Skip to main content

Finding Post Processing

License Apache-2.0GitHub release (latest SemVer)OWASP Incubator ProjectArtifact HUBGitHub Repo starsTwitter Follower

What is "Finding Post Processing" Hook about?#

Installing the Finding Post Processing hook will add a ReadAndWrite Hook to your namespace, which can be used to add or update fields from your findings meeting specified conditions.

Deployment#

The finding-post-processing chart can be deployed via helm:

# Install HelmChart (use -n to configure another namespace)helm upgrade --install finding-post-processing secureCodeBox/finding-post-processing

Requirements#

Kubernetes: >=v1.11.0-0

Additional Chart Configurations#

Rule Configuration#

The rules can be defined in the values of the HelmChart. The syntax and semantic for these rules are quite similar to CascadingRules (See: secureCodeBox | CascadingRules)

To define rules you will have to provide the rules field with one or more matches elements. Each machtes defines one Rule. For example:

rules:  - matches:      anyOf:        - category: "Open Port"          attributes:            port: 23            state: open    override:      severity: "high"      description: "Telnet is bad"

This rule will match all findings with an open port on 23 and override the severity for this finding with high as well as providing a new description Telnet is bad!.

matches#

Within the matches you will have to provide anyOf and override. In the anyOff contains one or more conditions to be met by the finding to match the rule. Notice that only one of these elements needs to match the finding for the rule to match.

override#

The override field specifies the desired fields and values that need to be updated or added if the rule is matching.

Values#

KeyTypeDefaultDescription
hook.image.repositorystring"docker.io/securecodebox/hook-finding-post-processing"Hook image repository
hook.image.tagstringdefaults to the charts versionThe image Tag defaults to the charts version if not defined.
hook.ttlSecondsAfterFinishedstringnilSeconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
ruleslist[]

License#

License

Code of secureCodeBox is licensed under the Apache License 2.0.