Kitos
ec65991ac1
Implements all database models for the Aegis platform with full Alembic migration support. Models created: - User: Authentication with role-based access control - Technique: MITRE ATT&CK techniques with coverage status tracking - Test: Security tests with validation workflow (draft/review/validated) - Evidence: File metadata for test evidence (stored in MinIO) - IntelItem: Threat intelligence items linked to techniques - AuditLog: System-wide audit trail with JSONB details Enumerations: - TechniqueStatus: not_evaluated, in_progress, validated, partial, etc. - TestState: draft, in_review, validated, rejected - TestResult: detected, not_detected, partially_detected Services: - audit_service.py: log_action() helper for audit logging All models include proper foreign key relationships and PostgreSQL enum types are managed correctly in migrations (create/drop).
30 lines
1002 B
Python
30 lines
1002 B
Python
import uuid
|
|
from datetime import datetime
|
|
|
|
from sqlalchemy import Column, String, Boolean, DateTime, ForeignKey
|
|
from sqlalchemy.dialects.postgresql import UUID
|
|
from sqlalchemy.orm import relationship
|
|
|
|
from app.database import Base
|
|
|
|
|
|
class IntelItem(Base):
|
|
"""
|
|
Intelligence item model for tracking threat intelligence related to techniques.
|
|
|
|
Stores URLs and metadata from automated intel scans that may indicate
|
|
new attack variations or detection bypasses for specific techniques.
|
|
"""
|
|
__tablename__ = "intel_items"
|
|
|
|
id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
|
|
technique_id = Column(UUID(as_uuid=True), ForeignKey("techniques.id"), nullable=True)
|
|
url = Column(String, nullable=False)
|
|
title = Column(String, nullable=True)
|
|
source = Column(String, nullable=True)
|
|
detected_at = Column(DateTime, default=datetime.utcnow)
|
|
reviewed = Column(Boolean, default=False)
|
|
|
|
# Relationships
|
|
technique = relationship("Technique")
|