HTTP CSP Parser
Package functionality and architecture
This package will:
- Parse HTTP
Content-Security-Policyreports. After parsing is done it will fire an
HTTP_CSP::Reportevent that can be used later to extend basic functionality,
- Log every (or only some) report to
- Use Bro Intelligence Framework to cross check domains in
blocked-urifield against your threat intel.
Package contains 3 modules:
You can skip loading optional files in case you don't want to log reports or use intel framework.
You can also redefine following constants to customize package behaviour.
HTTP_CSP::all_sites- parse every report seen (look for
csp-reportkeyword in every HTTP POST request),
HTTP_CSP::monitored_sites- parse only reports sent to specified hosts.