Merge branch 'main' of http://git2.simplico.net/tum/soc

progress-update.md

@@ -77,7 +77,66 @@ Endpoint checks:
 - PagerDuty Stub: OK
 - soc-integrator `/health`: OK
 
-## 4) In Progress / Remaining for Customer UAT
+## 4) System Architecture Diagram (PlantUML)
+
+```plantuml
+@startuml
+title FoodProject SOC Platform - System Architecture (MVP)
+skinparam componentStyle rectangle
+
+actor "Analyst" as analyst
+cloud "External Log Sources" as logs
+
+rectangle "SOC Shared Docker Network" {
+  node "Wazuh Stack" as wazuh {
+    component "Wazuh Manager" as wazuh_mgr
+    component "Wazuh Indexer" as wazuh_idx
+    component "Wazuh Dashboard" as wazuh_dash
+  }
+
+  node "Shuffle Stack" as shuffle {
+    component "Shuffle Frontend" as shuf_fe
+    component "Shuffle Backend" as shuf_be
+    component "Shuffle Orborus" as shuf_orb
+    component "Shuffle OpenSearch" as shuf_os
+  }
+
+  node "IRIS-web Stack" as iris {
+    component "IRIS Web App" as iris_app
+    database "IRIS DB" as iris_db
+    component "IRIS RabbitMQ" as iris_mq
+  }
+
+  node "SOC Integrator Stack" as integ {
+    component "soc-integrator API" as soc_api
+    database "soc-integrator-db" as soc_db
+  }
+
+  component "PagerDuty Stub" as pd_stub
+}
+
+logs --> wazuh_mgr : Security events
+wazuh_mgr --> wazuh_idx : Index alerts
+analyst --> wazuh_dash : Investigate alerts
+wazuh_dash --> wazuh_idx : Query data
+
+wazuh_mgr --> soc_api : Alert/incident input
+soc_api --> soc_db : Persist incidents\npolicies\naudit
+soc_api --> iris_app : Create/update cases
+soc_api --> pd_stub : Escalation (MVP)
+soc_api --> shuf_be : Trigger automation
+
+shuf_fe --> shuf_be : UI/API
+shuf_be --> shuf_os : Read/write workflow data
+shuf_orb --> shuf_be : Execution queue polling
+shuf_orb --> shuf_os : Workflow state interactions
+
+iris_app --> iris_db : Case data
+iris_app --> iris_mq : Async jobs
+@enduml
+```
+
+## 5) In Progress / Remaining for Customer UAT
 
 1. Detection content tuning
 - Fine-tune Wazuh rules/decoders for customer log patterns and false-positive reduction
@@ -97,13 +156,13 @@ Endpoint checks:
 - Rotate default/local secrets used in lab config
 - Lock down internal API keys and access boundaries
 
-## 5) Risks / Notes
+## 6) Risks / Notes
 
 - Current escalation target is **PagerDuty Stub** by design for MVP.
   Real PagerDuty production integration is the next stage.
 - Some Wazuh config certificate directories are root-owned in the local lab clone, which may affect local git add operations if not excluded/fixed.
 
-## 6) Next Milestone (Proposed)
+## 7) Next Milestone (Proposed)
 
 Next milestone: **MVP UAT Completion**
 
@@ -112,4 +171,3 @@ Target outputs:
 - Tuned policy thresholds for customer environment
 - Signed-off incident lifecycle flow:
   Wazuh event -> soc-integrator decision -> IRIS case -> PagerDuty Stub escalation
-