anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(roadmap): mark ASN lookup, GeoIP mapping, PTR records shipped

Browse Source
This commit is contained in:
anti
2026-04-25 04:03:11 -04:00
parent 883eaba25b
commit c69fdbb4ac
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
development/DEVELOPMENT.md
View File

@@ -58,7 +58,7 @@
- [x] **Real-time alerting via webhooks** — Admin-configurable outbound webhooks (SIEM/SOAR integration: Wazuh/Shuffle/TheHive/n8n) with HMAC-SHA256 signing, topic-pattern filtering, and bounded retry. Slack/Telegram-specific senders remain as per-destination work (they accept generic webhook payloads already).
- [ ] **Threat intel enrichment** — Auto-lookup IPs against AbuseIPDB, Shodan, and GreyNoise.
- [ ] **Attack campaign clustering** — Group sessions by signatures and timing patterns.
- [ ] **GeoIP mapping** — Visualize attacker origin and ASN data on a map.
- [x] **GeoIP mapping** — Visualize attacker origin and ASN data on a map.
- [ ] **TTPs tagging** — Map observed behaviors to MITRE ATT&CK techniques.
## Dashboard & Visibility
@@ -119,9 +119,9 @@
- [ ] **mDNS/LLMNR leakage** — Attacker hostname/device info from misconfigured systems
### Geolocation & Infrastructure
- [ ] **ASN lookup** — Source IP autonomous system number and org name
- [x] **ASN lookup** — Source IP autonomous system number and org name
- [ ] **BGP prefix / RPKI validity** — Route origin legitimacy
- [ ] **PTR records** — rDNS for attacker IPs (catches infra with forgotten reverse DNS)
- [x] **PTR records** — rDNS for attacker IPs (catches infra with forgotten reverse DNS)
- [ ] **Latency triangulation** — JA4L RTT estimates for rough geolocation
### Service-Level Behavioral Profiling