feat: Phase 4 - MITRE ATT&CK sync and scheduled job (T-018, T-019)

- Add MITRE sync service via TAXII 2.0 with GitHub fallback - Upsert attack-pattern objects into techniques table (691 techniques) - Detect name/description changes and flag review_required on re-sync - Add APScheduler background job running every 24h - Add POST /system/sync-mitre endpoint (admin only) - Add GET /system/scheduler-status endpoint (admin only) - Configure logging for scheduler and sync visibility - Update README with new endpoints and project structure
2026-02-06 15:28:53 +01:00
parent 4f6dd838fd
commit b11854fdab
6 changed files with 384 additions and 3 deletions
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Aegis is a comprehensive platform for tracking and managing security coverage ag

 ## Features

- **MITRE ATT&CK Integration**: Automatic synchronization with the MITRE ATT&CK framework via TAXII
+- **MITRE ATT&CK Integration**: Automatic synchronization with the MITRE ATT&CK framework via TAXII (with GitHub fallback), scheduled every 24h
 - **Coverage Tracking**: Track validation status for each technique (validated, partial, not covered, in progress)
 - **Test Management**: Document and manage security tests with full audit trail
 - **Evidence Storage**: Secure evidence file storage with SHA256 integrity verification
@@ -121,6 +121,12 @@ Once the backend is running, access the interactive API documentation at:
 | POST | `/api/v1/tests/{test_id}/evidence` | Authenticated | Upload evidence file (SHA-256 verified) |
 | GET | `/api/v1/evidence/{id}` | Authenticated | Get metadata + presigned download URL |

+### System
+| Method | Route | Auth | Description |
+|--------|-------|------|-------------|
+| POST | `/api/v1/system/sync-mitre` | Admin | Manually trigger MITRE ATT&CK sync |
+| GET | `/api/v1/system/scheduler-status` | Admin | Background scheduler health & job list |
+
 ## Project Structure

 ```
@@ -159,12 +165,16 @@ Aegis/
 │       │   ├── auth.py         # POST /auth/login, GET /auth/me
 │       │   ├── techniques.py   # CRUD techniques (list, detail, create, update, review)
 │       │   ├── tests.py        # CRUD tests (create, detail, update, validate, reject)
-│       │   └── evidence.py     # Upload evidence, presigned download
+│       │   ├── evidence.py     # Upload evidence, presigned download
+│       │   └── system.py       # MITRE sync trigger, scheduler status
 │       ├── dependencies/       # FastAPI dependencies (DI)
 │       │   └── auth.py         # get_current_user, require_role, require_any_role
+│       ├── jobs/               # Background scheduled jobs
+│       │   └── mitre_sync_job.py  # APScheduler job: sync MITRE every 24h
 │       └── services/           # Business logic services
 │           ├── audit_service.py
-│           └── status_service.py  # Recalculate technique status from tests
+│           ├── status_service.py  # Recalculate technique status from tests
+│           └── mitre_sync_service.py  # MITRE ATT&CK sync via TAXII / GitHub
 └── frontend/                   # React frontend (coming soon)
 ```