Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenC2 packet filtering plugin #4222

Open
3 tasks done
MaartendeKruijf opened this issue Sep 4, 2024 · 2 comments
Open
3 tasks done

OpenC2 packet filtering plugin #4222

MaartendeKruijf opened this issue Sep 4, 2024 · 2 comments

Comments

@MaartendeKruijf
Copy link

MaartendeKruijf commented Sep 4, 2024
edited
Loading

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

Is your feature request related to a problem? Please describe.
Hi, I'm Maarten de Kruijf from TNO working in the Cyber Security Technology department where we work on security automation. My colleague @RabbITCybErSeC and I are working to bring OpenC2 integration to OPNsense as a plugin.

OpenC2, developed by OASIS Open, is an universal way to control and configure firewall rules. The actuator profile used for this is: OpenC2 Actuator Profile for Packet Filtering Version 1.0.

Describe the solution you'd like
With this issue we want to signify our intent to implement OpenC2 packet filtering profile consumer for OPNSense. As this is our first contribution to OPNsense we hope this community can guide us to make it a succes! (We are in the early stages of development but wanted to give you guys an early heads up and opportunity to formulate questions and give feedback)

Describe alternatives you've considered
We have contemplated to go for a proxy based solution but figured a plugin would be the most clean way to add this functionality.

Additional context
To give a bit of background: We eventually want to use this plugin with our open source security orchestrator SOARCA to be able to show the potential of OpenC2 and CACAO.
@AdSchellevis
Copy link
Member

Hi Maarten,

Welcome to OPNsense, when starting plugin development, make sure to take a look at https://docs.opnsense.org/develop.html

When it comes to registering firewall rules dynamically, the firewall hooks are likely of interest (https://docs.opnsense.org/development/backend/legacy.html#firewall).

The wazuh agent plugin could be interesting to look at for inspiration
https://github.com/opnsense/plugins/tree/master/security/wazuh-agent

If you open a PR and need some tips, just let us know, but keep in mind our community support time is limited and we do have to choose where to spend it.

Best regards,

Ad

@MaartendeKruijf
Copy link
Author

Hi Ad,

Thanks for the pointers! We will try to keep the support time from the community limited. If we are at the point of creating the PR we might indeed ask for some tips. For now thanks for the response.

Best,
Maarten

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AdSchellevis @MaartendeKruijf