4 週間前 · a0aa3871b8
--- a/progress-update.md
+++ b/progress-update.md
@@ -7,6 +7,7 @@ Project: FoodProject SOC Platform (Wazuh + Shuffle + IRIS-web + SOC Integrator)
 
				 
			
 
				 The MVP platform is operational and running end-to-end in the lab environment.
			
 
				 Core integrations are in place:
			
 
				+
			
 
				 - Detection: Wazuh
			
 
				 - Automation: Shuffle
			
 
				 - Case management: IRIS-web (replacing DFIRTrack)
			
@@ -18,6 +19,7 @@ All major containers are currently up, and key health checks are passing.
 
				 ## 2) Completed Work
			
 
				 
			
 
				 ### Platform orchestration and operations
			
 
				+
			
 
				 - Combined stack runner created and improved (`run-combined-stack.sh`)
			
 
				 - Added command support for:
			
 
				   - `up`, `down`, `logs`, `status`, `help`
			
@@ -25,10 +27,12 @@ All major containers are currently up, and key health checks are passing.
 
				 - Added consolidated health/status script (`soc-status.sh`)
			
 
				 
			
 
				 ### Integration architecture
			
 
				+
			
 
				 - Connected Wazuh, Shuffle, IRIS-web, PagerDuty Stub, and soc-integrator on shared network
			
 
				 - Resolved startup conflicts and runtime issues (port, compose, routing compatibility)
			
 
				 
			
 
				 ### SOC Integrator (MVP)
			
 
				+
			
 
				 - Added/validated integration APIs for:
			
 
				   - Wazuh
			
 
				   - Shuffle
			
@@ -44,11 +48,13 @@ All major containers are currently up, and key health checks are passing.
 
				 - Added internal API-key protection for mutation endpoints
			
 
				 
			
 
				 ### Persistence layer
			
 
				+
			
 
				 - Added PostgreSQL service for soc-integrator (`soc-integrator-db`)
			
 
				 - Added incident/policy/audit schema and startup initialization
			
 
				 - Enabled deduplication and audit tracking for incident processing
			
 
				 
			
 
				 ### Testing utilities and documentation
			
 
				+
			
 
				 - Added Wazuh test-event injection script:
			
 
				   - `scripts/send-wazuh-test-events.sh`
			
 
				 - Added root project docs:
			
@@ -61,6 +67,7 @@ All major containers are currently up, and key health checks are passing.
 
				 Current stack status: **UP**
			
 
				 
			
 
				 Healthy/available components:
			
 
				+
			
 
				 - Wazuh manager, indexer, dashboard
			
 
				 - IRIS-web app/nginx/worker/db/rabbitmq
			
 
				 - Shuffle backend/frontend/opensearch/orborus
			
@@ -68,6 +75,7 @@ Healthy/available components:
 
				 - soc-integrator + soc-integrator-db
			
 
				 
			
 
				 Endpoint checks:
			
 
				+
			
 
				 - Wazuh Dashboard: OK
			
 
				 - Wazuh API: OK (auth-protected, expected 401 on unauthenticated root)
			
 
				 - IRIS Web: OK
			
@@ -140,18 +148,15 @@ iris_app --> iris_mq : Async jobs
 
				 
			
 
				 1. Detection content tuning
			
 
				 - Fine-tune Wazuh rules/decoders for customer log patterns and false-positive reduction
			
 
				-
			
 
				 2. Use-case calibration
			
 
				 - Validate risk/severity mapping per approved use cases
			
 
				 - Tune exception list and threshold logic (especially VPN geo anomaly)
			
 
				-
			
 
				 3. UAT evidence package
			
 
				 - Capture deterministic UAT scenarios and outputs for:
			
 
				   - IOC flow
			
 
				   - VPN outside-TH flow
			
 
				   - IRIS case creation/update
			
 
				   - PagerDuty Stub escalation path
			
 
				-
			
 
				 4. Production hardening items
			
 
				 - Rotate default/local secrets used in lab config
			
 
				 - Lock down internal API keys and access boundaries
			
@@ -167,6 +172,7 @@ iris_app --> iris_mq : Async jobs
 
				 Next milestone: **MVP UAT Completion**
			
 
				 
			
 
				 Target outputs:
			
 
				+
			
 
				 - Approved UAT checklist execution
			
 
				 - Tuned policy thresholds for customer environment
			
 
				 - Signed-off incident lifecycle flow: