENUM ('HIGH', 'MEDIUM', 'LOW');
|
||||
|
||||
CREATE TABLE threat_ioc (
|
||||
id BIGSERIAL PRIMARY KEY,
|
||||
ioc_type ioc_type NOT NULL,
|
||||
value TEXT NOT NULL,
|
||||
description TEXT,
|
||||
source ioc_source NOT NULL DEFAULT 'FBI_FLASH',
|
||||
source_ref VARCHAR(100),
|
||||
confidence confidence_level NOT NULL DEFAULT 'HIGH',
|
||||
added_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
||||
expires_at TIMESTAMPTZ,
|
||||
active BOOLEAN NOT NULL DEFAULT TRUE,
|
||||
UNIQUE (ioc_type, value)
|
||||
);
|
||||
|
||||
CREATE INDEX idx_threat_ioc_active ON threat_ioc(active);
|
||||
CREATE INDEX idx_threat_ioc_type ON threat_ioc(ioc_type);
|
||||
|
||||
CREATE TYPE threat_severity AS ENUM ('CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO');
|
||||
|
||||
CREATE TYPE threat_event_type AS ENUM ('PHYSICAL', 'OS_EVENT', 'FILE_SYSTEM', 'COMPOSITE');
|
||||
|
||||
CREATE TYPE attack_phase AS ENUM (
|
||||
'PHYSICAL_ACCESS', 'MALWARE_STAGING', 'MALWARE_EXECUTION', 'PERSISTENCE', 'CLEANUP'
|
||||
);
|
||||
|
||||
CREATE TABLE threat_event (
|
||||
id BIGSERIAL PRIMARY KEY,
|
||||
device_id BIGINT,
|
||||
device_agent_id VARCHAR(100),
|
||||
event_type threat_event_type NOT NULL,
|
||||
signal_key VARCHAR(100) NOT NULL,
|
||||
raw_payload JSONB,
|
||||
matched_ioc_id BIGINT REFERENCES threat_ioc(id),
|
||||
severity threat_severity NOT NULL,
|
||||
detected_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
||||
attack_phase attack_phase,
|
||||
sequence_id UUID,
|
||||
institution_key VARCHAR(100),
|
||||
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
|
||||
);
|
||||
|
||||
CREATE INDEX idx_threat_event_device_id ON threat_event(device_id);
|
||||
CREATE INDEX idx_threat_event_sequence ON threat_event(sequence_id);
|
||||
CREATE INDEX idx_threat_event_detected ON threat_event(detected_at DESC);
|
||||
CREATE INDEX idx_threat_event_severity ON threat_event(severity);
|
||||
CREATE INDEX idx_threat_event_agent ON threat_event(device_agent_id);
|
||||
|
||||
CREATE TYPE sequence_type AS ENUM ('JACKPOTTING', 'SKIMMING', 'UNKNOWN');
|
||||
|
||||
CREATE TYPE auto_response_action AS ENUM ('NONE', 'SHUTDOWN', 'NOTIFICATION', 'LOCKDOWN');
|
||||
|
||||
CREATE TABLE precursor_sequence_alert (
|
||||
id BIGSERIAL PRIMARY KEY,
|
||||
device_id BIGINT,
|
||||
device_agent_id VARCHAR(100),
|
||||
sequence_type sequence_type NOT NULL DEFAULT 'JACKPOTTING',
|
||||
phases_detected attack_phase[] NOT NULL DEFAULT '{}',
|
||||
confidence NUMERIC(4,3) NOT NULL DEFAULT 0.0,
|
||||
triggered_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
||||
auto_response_taken auto_response_action NOT NULL DEFAULT 'NONE',
|
||||
resolved_at TIMESTAMPTZ,
|
||||
resolved_by VARCHAR(200),
|
||||
institution_key VARCHAR(100),
|
||||
sequence_id UUID NOT NULL DEFAULT uuid_generate_v4()
|
||||
);
|
||||
|
||||
CREATE INDEX idx_sequence_alert_device ON precursor_sequence_alert(device_id);
|
||||
CREATE INDEX idx_sequence_alert_trigger ON precursor_sequence_alert(triggered_at DESC);
|
||||
CREATE INDEX idx_sequence_alert_open ON precursor_sequence_alert(resolved_at) WHERE resolved_at IS NULL;
|
||||
|
||||
CREATE TYPE os_eol_status AS ENUM ('SUPPORTED', 'EOL', 'UNKNOWN');
|
||||
|
||||
CREATE TABLE device_security_posture (
|
||||
device_id BIGINT PRIMARY KEY,
|
||||
device_agent_id VARCHAR(100),
|
||||
institution_key VARCHAR(100),
|
||||
audit_policy_compliant BOOLEAN,
|
||||
gold_image_validated_at TIMESTAMPTZ,
|
||||
gold_image_hash VARCHAR(128),
|
||||
current_image_hash VARCHAR(128),
|
||||
disk_encryption_enabled BOOLEAN,
|
||||
os_version VARCHAR(200),
|
||||
os_eol_status os_eol_status NOT NULL DEFAULT 'UNKNOWN',
|
||||
software_whitelist_enabled BOOLEAN,
|
||||
last_posture_check_at TIMESTAMPTZ,
|
||||
posture_score INTEGER,
|
||||
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
|
||||
);
|
||||
@@ -1,52 +0,0 @@
|
||||
-- IOC seed data from FBI FLASH Alert FLASH-20260219-001
|
||||
-- Source: ATM Jackpotting / Ploutus malware campaign
|
||||
|
||||
-- Malicious executables (FILENAME type)
|
||||
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
|
||||
('FILENAME', 'Newage.exe', 'Ploutus jackpotting malware', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'Color.exe', 'Ploutus jackpotting malware variant', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'Levantaito.exe', 'Ploutus jackpotting malware variant', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'NCRApp.exe', 'Ploutus masquerading as NCR application', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'sdelete.exe', 'Secure delete tool used for log cleanup', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'Promo.exe', 'Ploutus jackpotting malware variant', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'WinMonitor.exe', 'Ploutus persistence component', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'WinMonitorCheck.exe', 'Ploutus persistence watchdog', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'Anydesk1.exe', 'AnyDesk remote access trojan variant', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH');
|
||||
|
||||
-- MD5 hashes
|
||||
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
|
||||
('MD5', '2C2D16658D8DA6B389934273EF8F8E22', 'Ploutus malware hash', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('MD5', '5F177B84F3D92AB5711BE446125FDBE3', 'Ploutus malware hash', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('MD5', '61EECEB5F9186A0BC01DC82798CD6C5F', 'Ploutus malware hash', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('MD5', 'FDA82030AE92313E94B9339EA1FC107C', 'Ploutus malware hash', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('MD5', 'C04A7CB926CCBF829D0A36A91EBF91BD', 'Ploutus malware hash', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH');
|
||||
|
||||
-- Associated files and scripts
|
||||
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
|
||||
('FILENAME', 'C.dat', 'Ploutus data/config file', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'Restaurar.bat', 'Malware cleanup/restore script', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'Restauraropteva.bat', 'Malware cleanup script (Opteva ATMs)', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('FILENAME', 'Logcontrol.txt', 'Attacker log control file', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM'),
|
||||
('FILENAME', 'Logc.txt', 'Attacker log file', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM'),
|
||||
('FILENAME', 'Borrar_beta.txt', 'Attacker cleanup script', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM');
|
||||
|
||||
-- Suspicious directories
|
||||
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
|
||||
('DIRECTORY', 'C:\<ATM_Manufacturer>\exe\p\', 'Known Ploutus staging directory', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('DIRECTORY', 'C:\Users\SSAuto1\AppData\Local\P\', 'Known Ploutus staging directory', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH');
|
||||
|
||||
-- Registry persistence keys
|
||||
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
|
||||
('REGISTRY_KEY', 'HKLM\Software\Microsoft\Windows\CurrentVersion\Run', 'Common malware persistence location', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM'),
|
||||
('REGISTRY_KEY', 'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon', 'Winlogon hijack persistence location', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('REGISTRY_KEY', 'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit', 'Userinit hijack persistence location', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH');
|
||||
|
||||
-- Suspicious service names used as cover
|
||||
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
|
||||
('SERVICE_NAME', 'ATM Service', 'Generic service name used by Ploutus for persistence', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
|
||||
('SERVICE_NAME', 'Dispenser Service', 'Generic service name used by Ploutus for persistence', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH');
|
||||
|
||||
-- Unauthorized remote access tools
|
||||
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
|
||||
('FILENAME', 'TeamViewer.exe', 'Remote access tool — flag if not in authorized software list', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM'),
|
||||
('FILENAME', 'AnyDesk.exe', 'Remote access tool — flag if not in authorized software list', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM');
|
||||
Binary file not shown.
Binary file not shown.
@@ -1,3 +0,0 @@
|
||||
artifactId=hiveops-aria
|
||||
groupId=com.hiveops
|
||||
version=1.0.0
|
||||
@@ -1,37 +0,0 @@
|
||||
com/hiveops/aria/dto/ThreatEventIngestionRequest.class
|
||||
com/hiveops/aria/entity/ThreatIoc$ThreatIocBuilder.class
|
||||
com/hiveops/aria/entity/PrecursorSequenceAlert$AutoResponseAction.class
|
||||
com/hiveops/aria/entity/ThreatIoc$IocType.class
|
||||
com/hiveops/aria/controller/ThreatIocController.class
|
||||
com/hiveops/aria/kafka/AriaThreatEvent.class
|
||||
com/hiveops/aria/repository/DeviceSecurityPostureRepository.class
|
||||
com/hiveops/aria/entity/DeviceSecurityPosture.class
|
||||
com/hiveops/aria/service/ThreatEventClassifier.class
|
||||
com/hiveops/aria/entity/ThreatEvent.class
|
||||
com/hiveops/aria/kafka/AriaThreatEvent$AriaThreatEventBuilder.class
|
||||
com/hiveops/aria/entity/DeviceSecurityPosture$DeviceSecurityPostureBuilder.class
|
||||
com/hiveops/aria/controller/ThreatIocController$CreateIocRequest.class
|
||||
com/hiveops/aria/kafka/AriaKafkaConfig.class
|
||||
com/hiveops/aria/entity/ThreatIoc.class
|
||||
com/hiveops/aria/security/AriaPrincipal.class
|
||||
com/hiveops/aria/entity/PrecursorSequenceAlert$SequenceType.class
|
||||
com/hiveops/aria/service/ThreatEventClassifier$ClassificationResult.class
|
||||
com/hiveops/aria/repository/ThreatIocRepository.class
|
||||
com/hiveops/aria/entity/ThreatIoc$IocSource.class
|
||||
com/hiveops/aria/entity/ThreatEvent$ThreatEventBuilder.class
|
||||
com/hiveops/aria/entity/ThreatEvent$AttackPhase.class
|
||||
com/hiveops/aria/repository/ThreatEventRepository.class
|
||||
com/hiveops/aria/repository/PrecursorSequenceAlertRepository.class
|
||||
com/hiveops/aria/AriaApplication.class
|
||||
com/hiveops/aria/dto/ThreatEventItem.class
|
||||
com/hiveops/aria/entity/ThreatEvent$EventType.class
|
||||
com/hiveops/aria/service/ThreatEventIngestionService.class
|
||||
com/hiveops/aria/entity/PrecursorSequenceAlert$PrecursorSequenceAlertBuilder.class
|
||||
com/hiveops/aria/controller/ThreatEventIngestionController.class
|
||||
com/hiveops/aria/security/JwtAuthenticationFilter.class
|
||||
com/hiveops/aria/entity/ThreatEvent$ThreatSeverity.class
|
||||
com/hiveops/aria/config/SecurityConfig.class
|
||||
com/hiveops/aria/entity/DeviceSecurityPosture$OsEolStatus.class
|
||||
com/hiveops/aria/kafka/AriaThreatProducer.class
|
||||
com/hiveops/aria/entity/PrecursorSequenceAlert.class
|
||||
com/hiveops/aria/entity/ThreatIoc$ConfidenceLevel.class
|
||||
@@ -1,21 +0,0 @@
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/AriaApplication.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/config/SecurityConfig.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/controller/ThreatEventIngestionController.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/controller/ThreatIocController.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/dto/ThreatEventIngestionRequest.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/dto/ThreatEventItem.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/entity/DeviceSecurityPosture.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/entity/PrecursorSequenceAlert.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/entity/ThreatEvent.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/entity/ThreatIoc.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/kafka/AriaKafkaConfig.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/kafka/AriaThreatEvent.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/kafka/AriaThreatProducer.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/repository/DeviceSecurityPostureRepository.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/repository/PrecursorSequenceAlertRepository.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/repository/ThreatEventRepository.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/repository/ThreatIocRepository.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/security/AriaPrincipal.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/security/JwtAuthenticationFilter.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/service/ThreatEventClassifier.java
|
||||
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/service/ThreatEventIngestionService.java
|
||||
Reference in New Issue
Block a user