Inicio Explorar Ayuda
Iniciar sesión
tum
/
soc
Seguir 1
Destacar 0
Fork 0
Código Incidencias 0 Pull Requests 0 Commits 34 Releases 0 Wiki
Explorar el Código

progress update

tum hace 4 semanas
padre
0359e841fb
commit
a0aa3871b8
Se han modificado 1 ficheros con 9 adiciones y 3 borrados
Dividir vista Mostrar estadísticas de diff
  1. 9 3
      progress-update.md

+ 9 - 3
progress-update.md
Ver fichero 

@@ -7,6 +7,7 @@ Project: FoodProject SOC Platform (Wazuh + Shuffle + IRIS-web + SOC Integrator)
7 7
8 8 
 The MVP platform is operational and running end-to-end in the lab environment.
9 9 
 Core integrations are in place:
10 
+
10 11 
 - Detection: Wazuh
11 12 
 - Automation: Shuffle
12 13 
 - Case management: IRIS-web (replacing DFIRTrack)
 
@@ -18,6 +19,7 @@ All major containers are currently up, and key health checks are passing.
18 19 
 ## 2) Completed Work
19 20
20 21 
 ### Platform orchestration and operations
22 
+
21 23 
 - Combined stack runner created and improved (`run-combined-stack.sh`)
22 24 
 - Added command support for:
23 25 
   - `up`, `down`, `logs`, `status`, `help`
 
@@ -25,10 +27,12 @@ All major containers are currently up, and key health checks are passing.
25 27 
 - Added consolidated health/status script (`soc-status.sh`)
26 28
27 29 
 ### Integration architecture
30 
+
28 31 
 - Connected Wazuh, Shuffle, IRIS-web, PagerDuty Stub, and soc-integrator on shared network
29 32 
 - Resolved startup conflicts and runtime issues (port, compose, routing compatibility)
30 33
31 34 
 ### SOC Integrator (MVP)
35 
+
32 36 
 - Added/validated integration APIs for:
33 37 
   - Wazuh
34 38 
   - Shuffle
 
@@ -44,11 +48,13 @@ All major containers are currently up, and key health checks are passing.
44 48 
 - Added internal API-key protection for mutation endpoints
45 49
46 50 
 ### Persistence layer
51 
+
47 52 
 - Added PostgreSQL service for soc-integrator (`soc-integrator-db`)
48 53 
 - Added incident/policy/audit schema and startup initialization
49 54 
 - Enabled deduplication and audit tracking for incident processing
50 55
51 56 
 ### Testing utilities and documentation
57 
+
52 58 
 - Added Wazuh test-event injection script:
53 59 
   - `scripts/send-wazuh-test-events.sh`
54 60 
 - Added root project docs:
 
@@ -61,6 +67,7 @@ All major containers are currently up, and key health checks are passing.
61 67 
 Current stack status: **UP**
62 68
63 69 
 Healthy/available components:
70 
+
64 71 
 - Wazuh manager, indexer, dashboard
65 72 
 - IRIS-web app/nginx/worker/db/rabbitmq
66 73 
 - Shuffle backend/frontend/opensearch/orborus
 
@@ -68,6 +75,7 @@ Healthy/available components:
68 75 
 - soc-integrator + soc-integrator-db
69 76
70 77 
 Endpoint checks:
78 
+
71 79 
 - Wazuh Dashboard: OK
72 80 
 - Wazuh API: OK (auth-protected, expected 401 on unauthenticated root)
73 81 
 - IRIS Web: OK
 
@@ -140,18 +148,15 @@ iris_app --> iris_mq : Async jobs
140 148
141 149 
 1. Detection content tuning
142 150 
 - Fine-tune Wazuh rules/decoders for customer log patterns and false-positive reduction
143 
-
144 151 
 2. Use-case calibration
145 152 
 - Validate risk/severity mapping per approved use cases
146 153 
 - Tune exception list and threshold logic (especially VPN geo anomaly)
147 
-
148 154 
 3. UAT evidence package
149 155 
 - Capture deterministic UAT scenarios and outputs for:
150 156 
   - IOC flow
151 157 
   - VPN outside-TH flow
152 158 
   - IRIS case creation/update
153 159 
   - PagerDuty Stub escalation path
154 
-
155 160 
 4. Production hardening items
156 161 
 - Rotate default/local secrets used in lab config
157 162 
 - Lock down internal API keys and access boundaries
 
@@ -167,6 +172,7 @@ iris_app --> iris_mq : Async jobs
167 172 
 Next milestone: **MVP UAT Completion**
168 173
169 174 
 Target outputs:
175 
+
170 176 
 - Approved UAT checklist execution
171 177 
 - Tuned policy thresholds for customer environment
172 178 
 - Signed-off incident lifecycle flow: