chore: add .gitignore, remove target/ from tracking
CD - Develop / build-and-deploy (push) Failing after 11m21s

This commit is contained in:
2026-06-14 09:31:01 -04:00
parent e5f25f1c2c
commit 8c877ddd31
48 changed files with 13 additions and 284 deletions
+13
View File
@@ -0,0 +1,13 @@
target/
*.class
*.jar
!**/src/main/**
.DS_Store
.idea/
*.iml
*.iws
*.ipr
.settings/
.project
.classpath
.env
-73
View File
@@ -1,73 +0,0 @@
spring.application.name=hiveops-aria
# Server
server.port=8095
# Database
spring.datasource.url=${DB_URL:jdbc:postgresql://localhost:5432/hiveiq_aria}
spring.datasource.username=${DB_USERNAME:hiveiq}
spring.datasource.password=${DB_PASSWORD}
spring.datasource.driver-class-name=org.postgresql.Driver
# JPA/Hibernate
spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
spring.jpa.hibernate.ddl-auto=validate
# Flyway
spring.flyway.enabled=true
spring.flyway.locations=classpath:db/migration
spring.flyway.baseline-on-migrate=true
spring.flyway.baseline-version=1
spring.flyway.validate-on-migrate=true
spring.jpa.show-sql=false
spring.jpa.properties.hibernate.format_sql=true
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
# Logging
logging.level.root=WARN
logging.level.com.hiveops.aria=INFO
logging.level.org.springframework.security=DEBUG
# Error responses
server.error.include-message=always
# Actuator
management.endpoints.web.exposure.include=health,info,loggers
management.endpoint.loggers.enabled=true
# Pagination
spring.data.web.pageable.default-page-size=25
spring.data.web.pageable.max-page-size=100
# Jackson
spring.jackson.default-property-inclusion=non_null
spring.jackson.serialization.write-dates-as-timestamps=false
spring.jackson.time-zone=UTC
# JWT
jwt.secret=${JWT_SECRET}
jwt.expiration=86400000
# OpenAPI
springdoc.api-docs.enabled=${SWAGGER_ENABLED:false}
springdoc.swagger-ui.enabled=${SWAGGER_ENABLED:false}
# Internal service auth (used by agent ingestion endpoint)
aria.internal.service-secret=${ARIA_SERVICE_SECRET:}
# Sequence detection window (minutes)
aria.sequence.window.minutes=${ARIA_SEQUENCE_WINDOW_MINUTES:15}
# Auto-response — disabled by default for safe initial deployment
aria.autoresponse.shutdown.enabled=${ARIA_AUTORESPONSE_SHUTDOWN_ENABLED:false}
# hiveops-incident (for auto-response fleet tasks)
aria.incident.url=${INCIDENT_SERVICE_URL:http://hiveiq-incident:8080}
aria.incident.service-secret=${INTERNAL_SERVICE_SECRET:}
# Kafka
spring.kafka.bootstrap-servers=${KAFKA_BOOTSTRAP_SERVERS:localhost:9092}
spring.kafka.admin.fail-fast=false
spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer
spring.kafka.producer.value-serializer=org.springframework.kafka.support.serializer.JsonSerializer
spring.kafka.producer.properties.spring.json.add.type.headers=false
@@ -1,98 +0,0 @@
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
CREATE TYPE ioc_type AS ENUM (
'FILENAME', 'MD5', 'REGISTRY_KEY', 'DIRECTORY', 'SERVICE_NAME', 'IP', 'FILE_PATH'
);
CREATE TYPE ioc_source AS ENUM ('FBI_FLASH', 'FS_ISAC', 'MANUAL');
CREATE TYPE confidence_level AS ENUM ('HIGH', 'MEDIUM', 'LOW');
CREATE TABLE threat_ioc (
id BIGSERIAL PRIMARY KEY,
ioc_type ioc_type NOT NULL,
value TEXT NOT NULL,
description TEXT,
source ioc_source NOT NULL DEFAULT 'FBI_FLASH',
source_ref VARCHAR(100),
confidence confidence_level NOT NULL DEFAULT 'HIGH',
added_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
expires_at TIMESTAMPTZ,
active BOOLEAN NOT NULL DEFAULT TRUE,
UNIQUE (ioc_type, value)
);
CREATE INDEX idx_threat_ioc_active ON threat_ioc(active);
CREATE INDEX idx_threat_ioc_type ON threat_ioc(ioc_type);
CREATE TYPE threat_severity AS ENUM ('CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO');
CREATE TYPE threat_event_type AS ENUM ('PHYSICAL', 'OS_EVENT', 'FILE_SYSTEM', 'COMPOSITE');
CREATE TYPE attack_phase AS ENUM (
'PHYSICAL_ACCESS', 'MALWARE_STAGING', 'MALWARE_EXECUTION', 'PERSISTENCE', 'CLEANUP'
);
CREATE TABLE threat_event (
id BIGSERIAL PRIMARY KEY,
device_id BIGINT,
device_agent_id VARCHAR(100),
event_type threat_event_type NOT NULL,
signal_key VARCHAR(100) NOT NULL,
raw_payload JSONB,
matched_ioc_id BIGINT REFERENCES threat_ioc(id),
severity threat_severity NOT NULL,
detected_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
attack_phase attack_phase,
sequence_id UUID,
institution_key VARCHAR(100),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX idx_threat_event_device_id ON threat_event(device_id);
CREATE INDEX idx_threat_event_sequence ON threat_event(sequence_id);
CREATE INDEX idx_threat_event_detected ON threat_event(detected_at DESC);
CREATE INDEX idx_threat_event_severity ON threat_event(severity);
CREATE INDEX idx_threat_event_agent ON threat_event(device_agent_id);
CREATE TYPE sequence_type AS ENUM ('JACKPOTTING', 'SKIMMING', 'UNKNOWN');
CREATE TYPE auto_response_action AS ENUM ('NONE', 'SHUTDOWN', 'NOTIFICATION', 'LOCKDOWN');
CREATE TABLE precursor_sequence_alert (
id BIGSERIAL PRIMARY KEY,
device_id BIGINT,
device_agent_id VARCHAR(100),
sequence_type sequence_type NOT NULL DEFAULT 'JACKPOTTING',
phases_detected attack_phase[] NOT NULL DEFAULT '{}',
confidence NUMERIC(4,3) NOT NULL DEFAULT 0.0,
triggered_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
auto_response_taken auto_response_action NOT NULL DEFAULT 'NONE',
resolved_at TIMESTAMPTZ,
resolved_by VARCHAR(200),
institution_key VARCHAR(100),
sequence_id UUID NOT NULL DEFAULT uuid_generate_v4()
);
CREATE INDEX idx_sequence_alert_device ON precursor_sequence_alert(device_id);
CREATE INDEX idx_sequence_alert_trigger ON precursor_sequence_alert(triggered_at DESC);
CREATE INDEX idx_sequence_alert_open ON precursor_sequence_alert(resolved_at) WHERE resolved_at IS NULL;
CREATE TYPE os_eol_status AS ENUM ('SUPPORTED', 'EOL', 'UNKNOWN');
CREATE TABLE device_security_posture (
device_id BIGINT PRIMARY KEY,
device_agent_id VARCHAR(100),
institution_key VARCHAR(100),
audit_policy_compliant BOOLEAN,
gold_image_validated_at TIMESTAMPTZ,
gold_image_hash VARCHAR(128),
current_image_hash VARCHAR(128),
disk_encryption_enabled BOOLEAN,
os_version VARCHAR(200),
os_eol_status os_eol_status NOT NULL DEFAULT 'UNKNOWN',
software_whitelist_enabled BOOLEAN,
last_posture_check_at TIMESTAMPTZ,
posture_score INTEGER,
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
@@ -1,52 +0,0 @@
-- IOC seed data from FBI FLASH Alert FLASH-20260219-001
-- Source: ATM Jackpotting / Ploutus malware campaign
-- Malicious executables (FILENAME type)
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
('FILENAME', 'Newage.exe', 'Ploutus jackpotting malware', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'Color.exe', 'Ploutus jackpotting malware variant', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'Levantaito.exe', 'Ploutus jackpotting malware variant', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'NCRApp.exe', 'Ploutus masquerading as NCR application', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'sdelete.exe', 'Secure delete tool used for log cleanup', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'Promo.exe', 'Ploutus jackpotting malware variant', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'WinMonitor.exe', 'Ploutus persistence component', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'WinMonitorCheck.exe', 'Ploutus persistence watchdog', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'Anydesk1.exe', 'AnyDesk remote access trojan variant', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH');
-- MD5 hashes
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
('MD5', '2C2D16658D8DA6B389934273EF8F8E22', 'Ploutus malware hash', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('MD5', '5F177B84F3D92AB5711BE446125FDBE3', 'Ploutus malware hash', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('MD5', '61EECEB5F9186A0BC01DC82798CD6C5F', 'Ploutus malware hash', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('MD5', 'FDA82030AE92313E94B9339EA1FC107C', 'Ploutus malware hash', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('MD5', 'C04A7CB926CCBF829D0A36A91EBF91BD', 'Ploutus malware hash', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH');
-- Associated files and scripts
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
('FILENAME', 'C.dat', 'Ploutus data/config file', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'Restaurar.bat', 'Malware cleanup/restore script', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'Restauraropteva.bat', 'Malware cleanup script (Opteva ATMs)', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('FILENAME', 'Logcontrol.txt', 'Attacker log control file', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM'),
('FILENAME', 'Logc.txt', 'Attacker log file', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM'),
('FILENAME', 'Borrar_beta.txt', 'Attacker cleanup script', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM');
-- Suspicious directories
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
('DIRECTORY', 'C:\<ATM_Manufacturer>\exe\p\', 'Known Ploutus staging directory', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('DIRECTORY', 'C:\Users\SSAuto1\AppData\Local\P\', 'Known Ploutus staging directory', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH');
-- Registry persistence keys
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
('REGISTRY_KEY', 'HKLM\Software\Microsoft\Windows\CurrentVersion\Run', 'Common malware persistence location', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM'),
('REGISTRY_KEY', 'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon', 'Winlogon hijack persistence location', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('REGISTRY_KEY', 'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit', 'Userinit hijack persistence location', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH');
-- Suspicious service names used as cover
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
('SERVICE_NAME', 'ATM Service', 'Generic service name used by Ploutus for persistence', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH'),
('SERVICE_NAME', 'Dispenser Service', 'Generic service name used by Ploutus for persistence', 'FBI_FLASH', 'FLASH-20260219-001', 'HIGH');
-- Unauthorized remote access tools
INSERT INTO threat_ioc (ioc_type, value, description, source, source_ref, confidence) VALUES
('FILENAME', 'TeamViewer.exe', 'Remote access tool — flag if not in authorized software list', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM'),
('FILENAME', 'AnyDesk.exe', 'Remote access tool — flag if not in authorized software list', 'FBI_FLASH', 'FLASH-20260219-001', 'MEDIUM');
Binary file not shown.
Binary file not shown.
-3
View File
@@ -1,3 +0,0 @@
artifactId=hiveops-aria
groupId=com.hiveops
version=1.0.0
@@ -1,37 +0,0 @@
com/hiveops/aria/dto/ThreatEventIngestionRequest.class
com/hiveops/aria/entity/ThreatIoc$ThreatIocBuilder.class
com/hiveops/aria/entity/PrecursorSequenceAlert$AutoResponseAction.class
com/hiveops/aria/entity/ThreatIoc$IocType.class
com/hiveops/aria/controller/ThreatIocController.class
com/hiveops/aria/kafka/AriaThreatEvent.class
com/hiveops/aria/repository/DeviceSecurityPostureRepository.class
com/hiveops/aria/entity/DeviceSecurityPosture.class
com/hiveops/aria/service/ThreatEventClassifier.class
com/hiveops/aria/entity/ThreatEvent.class
com/hiveops/aria/kafka/AriaThreatEvent$AriaThreatEventBuilder.class
com/hiveops/aria/entity/DeviceSecurityPosture$DeviceSecurityPostureBuilder.class
com/hiveops/aria/controller/ThreatIocController$CreateIocRequest.class
com/hiveops/aria/kafka/AriaKafkaConfig.class
com/hiveops/aria/entity/ThreatIoc.class
com/hiveops/aria/security/AriaPrincipal.class
com/hiveops/aria/entity/PrecursorSequenceAlert$SequenceType.class
com/hiveops/aria/service/ThreatEventClassifier$ClassificationResult.class
com/hiveops/aria/repository/ThreatIocRepository.class
com/hiveops/aria/entity/ThreatIoc$IocSource.class
com/hiveops/aria/entity/ThreatEvent$ThreatEventBuilder.class
com/hiveops/aria/entity/ThreatEvent$AttackPhase.class
com/hiveops/aria/repository/ThreatEventRepository.class
com/hiveops/aria/repository/PrecursorSequenceAlertRepository.class
com/hiveops/aria/AriaApplication.class
com/hiveops/aria/dto/ThreatEventItem.class
com/hiveops/aria/entity/ThreatEvent$EventType.class
com/hiveops/aria/service/ThreatEventIngestionService.class
com/hiveops/aria/entity/PrecursorSequenceAlert$PrecursorSequenceAlertBuilder.class
com/hiveops/aria/controller/ThreatEventIngestionController.class
com/hiveops/aria/security/JwtAuthenticationFilter.class
com/hiveops/aria/entity/ThreatEvent$ThreatSeverity.class
com/hiveops/aria/config/SecurityConfig.class
com/hiveops/aria/entity/DeviceSecurityPosture$OsEolStatus.class
com/hiveops/aria/kafka/AriaThreatProducer.class
com/hiveops/aria/entity/PrecursorSequenceAlert.class
com/hiveops/aria/entity/ThreatIoc$ConfidenceLevel.class
@@ -1,21 +0,0 @@
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/AriaApplication.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/config/SecurityConfig.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/controller/ThreatEventIngestionController.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/controller/ThreatIocController.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/dto/ThreatEventIngestionRequest.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/dto/ThreatEventItem.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/entity/DeviceSecurityPosture.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/entity/PrecursorSequenceAlert.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/entity/ThreatEvent.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/entity/ThreatIoc.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/kafka/AriaKafkaConfig.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/kafka/AriaThreatEvent.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/kafka/AriaThreatProducer.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/repository/DeviceSecurityPostureRepository.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/repository/PrecursorSequenceAlertRepository.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/repository/ThreatEventRepository.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/repository/ThreatIocRepository.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/security/AriaPrincipal.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/security/JwtAuthenticationFilter.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/service/ThreatEventClassifier.java
/source/hiveops-src/hiveops-aria/src/main/java/com/hiveops/aria/service/ThreatEventIngestionService.java