{ "schema": "https://saferpage.de/schemas/security-feed-storage.v1", "generated_at": "2026-06-09T22:35:15+00:00", "domain": "auth.wuv.de", "available": true, "dry_run": true, "ready_for_storage": false, "summary": "auth.wuv.de: Security-Feed-Storage-Plan mit 3 Speicherbereich(en), 5 Quellenpolicy(s), Freigabe offen.", "metrics": { "storage_table_count": 3, "source_policy_count": 5, "approval_gate_count": 5, "passed_gate_count": 3, "clean_retention_days": 30, "hit_retention_days": 365 }, "approval": { "approved": false, "approved_by_env": false, "approved_by_preview_query": false, "required_env": "SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED=yes" }, "storage_contract": { "dedupe_key": "domain + source_id + matched_url + reference_id", "allowed_fields": [ "source_id", "checked_at", "verdict", "severity", "matched_url", "evidence_url", "reference_id", "operator_note", "expires_at" ], "forbidden_fields": [ "raw_malware_sample", "page_content_dump", "secret_value", "visitor_ip", "personal_log_line", "full_feed_payload" ], "hashing": "matched_url_hash = sha256(normalized matched_url); Roh-URL nur solange wie fuer Review noetig.", "retention_policy": "Clean-Momentaufnahmen 30 Tage, Treffer mit Ticket/Audit 365 Tage, danach Loesch- oder Neubewertungsworkflow.", "publish_policy": "Treffer erst nach Betreiberprüfung öffentlich als Befund zeigen; bis dahin nur als Betreiber-Alert und Nachweisaufgabe behandeln." }, "tables": [ { "id": "security_feed_observations", "purpose": "Normalisierte Momentaufnahmen aus externen Malware-/Blacklist-/DAST-Feeds.", "fields": [ "domain", "source_id", "checked_at", "verdict", "severity", "matched_url_hash", "reference_id", "dedupe_key", "evidence_url", "expires_at", "created_by_job_id" ], "retention_days": 180, "public_export": "nur aggregierter Status, Referenz und Nachweislink; keine Samples, keine IP-Logs, keine Secrets" }, { "id": "security_feed_alert_links", "purpose": "Verknuepfung von Feedtreffern mit Security-Alerts, Tickets, Owner und SLA.", "fields": [ "dedupe_key", "alert_id", "ticket_id", "owner_role", "sla", "publish_decision", "review_status" ], "retention_days": 365, "public_export": "nur nach Betreiberfreigabe und Sanitizing" }, { "id": "security_feed_audit_log", "purpose": "Auditlog fuer Import, Review, Freigabe, Loeschung und Re-Scan.", "fields": [ "event_id", "dedupe_key", "event_type", "actor_role", "created_at", "before_hash", "after_hash", "reason" ], "retention_days": 365, "public_export": "niemals Rohlog; nur aggregierte Nachweiszaehler" } ], "source_policies": [ { "source_id": "google_safe_browsing", "label": "Google Safe Browsing / Search Console Security Issues", "severity_if_hit": "kritisch", "store_clean_evidence": true, "clean_retention_days": 30, "hit_retention_days": 365, "requires_operator_review_before_publication": true, "dedupe_key_template": "domain + source_id + matched_url + reference_id" }, { "source_id": "urlhaus_malware_urls", "label": "URLhaus / Malware-URL-Feeds", "severity_if_hit": "kritisch", "store_clean_evidence": true, "clean_retention_days": 30, "hit_retention_days": 365, "requires_operator_review_before_publication": true, "dedupe_key_template": "domain + source_id + matched_url + reference_id" }, { "source_id": "phishtank_openphish", "label": "Phishing-Feeds", "severity_if_hit": "hoch", "store_clean_evidence": true, "clean_retention_days": 30, "hit_retention_days": 365, "requires_operator_review_before_publication": true, "dedupe_key_template": "domain + source_id + matched_url + reference_id" }, { "source_id": "spam_reputation", "label": "Spam- und Reputation-Listen", "severity_if_hit": "hoch", "store_clean_evidence": true, "clean_retention_days": 30, "hit_retention_days": 365, "requires_operator_review_before_publication": true, "dedupe_key_template": "domain + source_id + matched_url + reference_id" }, { "source_id": "dom_xss_dast_feed", "label": "DOM-XSS-/DAST-Befundfeed", "severity_if_hit": "kritisch", "store_clean_evidence": true, "clean_retention_days": 30, "hit_retention_days": 365, "requires_operator_review_before_publication": true, "dedupe_key_template": "domain + source_id + matched_url + reference_id" } ], "approval_gates": [ { "id": "feed_secrets_ready", "label": "Live-Feed-Secrets gesetzt", "status": "missing", "evidence": "auth.wuv.de: Security-Feed-Schedule mit 2 Connector-Job(s), 0 bereit, 2 Secret-Luecke(n)." }, { "id": "storage_approval", "label": "Betreiberfreigabe fuer Speicherung", "status": "missing", "evidence": "Ohne Serverfreigabe oder approve_storage=yes bleibt dieses Paket ein Storage-Plan." }, { "id": "no_raw_samples", "label": "Keine Malware-Samples oder Rohpayloads speichern", "status": "passed", "evidence": "Erlaubt sind Referenz, Hash, Verdict, Severity, Nachweislink und Reviewstatus." }, { "id": "dedupe_and_retention", "label": "Dedupe und Retention definiert", "status": "passed", "evidence": "domain + source_id + matched_url + reference_id; Clean 30 Tage, Hit 365 Tage." }, { "id": "public_publish_gate", "label": "Oeffentliche Anzeige erst nach Review", "status": "passed", "evidence": "Treffer werden erst nach Operator-Review mit Alert/Ticket veroeffentlicht." } ], "write_path": { "1_live_connector": "https://saferpage.de/sicherheit/auth.wuv.de/feed-live-json?run=yes", "2_import_preview": "https://saferpage.de/sicherheit/auth.wuv.de/feed-import-json", "3_storage_preview": "https://saferpage.de/sicherheit/auth.wuv.de/feed-storage-json", "4_operator_approval": "https://saferpage.de/sicherheit/auth.wuv.de/feed-storage-json?approve_storage=yes", "5_alert_routing": "https://saferpage.de/sicherheit/auth.wuv.de/alerts-json" }, "runbook": [ "Produktive Feed-Secrets setzen und Schedule-Preflight pruefen.", "Storage-Migration fuer security_feed_observations, security_feed_alert_links und security_feed_audit_log ausrollen.", "Ersten Live-Lauf als Import-Preview validieren; keine automatische Veroeffentlichung.", "SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED=yes oder approve_storage=yes nur nach Betreiberfreigabe, Retention-Review und Alert-Routing setzen.", "Loesch-/Retention-Job aktivieren und stichprobenartig Auditlog pruefen." ], "links": { "json": "https://saferpage.de/sicherheit/auth.wuv.de/feed-storage-json", "csv": "https://saferpage.de/sicherheit/auth.wuv.de/feed-storage-csv", "markdown": "https://saferpage.de/sicherheit/auth.wuv.de/feed-storage-md", "approved_preview": "https://saferpage.de/sicherheit/auth.wuv.de/feed-storage-json?approve_storage=yes", "readiness": "https://saferpage.de/sicherheit/feed-storage-readiness-json", "schedule": "https://saferpage.de/sicherheit/auth.wuv.de/feed-schedule-json", "live_connector": "https://saferpage.de/sicherheit/auth.wuv.de/feed-live-json", "import_preview": "https://saferpage.de/sicherheit/auth.wuv.de/feed-import-json", "security_profile": "https://saferpage.de/sicherheit/auth.wuv.de" }, "disclaimer": "Dieses Paket beschreibt Storage, Retention und Freigabe. Ohne Feed-Secrets und Betreiberfreigabe speichert es keine Feedtreffer." }