Home Explore Help
Sign In
tum
Repositories Public Activity

tum pushed to new_interface at tum/RH2

  • 1285df0113 Stop tracking build artifacts and IDE state These files (bin/, obj/, .vs/, *.suo, *.pdb) were committed before .gitignore covered them, so they kept showing as modified after every build. Remove them from the index (kept on disk); .gitignore already ignores them going forward. Note: bin/WpfLocalization.dll was the only versioned copy of that external dependency; recoverable from history if needed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

3 weeks ago

tum pushed to master at tum/mgt_mitutoyo

  • cf19cc18c6 Show live code in record pickers; harden getSetting ChooseRecord2/3 now display the current MainWindow code (w.code.Text) instead of the stored DB value, so the picker matches the unformatted code rather than showing legacy dashed values. Utils.getSetting guards against a missing config key and surfaces a Configuration Error message box instead of throwing NullReference. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

3 weeks ago

tum pushed to new_interface at tum/RH2

  • d6fbff0e13 Guard config read and show master code in record pickers getSetting: wrap config read in try/catch for missing key / corrupt file (show Configuration Error, return null instead of NullReferenceException). ChooseRecord2/3: display master code (w.code.Text from fillProData) instead of stored code column. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

3 weeks ago

tum pushed to master at tum/OBAppSrc

  • fb4f0df3b4 Show current code in record picker and guard getSetting - ChooseRecord2: display the main window's current code.Text instead of the stored lot_summary.code column, avoiding mixed dashed/raw codes - Utils.getSetting: handle a missing key, show a config-error dialog and return null instead of throwing NullReferenceException Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
  • a20d5f66b4 Add autoEnabled config switch and fix COM port release on exit Auto-capture: - Add autoEnabled app setting (default true), read in initSys before the port handler attaches - Gate the zero-reading self-arm and the Auto button on _autoEnabled, so setting it false fully disables auto-capture (manual grid entry only) - Collapse the two identical zero-reading branches into one COM port: - Run the Sender2 polling thread as a background thread - Use Dispatcher.BeginInvoke in DataReceivedHandler2 so Close() no longer deadlocks on the serial event thread - In Window_Closing, signal the thread and detach the receive handler before closing/disposing the port, so the port is released and reopening no longer fails with "Open Port Fail" Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
  • View comparison for these 2 commits »

3 weeks ago

tum pushed to master at tum/OBAppSrc

  • 7822784d91 Store raw PRO1 code instead of dashed format Assign code.Text directly from PRO1 rather than reformatting it into the 1-4-4-1 dashed layout. Avoids the IndexOutOfRange crash when PRO1 is shorter than 10 chars, and preserves any trailing characters the old formatter dropped. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

3 weeks ago

tum pushed to master at tum/OBAppSrc

  • 812ef686f7 Guard commit against zero values and add AlertMsg dialog - Add AlertMsg window to warn (in Thai) when a row has P1/P2/P3 = 0.0 - Skip printing the label when zero values are present - Add recordTouch guard prompting "Please Commit Record" before reload - Make auto-capture repeat threshold configurable via _nRepeat (was 15) - Check measured row count against No. of Product on commit - Quote the id parameter in GetRecordType SQL lookup Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

3 weeks ago

tum pushed to master at tum/mgt_mitutoyo

  • f7dc2846bd Store product code unformatted (drop X-XXXX-XXXX-X dashes) Assign PRO1 directly to code.Text instead of slicing it into a dash-separated string. First-char grade routing and the REREKI write (which strips dashes anyway) are unaffected; also removes the Substring crash risk when PRO1 is shorter than 10 chars. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

3 weeks ago

tum pushed to master at tum/mgt_mitutoyo

  • 302d5c4f19 Initial commit Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

3 weeks ago

tum created repository tum/mgt_mitutoyo

3 weeks ago

tum pushed to new_interface at tum/RH2

  • dbaa44a163 Store product code without dashes (raw PRO1) Set code.Text directly from PRO1 instead of reformatting into a 1-4-4-1 dashed pattern. Removes the Substring(1,4)/(5,4)/(9,1) calls that crashed when PRO1 was shorter than 10 chars or NULL. The code.Replace("-","") calls used for the Access master RE01 lookup are left as no-ops so previously saved dashed rows still work. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

3 weeks ago

tum pushed to new_interface at tum/RH2

  • aa0e38d3aa Rework readLotFromTxtFile lot parsing; add CLAUDE.md Replace readLotFromTxtFile with a type-grouped parser (dd/MM/yy timestamps, per-type MeasurePoint with P1..P10/avg fill) and keep the previous implementation as readLotFromTxtFileOld for reference. Add CLAUDE.md with build/run guidance and architecture overview. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

3 weeks ago

tum pushed to main at tum/soc

  • 89670823d5 project progress
  • e5811a2fc9 chore: untrack runtime IOC lists from git The malicious-ip, malicious-domains, malware-hashes and their .cdb compiled variants are written at runtime by the Wazuh container (UID 999 / root) via the IOC pipeline. They cannot be committed (permission denied) and have no place in source control. Added *.cdb and the three plain-text IOC list paths to .gitignore and removed them from tracking with git rm --cached. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
  • 37a7aaa173 feat: make Cases tab rows clickable in KPI dashboard renderCasesTable rows now have onclick="openCaseDetail(cid)" and cursor:pointer. Clicking any case row navigates to /case?cid=<id> (the standard IRIS case detail page). Also exposes openCaseDetail on window for the inline onclick handler. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
  • View comparison for these 3 commits »

3 months ago

tum pushed to main at tum/soc

  • 012e088454 fix: pretty-print IRIS alert_note as indented JSON with nulls stripped Replace plain-text sectioned format with json.dumps(indent=2) so the Alert Note field in IRIS renders as readable indented JSON. Null values are recursively removed to keep the output clean. IOC verdict fields (vt_stats, abuseipdb_score/reports, reason) are flattened into the verdicts array for easy scanning. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

3 months ago

tum pushed to main at tum/soc

  • 0519939b69 cleanup shuffle
  • 4012b9d351 feat: IOC CDB refresh pipeline + direct VT/AbuseIPDB evaluation - Replace Shuffle with direct VirusTotal + AbuseIPDB calls in evaluate_ioc() (decision_source=direct_api, no Shuffle dependency) - Add IocFeedAdapter: fetches Feodo Tracker, URLhaus, ThreatFox, MalwareBazaar - Add IocListService: merges feeds + local ioc_trace hits, writes Wazuh CDB list files (malicious-ip, malicious-domains, malware-hashes), restarts manager - Add background _ioc_refresh_loop() (IOC_REFRESH_ENABLED, default off) - Add POST /wazuh/ioc-lists/refresh and GET /wazuh/ioc-lists/status endpoints - Add get_confirmed_iocs() to MvpRepository for self-learning loop - Add restart_manager() to WazuhAdapter (PUT /manager/restart) - Add soc-ioc-cdb-rules.xml: rules 110600-110602 for inline CDB list matching - Update soc-prod-dns decoder to extract query= field as url for CDB lookup - Shared bind-mount: lists/malicious-ioc → wazuh /var/ossec/etc/lists and soc-integrator /ioc-lists - Improve IRIS alert_note: structured readable sections (Asset, Network, IOC Verdicts with per-provider VT stats and AbuseIPDB score) instead of JSON blob - Add soc-integrator/README.md and .env.example with full key reference - Add scripts/test-ioc-pipeline.py: 7-step end-to-end IOC pipeline test - New .env keys: IOC_REFRESH_ENABLED, IOC_REFRESH_INTERVAL_SECONDS, IOC_REFRESH_CONFIDENCE_THRESHOLD, IOC_REFRESH_LOOKBACK_DAYS, WAZUH_LISTS_PATH Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
  • View comparison for these 2 commits »

3 months ago

tum pushed to main at tum/soc

  • 766f4d209d feat: add ICT/UTC dual clock widget to IRIS navbar - ict-clock.js: pure-JS clock that updates every second, computes ICT (UTC+7) without tzdata dependency (adds 7h to UTC ms epoch). Displayed as "HH:MM:SS ICT | HH:MM:SS UTC" in the navbar. - navigation.html + navigation_ext.html: inject <li id="navbar-ict-clock"> into the topbar nav (hidden on small screens via d-none d-md-flex). - footer.html: load ict-clock.js for all authenticated pages. - docker-compose.dev.yml: bind-mount the JS file from source into /iriswebapp/static so it survives container recreates (ui/dist is root-owned and cannot be written from the host directly). IRIS stores and displays timestamps in UTC by design. This widget gives analysts both UTC and local ICT time without patching alert display logic. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
  • 9bb507ca72 chore: fix timezone for Go/scratch containers (shuffle-backend, pagerduty-stub) TZ env var alone isn't enough for Alpine containers with no /usr/share/zoneinfo. Add bind-mounts for both /etc/localtime and /usr/share/zoneinfo/Asia/Bangkok so named TZ lookup resolves correctly. All 15 containers now show +0700. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
  • 191d8f66cc chore: set TZ=Asia/Bangkok on all services Adds TZ=Asia/Bangkok environment variable to every service in: - wazuh-docker/single-node/docker-compose.yml (manager, indexer, dashboard) - iris-web/docker-compose.base.yml (rabbitmq, db, app, worker, nginx) - Shuffle/docker-compose.yml (frontend, backend, orborus, opensearch) - compose-overrides/soc-integrator.yml (soc-integrator, soc-integrator-db) - compose-overrides/pagerduty.stub.yml (pagerduty-stub) Containers need --force-recreate to pick up the new env var. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
  • 16e6a89dbb docs: add IRIS API key runbook Explains why the key rotated (IRIS_ADM_API_KEY was commented out in iris-web/.env), documents the fix applied 2026-03-23, and provides step-by-step procedures for key reset, container recreation, and diagnosis when soc-integrator returns 401/502. Also includes full service key inventory table. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
  • View comparison for these 4 commits »

3 months ago

tum pushed to main at tum/soc

  • 18646e78a6 analysisd tuning: queue sizes, threads, MITRE fix - local_internal_options.conf (new, bind-mounted): increase analysisd queue sizes 16384→65536 for decode/archives/alerts to absorb FortiGate syslog bursts that were causing "Input queue is full" warnings; set event_threads=4, rule_matching_threads=4, dbsync_threads=2 on 12-CPU host; state_interval 5s→30s to reduce I/O. - docker-compose.yml: add bind-mount for local_internal_options.conf. - soc-a4/soc-c1-c3 rules: fix T1098.007→T1098 (sub-technique not in Wazuh 4.14 MITRE DB; was logging WARNING on every group membership event). Result: events_dropped=0; queue overflow warnings eliminated. Note: ~4500 EPS from FortiGate syslog is the root CPU driver — disable logall=yes in wazuh_manager.conf to reduce further if archive replay is no longer needed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

3 months ago

tum pushed to main at tum/soc

  • 3be7c0d801 feat: Wazuh→IRIS alert sync with severity filter - soc-integrator creates IRIS Alerts (not Cases) from Wazuh indexer hits via ingest_wazuh_alert_to_iris() in mvp_service.py - Severity filter: only alerts at/above min_severity reach IRIS (default: medium; persisted in policy_config table) - GET /wazuh/sync-policy — read current threshold - PUT /wazuh/sync-policy — update threshold at runtime (no restart needed) - POST /wazuh/sync-to-mvp — new min_severity query param for per-run override - GET /wazuh/auto-sync/status — now includes min_severity from policy - Sync result includes skipped_filtered and min_severity_applied counters - Add scripts/test-wazuh-iris-sync.py: 7-step end-to-end pipeline test - Update README.md and scripts/README.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

3 months ago

tum pushed to main at tum/coi

  • 02a8e14f85 feat: add QA.2 default user, auto-select QA fields in COI, boolean icon UI - Add qa2_default field to UserProfile with single-user enforcement via save() - Add migration for qa2_default field - Expose qa2_default in UserCustomForm and UserCRUDView list table (after Superuser Status column) - Auto-select current logged-in user as QA.1 in COI view - Auto-select qa2_default user as QA.2 in COI view (persists after lot search) - Default export template changed from Japanese to ASEAN - Render boolean columns as centered check/cross SVG icons in datacrud_list Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

3 months ago

tum pushed to main at tum/soc

  • 5370099102 fix A2/A3 rule OR-trap: replace multi-<match> with single <regex> lookaheads Root cause: multiple <match> elements in a Wazuh rule are ORed, not ANDed. Rule 110311 (A2-01 RDP allowed) matched every FortiGate traffic log (~5M hits/day) because type=traffic OR action=accept is almost always true. Fixes: - 110311: single pcre2 regex (?=.*dstport=3389)(?=.*action=accept) to require BOTH dstport=3389 AND action=accept in same raw log. Note: dstport/action are Wazuh static fields — <field> tag rejected; PCRE2 lookaheads in <regex> are the correct AND mechanism. - 110320: single pcre2 regex for type=traffic AND threat_label=known-c2. - 110331: pcre2 regex for ssl-login-success AND user=guest (AND fix). - 110332: pcre2 regex for ssl-login-success AND previous_country=. - 110333: pcre2 regex for ssl-login-success AND failed_attempts_before_success=. Verified with wazuh-logtest: dstport=3389+accept fires 110311; dstport=161 only fires parent 81618. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

3 months ago

tum pushed to main at tum/soc

  • 395c5c7e78 disk space reduction, rule fixes, and dashboard query alignment - wazuh_manager.conf: disable logall_json (was 14 GB of archives.json growth); add log rotation block (daily, 7-day retention, compressed) - OpenSearch ISM policy applied externally (wazuh-alerts-* / wazuh-archives-*, delete after 30d) - soc-a2/a3/a4, soc-c1-c3 rules: fix if_sid chaining (if_group=fortigate broken in Wazuh 4.x), add production profile rules (110xxx range), align with real archive field names (srccountry, dstport, logonType, etc.) - local_decoder.xml: decoder updates to support new field extractions - appendix-c dashboard: fix query rule.id:1005* → rule.groups: appendix_c (old query matched simulation IDs only, returned nothing for prod rules) - appendix-ab dashboard: narrow query soc_prod* → appendix_a OR appendix_b (excludes C1/C2/C3 rules from A+B panels) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

3 months ago