Domů Procházet Nápověda
Přihlásit se
tum
/
soc
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Revize 35 Vydání 0 Wiki
Procházet zdrojové kódy

progress update

tum před 1 měsícem
rodič
0359e841fb
revize
a0aa3871b8
1 změnil soubory, kde provedl 9 přidání a 3 odebrání
Jednotný pohled Ukázat statistiku rozdílových dat
  1. 9 3
      progress-update.md

+ 9 - 3
progress-update.md
Zobrazit soubor

7
7
8 
 The MVP platform is operational and running end-to-end in the lab environment.
 8 
 The MVP platform is operational and running end-to-end in the lab environment.
9 
 Core integrations are in place:
 9 
 Core integrations are in place:
10 
+
10 
 - Detection: Wazuh
 11 
 - Detection: Wazuh
11 
 - Automation: Shuffle
 12 
 - Automation: Shuffle
12 
 - Case management: IRIS-web (replacing DFIRTrack)
 13 
 - Case management: IRIS-web (replacing DFIRTrack)
18 
 ## 2) Completed Work
 19 
 ## 2) Completed Work
19
20
20 
 ### Platform orchestration and operations
 21 
 ### Platform orchestration and operations
22 
+
21 
 - Combined stack runner created and improved (`run-combined-stack.sh`)
 23 
 - Combined stack runner created and improved (`run-combined-stack.sh`)
22 
 - Added command support for:
 24 
 - Added command support for:
23 
   - `up`, `down`, `logs`, `status`, `help`
 25 
   - `up`, `down`, `logs`, `status`, `help`
25 
 - Added consolidated health/status script (`soc-status.sh`)
 27 
 - Added consolidated health/status script (`soc-status.sh`)
26
28
27 
 ### Integration architecture
 29 
 ### Integration architecture
30 
+
28 
 - Connected Wazuh, Shuffle, IRIS-web, PagerDuty Stub, and soc-integrator on shared network
 31 
 - Connected Wazuh, Shuffle, IRIS-web, PagerDuty Stub, and soc-integrator on shared network
29 
 - Resolved startup conflicts and runtime issues (port, compose, routing compatibility)
 32 
 - Resolved startup conflicts and runtime issues (port, compose, routing compatibility)
30
33
31 
 ### SOC Integrator (MVP)
 34 
 ### SOC Integrator (MVP)
35 
+
32 
 - Added/validated integration APIs for:
 36 
 - Added/validated integration APIs for:
33 
   - Wazuh
 37 
   - Wazuh
34 
   - Shuffle
 38 
   - Shuffle
44 
 - Added internal API-key protection for mutation endpoints
 48 
 - Added internal API-key protection for mutation endpoints
45
49
46 
 ### Persistence layer
 50 
 ### Persistence layer
51 
+
47 
 - Added PostgreSQL service for soc-integrator (`soc-integrator-db`)
 52 
 - Added PostgreSQL service for soc-integrator (`soc-integrator-db`)
48 
 - Added incident/policy/audit schema and startup initialization
 53 
 - Added incident/policy/audit schema and startup initialization
49 
 - Enabled deduplication and audit tracking for incident processing
 54 
 - Enabled deduplication and audit tracking for incident processing
50
55
51 
 ### Testing utilities and documentation
 56 
 ### Testing utilities and documentation
57 
+
52 
 - Added Wazuh test-event injection script:
 58 
 - Added Wazuh test-event injection script:
53 
   - `scripts/send-wazuh-test-events.sh`
 59 
   - `scripts/send-wazuh-test-events.sh`
54 
 - Added root project docs:
 60 
 - Added root project docs:
61 
 Current stack status: **UP**
 67 
 Current stack status: **UP**
62
68
63 
 Healthy/available components:
 69 
 Healthy/available components:
70 
+
64 
 - Wazuh manager, indexer, dashboard
 71 
 - Wazuh manager, indexer, dashboard
65 
 - IRIS-web app/nginx/worker/db/rabbitmq
 72 
 - IRIS-web app/nginx/worker/db/rabbitmq
66 
 - Shuffle backend/frontend/opensearch/orborus
 73 
 - Shuffle backend/frontend/opensearch/orborus
68 
 - soc-integrator + soc-integrator-db
 75 
 - soc-integrator + soc-integrator-db
69
76
70 
 Endpoint checks:
 77 
 Endpoint checks:
78 
+
71 
 - Wazuh Dashboard: OK
 79 
 - Wazuh Dashboard: OK
72 
 - Wazuh API: OK (auth-protected, expected 401 on unauthenticated root)
 80 
 - Wazuh API: OK (auth-protected, expected 401 on unauthenticated root)
73 
 - IRIS Web: OK
 81 
 - IRIS Web: OK
140
148
141 
 1. Detection content tuning
 149 
 1. Detection content tuning
142 
 - Fine-tune Wazuh rules/decoders for customer log patterns and false-positive reduction
 150 
 - Fine-tune Wazuh rules/decoders for customer log patterns and false-positive reduction
143 
-
144 
 2. Use-case calibration
 151 
 2. Use-case calibration
145 
 - Validate risk/severity mapping per approved use cases
 152 
 - Validate risk/severity mapping per approved use cases
146 
 - Tune exception list and threshold logic (especially VPN geo anomaly)
 153 
 - Tune exception list and threshold logic (especially VPN geo anomaly)
147 
-
148 
 3. UAT evidence package
 154 
 3. UAT evidence package
149 
 - Capture deterministic UAT scenarios and outputs for:
 155 
 - Capture deterministic UAT scenarios and outputs for:
150 
   - IOC flow
 156 
   - IOC flow
151 
   - VPN outside-TH flow
 157 
   - VPN outside-TH flow
152 
   - IRIS case creation/update
 158 
   - IRIS case creation/update
153 
   - PagerDuty Stub escalation path
 159 
   - PagerDuty Stub escalation path
154 
-
155 
 4. Production hardening items
 160 
 4. Production hardening items
156 
 - Rotate default/local secrets used in lab config
 161 
 - Rotate default/local secrets used in lab config
157 
 - Lock down internal API keys and access boundaries
 162 
 - Lock down internal API keys and access boundaries
167 
 Next milestone: **MVP UAT Completion**
 172 
 Next milestone: **MVP UAT Completion**
168
173
169 
 Target outputs:
 174 
 Target outputs:
175 
+
170 
 - Approved UAT checklist execution
 176 
 - Approved UAT checklist execution
171 
 - Tuned policy thresholds for customer environment
 177 
 - Tuned policy thresholds for customer environment
172 
 - Signed-off incident lifecycle flow:
 178 
 - Signed-off incident lifecycle flow: