feat(evaluations): ATT&CK Evaluations importer for CrowdStrike Falcon [FASE-6.1]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
- Migration b048: evaluation_imports table (adversary, round, status, tests_created) - EvaluationImport SQLAlchemy model - attck_evaluations_service: fetch rounds from evals.mitre.org API, import per-technique detection results (Technique/Tactic/Telemetry -> detected/partially/not_detected) - All imported tests land in in_review state with lab-environment disclaimer - Idempotency guard prevents duplicate round imports - 4 new endpoints: list rounds, import specific, import latest, check-new - Weekly APScheduler cron (Mon 06:00) auto-checks and imports new rounds - SystemPage UI: rounds table, import buttons, check-new, result feedback - Disclaimer callout reminding admins these are lab results not org coverage Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
kitos
@@ -40,3 +40,59 @@ export async function getSchedulerStatus(): Promise<SchedulerStatusResponse> {
|
||||
const { data } = await client.get<SchedulerStatusResponse>("/system/scheduler-status");
|
||||
return data;
|
||||
}
|
||||
|
||||
// ── ATT&CK Evaluations ─────────────────────────────────────────────
|
||||
|
||||
export interface EvaluationRound {
|
||||
name: string;
|
||||
display_name: string;
|
||||
eval_round: number;
|
||||
imported: boolean;
|
||||
imported_at: string | null;
|
||||
tests_created: number | null;
|
||||
techniques_covered: number | null;
|
||||
}
|
||||
|
||||
export interface EvaluationImportResult {
|
||||
message: string;
|
||||
created: number;
|
||||
skipped: number;
|
||||
techniques_covered: number;
|
||||
adversary: string;
|
||||
eval_round: number;
|
||||
}
|
||||
|
||||
export interface NewRoundCheckResult {
|
||||
new_round_available: boolean;
|
||||
already_imported: boolean;
|
||||
latest_round: { name: string; display_name: string; eval_round: number } | null;
|
||||
error?: string;
|
||||
}
|
||||
|
||||
/** List all public CrowdStrike evaluation rounds with import status. */
|
||||
export async function listEvaluationRounds(): Promise<EvaluationRound[]> {
|
||||
const { data } = await client.get<EvaluationRound[]>("/system/attck-evaluations/rounds");
|
||||
return data;
|
||||
}
|
||||
|
||||
/** Import a specific evaluation round. */
|
||||
export async function importEvaluationRound(payload: {
|
||||
adversary_name: string;
|
||||
adversary_display: string;
|
||||
eval_round: number;
|
||||
}): Promise<EvaluationImportResult> {
|
||||
const { data } = await client.post<EvaluationImportResult>("/system/attck-evaluations/import", payload);
|
||||
return data;
|
||||
}
|
||||
|
||||
/** Import the latest available round automatically. */
|
||||
export async function importLatestEvaluation(): Promise<EvaluationImportResult> {
|
||||
const { data } = await client.post<EvaluationImportResult>("/system/attck-evaluations/import-latest");
|
||||
return data;
|
||||
}
|
||||
|
||||
/** Check if a new round is available. */
|
||||
export async function checkNewEvaluationRound(): Promise<NewRoundCheckResult> {
|
||||
const { data } = await client.get<NewRoundCheckResult>("/system/attck-evaluations/check-new");
|
||||
return data;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user