anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(roadmap): mark threat-intel enrichment shipped

Browse Source 
Out-of-band 'decnet enrich' worker landed across commits feat(intel):
attacker_intel table → factory → providers → worker → CLI → API. v1
ships GreyNoise Community + AbuseIPDB + abuse.ch (Feodo Tracker bulk
feed and ThreatFox per-IP). Shodan / Censys / OTX remain in the
DEVELOPMENT_V2 backlog.
This commit is contained in:
anti
2026-04-26 05:18:05 -04:00
parent d3d9bd5aa7
commit 4ec0dd75c8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
development/DEVELOPMENT.md
View File

@@ -56,7 +56,7 @@
## Detection & Intelligence
- [x] **Real-time alerting via webhooks** — Admin-configurable outbound webhooks (SIEM/SOAR integration: Wazuh/Shuffle/TheHive/n8n) with HMAC-SHA256 signing, topic-pattern filtering, and bounded retry. Slack/Telegram-specific senders remain as per-destination work (they accept generic webhook payloads already).
- [ ] **Threat intel enrichment** — Auto-lookup IPs against AbuseIPDB, Shodan, and GreyNoise.
- [x] **Threat intel enrichment** — Auto-lookup IPs against AbuseIPDB, Shodan, and GreyNoise. -> Out-of-band `decnet enrich` worker, woken on `attacker.scored`/`attacker.observed`. v1 ships GreyNoise Community + AbuseIPDB + abuse.ch (Feodo Tracker bulk feed and ThreatFox per-IP). Shodan / Censys / OTX backlogged in DEVELOPMENT_V2.md.
- [ ] **Attack campaign clustering** — Group sessions by signatures and timing patterns.
- [x] **GeoIP mapping** — Visualize attacker origin and ASN data on a map.
- [ ] **TTPs tagging** — Map observed behaviors to MITRE ATT&CK techniques.