ASM integration step 1/x

[h701h]

Integrate an ASM tool into Tracker for: asset discovery, threat/vuln intelligence.

Must Have

• Permanent connection string setup between ASM and Trackers

Second Effort (after the connection string is set up)

• Create python template using ASM integration (bonus, tie to gcnotify) (FOR READING, NOT UPDATING, Inventory changes?,
  • This script should have per user read only keys
  • Web components
    • 3.1.2 Use a denial-of-service mitigation service; and
    • 3.1.3 Use GC-approved content delivery networks (CDN) that cache websites and protects access to the origin server.
    • Publish a security.txt to provide contact information on where to report vulnerabilities (for example, contact@cyber.gc.ca).
  • Observation
  • Login pages (partial?)
  • Enumerate various types across found data
    • web component types
    • attribute types
    • ???
  • Tombstone data (discovery group, ports, CSP, )
  • Nice to have - create an aggregation example (web site hosting provider summary, ?)
• What is the domain delta between ASM and Tracker?
• What is the domain delta between Alpha and Tracker and ASM?
• Sync Tracker db data TO ASM (Tracker: org slug -> ASM: tag, Tracker: tags -> ASM: tags, Tracker: UUID -> ASM: UUID/External ID)
• When a user 'adds' a domain. Add it to the ASM tooling with all the proper tags (approved, org slug, tags)

Third Effort

• Integrate asset discovery from ASM tooling into Tracker. Develop a means to guess which domain an org belongs to. Domains found during asset discovery need to be vetted by super admins before being assigned to a org (tech, process, tech+process). We need to keep the false positive rate as low as possible when it comes to assigning domains to org.

Needs Investigation

• Lots of wildcards in the approved section. Is this causing us to be billed more?

Design Constraints

• Change Tracker as little as possible
• Keep it simple.

[h701h]

How will we best managed the discovery groups?