# soc_collector -- Gathering vulnerability information and presenting it

## The oneliner

The collector answers the fundamental question constantly posed by all
SOC personnel ever: Can I go for lunch now?

## The elevator pitch

Your're working as a Security Operations Center engineer and your job
is to, one, know when any part of your infrastructure is vulnerable
and, two, if it is, do something smart about it.

The collector compiles data from vulnerability scanners and stores it
in a database. You query the collector for the current vulnerability
status of your network infrastructure.

Without a summary of your vulnerability status and ability to quickly
deepen your knowledge of a given system, your chances of ever eating
lunch with a clear conscience are slim.

## The user interface

TODO

## The gory^Wtechnical details

TODO

## The name

The "soc" part means Security Operations Center.

The "collector" part is correct but misleading since `soc_collector`
also processes and presents.

## The license

This code is licensed under the 2-Clause BSD License, see LICENSE for
the full text.

## How to test it out

The collector has been tested on Debian 10 (Buster). Other Unix
systems should be possible to host it as well.

On a Debian system, first install the dependencies.

    sudo apt install python3 python3-pip python3-leveldb
    pip3 install falcon

Start the demo HTTP server.

    python3 src/wsgi.py

Submit some data.

    echo '[{
        "ip": "192.0.2.10",
        "port": 443,
        "whois_description": "SOMENET",
        "asn": "AS65001",
        "asn_country_code": "SE",
        "ptr": "host10.test.soc.sunet.se",
        "abuse_mail": "abuse@test.soc.sunet.se",
        "domain": "sunet.se",
        "timestamp_in_utc": "2021-06-21T14:06 UTC",
        "producer_unique_keys": {
            "subject_cn": "unknown",
            "subject_o": "unknown",
            "full_name": "VMware ESXi 6.7.0 build-17700523",
            "end_of_general_support": false,
            "cve_2021_21972": "CVE-2021-21972 not applicable",
            "cve_2021_21974": "CVE-2021-21974 patched",
            "cve_2021_21985": "CVE-2021-21985 not applicable"
        }
    }]' | curl -s -u admin:admin --data-binary @- http://localhost:8000/sc/v0/add

Get the same data back.

    curl -s -u sunet.se: http://localhost:8000/sc/v0/get | json_pp -json_opt utf8,pretty