Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Empty file modified services/bin/m01-intelligence.js
100644 → 100755
Empty file.
4 changes: 4 additions & 0 deletions services/bin/octobus-tentacles.js
100644 → 100755
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,10 @@ const services = {
entryFile: "../sangfor__fw_v8-0-45/bin/sangfor-fw-v8-0-45.js",
serviceModule: "../sangfor__fw_v8-0-45/src/service.js",
},
"sangfor-sip": {
entryFile: "../sangfor__sip/bin/sangfor-sip.js",
serviceModule: "../sangfor__sip/src/service.js",
},
"sangfor-xdr-v2-0-45": {
entryFile: "../sangfor__xdr_v2-0-45/bin/sangfor-xdr-v2-0-45.js",
serviceModule: "../sangfor__xdr_v2-0-45/src/service.js",
Expand Down
10 changes: 10 additions & 0 deletions services/bin/sangfor-sip.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/usr/bin/env node

import { fileURLToPath } from "node:url";
import { runServiceMain } from "@chaitin-ai/octobus-sdk";

import { service } from "../sangfor__sip/src/service.js";

runServiceMain(service, {
entryFile: fileURLToPath(new URL("../sangfor__sip/bin/sangfor-sip.js", import.meta.url)),
});
Empty file modified services/m01__intelligence/bin/m01-intelligence.js
100644 → 100755
Empty file.
3 changes: 3 additions & 0 deletions services/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
"safeline-waf": "bin/safeline-waf.js",
"safeline-waf-eliminate-false-positive": "bin/safeline-waf-eliminate-false-positive.js",
"sangfor-fw-v8-0-45": "bin/sangfor-fw-v8-0-45.js",
"sangfor-sip": "bin/sangfor-sip.js",
"sangfor-xdr-v2-0-45": "bin/sangfor-xdr-v2-0-45.js",
"skycloud-inet": "bin/skycloud-inet.js",
"slack-group-robot": "bin/slack-group-robot.js",
Expand Down Expand Up @@ -119,6 +120,7 @@
"bin/safeline-waf-eliminate-false-positive.js",
"bin/safeline-waf.js",
"bin/sangfor-fw-v8-0-45.js",
"bin/sangfor-sip.js",
"bin/sangfor-xdr-v2-0-45.js",
"bin/tencent-qyweixin-group-robot.js",
"bin/tencent-tix-saas.js",
Expand Down Expand Up @@ -183,6 +185,7 @@
"chaitin__safeline-waf-eliminate-false-positive",
"chaitin__safeline-waf",
"sangfor__fw_v8-0-45",
"sangfor__sip",
"sangfor__xdr_v2-0-45",
"tencent__qyweixin-group-robot",
"tencent__tix-saas",
Expand Down
46 changes: 46 additions & 0 deletions services/sangfor__sip/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# sangfor-sip

OctoBus service package for Sangfor SIP (Security Intelligence Platform / 深信服安全感知平台).

Pulls security events, risk assets, risk terminals, server/terminal inventory, IP groups, and vulnerability data (weak passwords, CVEs, plaintext transmission) via the SIP third-party REST API.

## Authentication

POST `/sangforinter/v1/auth/party/login` with SHA1-based auth token:

```
auth = sha1(rand + password + "sangfor3party" + userName)
```

Credentials are configured via `secret.yaml`:

```yaml
userName: <认证账号>
password: <认证密码>
platformName: <平台名称>
```

## Configuration

```yaml
host: https://10.0.0.1:7443
skipTlsVerify: true
```

## Methods

| Method | Endpoint | Description |
|--------|----------|-------------|
| `GetSecurityEvents` | `GET /sangforinter/v1/data/riskevent` | Pull security events |
| `GetRiskBusiness` | `GET /sangforinter/v1/data/riskbusiness` | Pull risk business assets |
| `GetRiskTerminals` | `GET /sangforinter/v1/data/riskterminal` | Pull risk terminal assets |
| `GetServers` | `GET /sangforinter/v1/data/business` | Pull configured server assets |
| `GetTerminals` | `GET /sangforinter/v1/data/terminal` | Pull terminal assets |
| `GetIPGroups` | `GET /sangforinter/v1/data/ipgroup` | Pull monitored IP groups |
| `GetWeakPasswords` | `GET /sangforinter/v1/data/weakpasswd` | Pull weak password vulnerabilities |
| `GetVulnerabilities` | `GET /sangforinter/v1/data/hole` | Pull CVE vulnerability records |
| `GetPlaintextTransmissions` | `GET /sangforinter/v1/data/plaintexttransmission` | Pull plaintext transmission vulnerabilities |

## API version

Compatible with SIP v92+. Server port: `7443`.
6 changes: 6 additions & 0 deletions services/sangfor__sip/bin/sangfor-sip.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/usr/bin/env node
import { runServiceMain } from '@chaitin-ai/octobus-sdk';

import { service } from '../src/service.js';

runServiceMain(service);
26 changes: 26 additions & 0 deletions services/sangfor__sip/config.schema.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"type": "object",
"additionalProperties": true,
"properties": {
"host": {
"type": "string",
"description": "Sangfor SIP base URL, e.g. https://10.0.0.1:7443"
},
"baseUrl": {
"type": "string",
"description": "Alias for host."
},
"timeoutMs": {
"type": "integer",
"minimum": 1,
"default": 10000,
"description": "HTTP timeout in milliseconds."
},
"skipTlsVerify": {
"type": "boolean",
"default": true,
"description": "Skip TLS certificate verification (SIP often uses self-signed certs)."
}
}
}
12 changes: 12 additions & 0 deletions services/sangfor__sip/package.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"name": "sangfor-sip",
"version": "0.0.0",
"private": true,
"type": "module",
"bin": {
"sangfor-sip": "bin/sangfor-sip.js"
},
"dependencies": {
"@chaitin-ai/octobus-sdk": "^0.5.0"
}
}
126 changes: 126 additions & 0 deletions services/sangfor__sip/proto/sangfor_sip.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
syntax = "proto3";

package SANGFOR_SIP;

import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";

service SANGFOR_SIP {
rpc GetSecurityEvents (GetSecurityEventsRequest) returns (GetSecurityEventsResponse);
rpc GetRiskBusiness (GetRiskBusinessRequest) returns (GetRiskBusinessResponse);
rpc GetRiskTerminals (GetRiskTerminalsRequest) returns (GetRiskTerminalsResponse);
rpc GetServers (GetServersRequest) returns (GetServersResponse);
rpc GetTerminals (GetTerminalsRequest) returns (GetTerminalsResponse);
rpc GetIPGroups (GetIPGroupsRequest) returns (GetIPGroupsResponse);
rpc GetWeakPasswords (GetWeakPasswordsRequest) returns (GetWeakPasswordsResponse);
rpc GetVulnerabilities (GetVulnerabilitiesRequest) returns (GetVulnerabilitiesResponse);
rpc GetPlaintextTransmissions (GetPlaintextTransmissionsRequest) returns (GetPlaintextTransmissionsResponse);
}

// GetSecurityEvents — pull security events (安全事件)
message GetSecurityEventsRequest {
int64 from_time = 1;
int64 to_time = 2;
google.protobuf.Int32Value max_count = 3;
}

message GetSecurityEventsResponse {
repeated google.protobuf.Value items = 1;
int32 count = 2;
}

// GetRiskBusiness — pull risk business assets (风险业务)
message GetRiskBusinessRequest {
int64 from_time = 1;
int64 to_time = 2;
google.protobuf.Int32Value max_count = 3;
}

message GetRiskBusinessResponse {
repeated google.protobuf.Value items = 1;
int32 count = 2;
}

// GetRiskTerminals — pull risk terminal assets (风险终端)
message GetRiskTerminalsRequest {
int64 from_time = 1;
int64 to_time = 2;
google.protobuf.Int32Value max_count = 3;
}

message GetRiskTerminalsResponse {
repeated google.protobuf.Value items = 1;
int32 count = 2;
}

// GetServers — pull configured server assets (已配置服务器)
message GetServersRequest {
int64 from_time = 1;
int64 to_time = 2;
google.protobuf.Int32Value max_count = 3;
}

message GetServersResponse {
repeated google.protobuf.Value items = 1;
int32 count = 2;
}

// GetTerminals — pull terminal assets (资产终端)
message GetTerminalsRequest {
int64 from_time = 1;
int64 to_time = 2;
google.protobuf.Int32Value max_count = 3;
}

message GetTerminalsResponse {
repeated google.protobuf.Value items = 1;
int32 count = 2;
}

// GetIPGroups — pull monitored IP groups (受监控IP组)
message GetIPGroupsRequest {
int64 from_time = 1;
int64 to_time = 2;
google.protobuf.Int32Value max_count = 3;
}

message GetIPGroupsResponse {
repeated google.protobuf.Value items = 1;
int32 count = 2;
}

// GetWeakPasswords — pull weak password vulnerabilities (弱密码)
message GetWeakPasswordsRequest {
int64 from_time = 1;
int64 to_time = 2;
google.protobuf.Int32Value max_count = 3;
}

message GetWeakPasswordsResponse {
repeated google.protobuf.Value items = 1;
int32 count = 2;
}

// GetVulnerabilities — pull vulnerability information (漏洞)
message GetVulnerabilitiesRequest {
int64 from_time = 1;
int64 to_time = 2;
google.protobuf.Int32Value max_count = 3;
}

message GetVulnerabilitiesResponse {
repeated google.protobuf.Value items = 1;
int32 count = 2;
}

// GetPlaintextTransmissions — pull plaintext transmission vulnerabilities (明文传输)
message GetPlaintextTransmissionsRequest {
int64 from_time = 1;
int64 to_time = 2;
google.protobuf.Int32Value max_count = 3;
}

message GetPlaintextTransmissionsResponse {
repeated google.protobuf.Value items = 1;
int32 count = 2;
}
19 changes: 19 additions & 0 deletions services/sangfor__sip/secret.schema.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"type": "object",
"additionalProperties": true,
"properties": {
"userName": {
"type": "string",
"description": "SIP authentication account (认证账号), must match platform configuration."
},
"password": {
"type": "string",
"description": "SIP authentication password (认证密码), must match platform configuration."
},
"platformName": {
"type": "string",
"description": "SIP unique platform name (平台名称), must match platform configuration."
}
}
}
61 changes: 61 additions & 0 deletions services/sangfor__sip/service.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"schema": "chaitin.octobus.service.v1",
"name": "sangfor-sip",
"displayName": "Sangfor SIP",
"description": "OctoBus package for Sangfor SIP (Security Intelligence Platform): pull security events, risk assets/terminals, server/terminal inventory, IP groups, and vulnerability data (weak passwords, CVEs, plaintext transmission).",
"runtime": {
"mode": "long-running"
},
"proto": {
"roots": [
"proto"
],
"files": [
"proto/sangfor_sip.proto"
]
},
"configSchema": "config.schema.json",
"secretSchema": "secret.schema.json",
"sdk": {
"cli": {
"commands": {
"SANGFOR_SIP.SANGFOR_SIP/GetSecurityEvents": {
"name": "get-security-events",
"description": "Pull security events from Sangfor SIP within a time range."
},
"SANGFOR_SIP.SANGFOR_SIP/GetRiskBusiness": {
"name": "get-risk-business",
"description": "Pull risk business assets from Sangfor SIP within a time range."
},
"SANGFOR_SIP.SANGFOR_SIP/GetRiskTerminals": {
"name": "get-risk-terminals",
"description": "Pull risk terminal assets from Sangfor SIP within a time range."
},
"SANGFOR_SIP.SANGFOR_SIP/GetServers": {
"name": "get-servers",
"description": "Pull configured server asset records from Sangfor SIP within a time range."
},
"SANGFOR_SIP.SANGFOR_SIP/GetTerminals": {
"name": "get-terminals",
"description": "Pull terminal asset records from Sangfor SIP within a time range."
},
"SANGFOR_SIP.SANGFOR_SIP/GetIPGroups": {
"name": "get-ip-groups",
"description": "Pull monitored IP group records from Sangfor SIP within a time range."
},
"SANGFOR_SIP.SANGFOR_SIP/GetWeakPasswords": {
"name": "get-weak-passwords",
"description": "Pull weak password vulnerability records from Sangfor SIP within a time range."
},
"SANGFOR_SIP.SANGFOR_SIP/GetVulnerabilities": {
"name": "get-vulnerabilities",
"description": "Pull vulnerability (CVE/hole) records from Sangfor SIP within a time range."
},
"SANGFOR_SIP.SANGFOR_SIP/GetPlaintextTransmissions": {
"name": "get-plaintext-transmissions",
"description": "Pull plaintext transmission vulnerability records from Sangfor SIP within a time range."
}
}
}
}
}
Loading
Loading