COSSAS · mpboom · Nov 22, 2024 · Sep 14, 2024 · Nov 17, 2024 · Nov 1, 2024
diff --git a/.env.example b/.env.example
@@ -18,11 +18,12 @@ ENABLE_FINS: false
 MQTT_BROKER: "localhost"
 MQTT_PORT: 1883
 
+CALDERA_URL: ""
 HTTP_SKIP_CERT_VALIDATION: false
 
 ### Integrations
 
 # The Hive
 THEHIVE_ACTIVATE: true
 THEHIVE_API_TOKEN: your_token
-THEHIVE_API_BASE_URL: http://localhost:9000/api/v1/
+THEHIVE_API_BASE_URL: http://localhost:9000/api/v1/
diff --git a/.gitignore b/.gitignore
@@ -12,8 +12,7 @@ bin/*
 swaggerdocs/*
 **.env
 test/cacao/flatfile-db-example.json
-test/routes/__debug_bin2988553005
-
+.idea
 
 docs/public
 docs/resources/

diff --git a/test/unittest/database/memory/memory_test.go → database/memory/memory_test.go b/test/unittest/database/memory/memory_test.go → database/memory/memory_test.go
@@ -1,12 +1,11 @@
-package memory_test
+package memory
 
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"os"
-	"soarca/database/memory"
 	"soarca/models/cacao"
 	"soarca/models/decoder"
 	"sort"
@@ -15,7 +14,7 @@ import (
 	"github.com/go-playground/assert/v2"
 )
 
-var PB_PATH string = "../../cacao/playbooks/"
+var PB_PATH string = "../../test/playbooks/"
 
 func TestCreate(t *testing.T) {
 	jsonFile, err := os.Open(PB_PATH + "playbook.json")
@@ -33,7 +32,7 @@ func TestCreate(t *testing.T) {
 	}
 
 	var workflow = decoder.DecodeValidate(byteValue)
-	mem := memory.New()
+	mem := New()
 	playbook, err := mem.Create(&byteValue)
 	assert.Equal(t, err, nil)
 	assert.Equal(t, playbook, workflow)
@@ -57,7 +56,7 @@ func TestRead(t *testing.T) {
 
 	var workflow = decoder.DecodeValidate(byteValue)
 
-	mem := memory.New()
+	mem := New()
 	empty, err := mem.Read(workflow.ID)
 	assert.Equal(t, err, errors.New("playbook is not in repository"))
 	assert.Equal(t, empty, cacao.Playbook{})
@@ -87,7 +86,7 @@ func TestUpdate(t *testing.T) {
 
 	var workflow = decoder.DecodeValidate(byteValue)
 
-	mem := memory.New()
+	mem := New()
 	empty, err := mem.Update(workflow.ID, nil)
 	assert.Equal(t, err, errors.New("playbook is not in repository"))
 	assert.Equal(t, empty, cacao.Playbook{})
@@ -129,7 +128,7 @@ func TestDelete(t *testing.T) {
 
 	var workflow = decoder.DecodeValidate(byteValue)
 
-	mem := memory.New()
+	mem := New()
 	err = mem.Delete(workflow.ID)
 	assert.Equal(t, err, nil)
 
@@ -166,7 +165,7 @@ func TestGetAllPlaybooks(t *testing.T) {
 
 	var workflow = decoder.DecodeValidate(byteValue)
 
-	mem := memory.New()
+	mem := New()
 
 	list := []string{
 		"playbook--f47d4081-21ed-4f21-9d05-6b368d73da30",
@@ -214,7 +213,7 @@ func TestGetAllPlaybookMetas(t *testing.T) {
 
 	var workflow = decoder.DecodeValidate(byteValue)
 
-	mem := memory.New()
+	mem := New()
 
 	list := []string{
 		"playbook--f47d4081-21ed-4f21-9d05-6b368d73da30",

diff --git a/test/unittest/database/projections_test.go → database/projections/projections_test.go b/test/unittest/database/projections_test.go → database/projections/projections_test.go
@@ -1,10 +1,8 @@
-package database_test
+package projections
 
 import (
 	"testing"
 
-	"soarca/database/projections"
-
 	"github.com/go-playground/assert/v2"
 	"go.mongodb.org/mongo-driver/bson"
 )
@@ -20,7 +18,7 @@ func TestProjectionMeta(t *testing.T) {
 		{Key: "labels", Value: 1},
 	}
 
-	validationMeta := projections.Meta.GetProjection()
+	validationMeta := Meta.GetProjection()
 	assert.Equal(t, testMeta, validationMeta)
 }
 
@@ -29,6 +27,6 @@ func TestProjectionID(t *testing.T) {
 		{Key: "_id", Value: 1},
 	}
 
-	validationMeta := projections.Id.GetProjection()
+	validationMeta := Id.GetProjection()
 	assert.Equal(t, testMeta, validationMeta)
 }
diff --git a/docker/soarca/docker-compose.yml b/docker/soarca/docker-compose.yml
@@ -1,4 +1,3 @@
-version: '3.7'
 services:
   mongodb_container:
     image: docker.io/mongo:latest
@@ -13,6 +12,19 @@ services:
         source: mongodb_data_container
         target: /data/db
 
+  caldera:
+    image: soarca-caldera
+    build: https://github.com/mitre/caldera.git
+    networks:
+      - caldera-net
+    ports:
+      - "7010:7010"
+      - "7011:7011/udp"
+      - "7012:7012"
+      - "8888:8888"
+    profiles:
+      - caldera
+
   mosquitto:
     image: docker.io/eclipse-mosquitto
     container_name: mosquitto
@@ -59,6 +71,7 @@ services:
       MQTT_BROKER: "mosquitto"
       MQTT_PORT: 1883
       HTTP_SKIP_CERT_VALIDATION: false
+      CALDERA_URL: "http://caldera:8888"
       # Integrations:
       # The Hive
       THEHIVE_ACTIVATE: false
@@ -67,6 +80,7 @@ services:
     networks:
       - db-net
       - mqtt-net
+      - caldera-net
     ports:
       - 127.0.0.1:8080:8080
     depends_on:
@@ -76,7 +90,7 @@ services:
 networks:
   db-net:
   mqtt-net:
-
+  caldera-net:
 
 volumes:
   mongodb_data_container:
@@ -88,5 +102,3 @@ volumes:
       o: bind
   mosquitto_data:
   mosquitto_log:
-
-
diff --git a/docs/content/en/docs/_index.md b/docs/content/en/docs/_index.md
@@ -41,8 +41,6 @@ SOARCA currently supports the following transport mechanisms:
 {{% card header="SSH - Native" %}}
 [![Ssh](/SOARCA/images/logos-external/ssh.svg)](/docs/soarca-extensions/native-capabilities/#ssh-capability)
 {{% /card %}}
-{{< /cardpane >}}
-</div>
 
 {{% card header="PowerShell WinRM - Native" %}}
 [![PowerShell](/SOARCA/images/logos-external/powershell.svg)](/docs/soarca-extensions/native-capabilities/#powershell-capability)

diff --git a/docs/content/en/docs/contribution-guidelines/_index.md b/docs/content/en/docs/contribution-guidelines/_index.md
@@ -52,7 +52,7 @@ The CI is configured to only allow for certain branch naming namely:
 
 The project has opted to select the [go style guide](https://google.github.io/styleguide/go/) with some exceptions:
 - Receiver name are not one letter https://google.github.io/styleguide/go/decisions#receiver-names so use `info` instead of `i` 
-- Initialisms are CamelCase https://google.github.io/styleguide/go/decisions#receiver-names so use `Xml` instead of `XML`
+- Initialisms are CamelCase https://google.github.io/styleguide/go/decisions#initialisms so use `Xml` instead of `XML`
 
 ## Communication channels
 

diff --git a/docs/content/en/docs/core-components/executer.md b/docs/content/en/docs/core-components/executer.md
@@ -66,6 +66,7 @@ class "If condition Executor" as condition
 class "Ssh" as ssh
 class "OpenC2" as openc2
 class "HttpApi" as api
+class "CalderaCmd" as calderacmd
 class "Fin" as fin
 
 
@@ -106,10 +107,10 @@ The capability selector will select the implementation which is capable of execu
     * openc2-http
     * powershell
 * **Coming soon**
+    * caldera-cmd
     * manual
 * **Future (potentially)**
     * bash
-    * caldera-cmd
     * elastic
     * jupyter
     * kestrel
@@ -210,4 +211,4 @@ Note only [Comparison Expression](http://docs.oasis-open.org/cti/stix/v2.0/cs01/
 {{% /alert %}}
 
 ### Parallel step executor
-The parallel executor will execute the parallel step. This wil be done in sequence to simplify implementation. As parallel steps must not be depended on each other sequential execution is possible. Later this will be changed. 
+The parallel executor will execute the parallel step. This will be done in sequence to simplify implementation. As parallel steps must not depend on each other, sequential execution is possible. Later this will be changed.
diff --git a/docs/content/en/docs/core-components/modules.md b/docs/content/en/docs/core-components/modules.md
@@ -261,6 +261,63 @@ The result of the step is stored in the following output variables:
 }
 ```
 
+### Caldera capability
+
+This capability executes [Caldera Abilities](https://caldera.readthedocs.io/en/latest/Learning-the-terminology.html#abilities-and-adversaries) on the specified targets by creating an operation on a separate Caldera server. 
+The server is packaged in the docker build of SOARCA, but can also be provided separably as a stand-alone server.
+
+#### Success and failure
+
+The Caldera step is considered successful if a connection to the Caldera server can be established, the ability, if supplied as b64command, can be created on the server, an operation can be started on the specified group and adversary, and the operation finished without errors.
+
+In every other circumstance the step is considered to have failed.
+
+#### Variables
+
+This module does not define specific variables as input, but variable interpolation is supported in the command and target definitions. It has the following output variables:
+
+```json
+{
+    "__soarca_caldera_cmd_result__": {
+        "type": "string",
+        "value": ""
+    }
+}
+```
+
+#### Example
+
+This example will start an operation that executes the ability with ID `36eecb80-ede3-442b-8774-956e906aff02` on the Caldera agent group `infiltrators`.
+```json
+{
+    "workflow": {
+        "action--7777c6b6-e275-434e-9e0b-d68f72e691c1": {
+            "type": "action",
+            "agent": "soarca--00010001-1000-1000-a000-000100010001",
+            "targets": ["security-category--c7e6af1b-9e5a-4055-adeb-26b97e1c4db7"],
+            "commands": [
+                {
+                    "type": "caldera",
+                    "command": "36eecb80-ede3-442b-8774-956e906aff02"
+                }
+            ]
+        }
+    },
+    "agent_definitions": {
+        "soarca--00010001-1000-1000-a000-000100010001": {
+            "type": "soarca",
+            "name": "soarca-caldera-cmd"
+        }
+    },
+    "target_definitions": {
+        "linux--c7e6af1b-9e5a-4055-adeb-26b97e1c4db7": {
+            "type": "security-category",
+            "name": "infiltrators"
+            "category": ["caldera"],
+        }
+    }
+}
+```
 
 ---