Tags: beenuar/AiSOC
Tags
v7.2.0 — pull-by-default boot path + CI hardening Track 1 — Pull-by-default boot path - docker-compose.yml: image: + pull_policy: missing on all 12 services - .env.example: AISOC_VERSION pin documented - publish-images.yml: matrix extended from 4 → 12 services - release.yml: same 12-service matrix on tagged builds Track 2 — Build & CI hardening - All 7 Python Dockerfiles: poetry → pip install fallback - compose-smoke.yml: full-stack boot + 10-min health gate on PRs - Nightly cold-cache smoke run on main - Go enrichment + ingest base images 1.21 → 1.24 (matches go.mod) - detection_proposals.py: robust path resolution (no IndexError) - saved_views.py: response_model=None on DELETE 204 route - Idempotent SQL migration backfilling status column on detection_rules Result: docker compose up -d converges in ~90s on a clean clone (was 10–20 min). 26/26 CI checks green on release PR. Full changelog: https://github.com/beenuar/AiSOC/blob/v7.2.0/CHANGELOG.md
feat: ship v4.1 + v5.0 + v5.1 — UEBA, Honeytokens, Purple Team & ente… …rprise governance ## v5.1.0 — Purple Team Adversary Emulation - New `services/purple-team` service: Atomic Red Team loader, Caldera integration, ATT&CK coverage heatmap, tabletop session tracker - Kubernetes Helm template with HPA, PDB, Atomic Red Team volume mount - Purple Team UI page (`/purple-team`) with Coverage, Executions, Tabletop tabs - Alembic migrations for purple_team_atomic_tests, executions, tabletop_sessions ## v5.0.0 — Honeytoken Deception Platform - New `services/honeytokens` service: URL/file/AWS credential/email tokens - HMAC-SHA256 signed tokens, public tracking endpoint → alert pipeline - Webhook delivery with HMAC signing for external integrations - Honeytokens UI page (`/honeytokens`) with token management and event timeline ## v4.1.0 — Enterprise Security & Governance - UEBA behavioral analytics: Welford's online baseline + z-score anomaly detection consuming Kafka `security.events`, publishing to `security.anomalies` - Granular RBAC with `require_permission` FastAPI dependency - PostgreSQL Row-Level Security (multi-tenant isolation via `rls.py`) - SAML 2.0 + OIDC SSO with group→role mapping - API keys CRUD with scoped permissions - Immutable audit log (append-only, DB-level trigger) - Compliance controls + evidence tracking (SOC 2, ISO 27001, NIST CSF) - SLA tracking: `tenant_sla_config` + `alert_sla_events` - OpenTelemetry traces/metrics/logs (OTLP export to Tempo/Jaeger) - Backup/restore scripts with AES-256-GCM encryption - Multi-region deployment runbook + DR runbooks via `generate_runbook.py` - GraphQL endpoint with Strawberry (`/graphql`) ## Infrastructure & DX - Helm: UEBA, Honeytokens, Purple Team deployments with HPA + PDB - GitHub Actions: check-openapi, deploy-docs, sync-marketplace, validate-detections - Community marketplace index (`marketplace/index.json`) - Plugin SDKs: Python (`packages/plugin-sdk-py`), Go (`packages/plugin-sdk-go`) - Client SDKs: Python (`packages/sdk-py`), TypeScript (`packages/sdk-ts`), Go (`packages/sdk-go`) ## Documentation - README.md: complete rewrite for v5.1.0 with full architecture, API, quick-start - CHANGELOG.md: detailed entries for 5.1.0, 5.0.0, 4.1.0 - docs/openapi.yaml: v5.1.0 spec with x-tagGroups for all endpoint families - Docusaurus site: intro, quickstart, architecture, env-vars, REST/GraphQL/WebSocket API, detection rules, plugin overview all updated for v5.1.0
AiSOC v3.0.0 — Threat Intelligence Enrichment + Open-Source Rebrand Highlights ---------- • 13 TI provider integrations: VirusTotal, AbuseIPDB, GreyNoise, Shodan, URLScan, IPinfo (open/freemium) + Cyble Vision, Recorded Future, Mandiant, CrowdStrike, Anomali, IBM X-Force, Flashpoint (commercial tier) • Extended EnrichmentResult schema: DarkWebContext, VulnerabilityRef, BrandRisk • Go module paths migrated from github.com/cyble/aisoc → github.com/beenuar/aisoc • Container images migrated to ghcr.io/beenuar/aisoc-* • Governance files: CODE_OF_CONDUCT, CHANGELOG, ROADMAP, SECURITY • GitHub: CI workflow, CodeQL, Dependabot, PR/Issue templates, CODEOWNERS