anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 11f474556c docs(behave): integration + extractor + attribution design (DEBT-050 / 051) anti 2026-05-03 07:24:19 -04:00
  • 3f080f601d feat(intel,ingester): mal_hash feed + observed_attachments table (DEBT-046) anti 2026-05-03 05:56:46 -04:00
  • 03beff3840 feat(orchestrator): authoritative failure-count badge endpoint (DEBT-042) anti 2026-05-03 05:26:45 -04:00
  • 866a76eccf test(web): scaffold vitest + RTL with Orchestrator seed suite (DEBT-043) anti 2026-05-03 05:20:01 -04:00
  • 6c6f97e840 feat(prober,correlation): attacker fingerprint rotation detection (DEBT-032) anti 2026-05-03 05:12:51 -04:00
  • dcd558fd91 chore(infra): pin Docker base images by digest (DEBT-023) anti 2026-05-03 04:38:39 -04:00
  • 6e19d3a25a chore(bait): scaffold default seed dir with README anti 2026-05-03 04:30:09 -04:00
  • b3a96a045f feat(mail): default email_seed → \$PROJROOT/bait/ when unset anti 2026-05-03 04:25:24 -04:00
  • b88d67794d feat(mail): operator-tunable IMAP/POP3 email seed (DEBT-026) anti 2026-05-03 02:47:06 -04:00
  • e0b07651fd docs(debt): mark DEBT-047 resolved (EmailLifter disk-reach + ttp agent gate) anti 2026-05-02 20:07:54 -04:00
  • 79674026dd feat(cli): allow decnet ttp on agents (DEBT-047) anti 2026-05-02 20:07:03 -04:00
  • e972d870de feat(ttp): EmailLifter disk-reach for body-aware predicates (DEBT-047) anti 2026-05-02 20:05:54 -04:00
  • 7036a86e76 refactor(artifacts): extract resolve_artifact_path to shared module anti 2026-05-02 20:02:47 -04:00
  • cdbb3d3571 fix(ssh,telnet): move PROMPT_COMMAND out of /root/.bashrc + pin readonly anti 2026-05-02 19:50:24 -04:00
  • 3e9c4c29b9 feat(ssh,telnet): add non-root user account for privesc + enum lure anti 2026-05-02 19:48:03 -04:00
  • c675bd26cf docs(debt): mark DEBT-035 resolved; lift DEBT-047 filesystem-access blocker anti 2026-05-02 19:40:12 -04:00
  • b27332169d feat(init): create /var/lib/decnet/artifacts with setgid + group-write anti 2026-05-02 19:35:20 -04:00
  • 39a298f685 feat(init): persist DECNET-service api-user/api-group to decnet.ini anti 2026-05-02 19:33:53 -04:00
  • b3ea3fa925 docs(debt): merge rogue root DEBT.md into the canonical development/DEBT.md anti 2026-05-02 19:17:20 -04:00
  • 17367d0a69 docs(debt,ttp): retire shipped lanes; file mal-hash-feed and R0047-disk-reach entries anti 2026-05-02 19:12:30 -04:00
  • c714941069 feat(bus): project EmailLifter heavyweight fields onto email.received anti 2026-05-02 19:10:30 -04:00
  • 291b78c1d0 feat(smtp): extract body_simhash + base64-bytes + html-smuggling + per-attachment macro/encrypted anti 2026-05-02 19:08:37 -04:00
  • fb85762703 feat(bus): publish email.received from ingester after SMTP artifact persist anti 2026-05-02 18:39:13 -04:00
  • e9324acac7 feat(smtp): emit X-Mailer / Return-Path / dkim+spf / URLs on message_stored anti 2026-05-02 18:37:11 -04:00
  • 2ce150a53e docs(debt): mark email.received producer as paid; file heavyweight follow-up anti 2026-05-02 18:24:51 -04:00
  • 9a7d116351 docs(ttp): sync A.10 + rewrite §9 drift runbook + DEBT.md markers anti 2026-05-02 18:09:20 -04:00
  • f8dee596e5 fix(ttp): expand R0054/R0055/R0057 emits + LAST_REVIEWED markers anti 2026-05-02 18:09:03 -04:00
  • 75ff0ede1f fix(ttp): correct intel_lifter mappings + repoint ThreatFox to threat_type anti 2026-05-02 18:08:48 -04:00
  • a31ad82880 feat(intel): project per-provider taxonomy into attacker.intel.enriched payload anti 2026-05-02 18:08:29 -04:00
  • 999d3494b4 feat(intel): persist per-provider taxonomy on AttackerIntel for TTP dispatch anti 2026-05-02 18:07:57 -04:00
  • d1c4a48963 feat(ttp): split bash CMD evidence into structured uid/user/src/pwd/cmd rows anti 2026-05-02 03:20:53 -04:00
  • 84699f89da feat(ttp): show canonical ATT&CK technique names in the TTPs UI anti 2026-05-02 03:10:07 -04:00
  • 42e9492118 feat(ttp): inspector drawer surfaces evidence + rule_id behind each technique anti 2026-05-02 02:55:05 -04:00
  • c4e29e3bf9 fix(ttp): resolve attacker_uuid from attacker_ip on bus-event consume anti 2026-05-02 02:44:30 -04:00
  • f9901befc4 docs(ttp): catalogue producer wiring for every TTP-watched topic anti 2026-05-02 02:39:23 -04:00
  • b5ce236cab test(bus): pin scope-(2) producer wiring for reuse / clusterer / intel anti 2026-05-02 02:38:24 -04:00
  • b043c96d29 feat(collector): publish attacker.session.ended on session_recorded events anti 2026-05-02 02:35:08 -04:00
  • d9d2a80573 fix(collector): unwrap double-wrapped RFC5424 around bash PROMPT_COMMAND anti 2026-05-02 02:32:21 -04:00
  • e08bfc4a73 fix(ttp): /api/v1/ttp/rules returns the live rule catalogue anti 2026-05-02 01:54:06 -04:00
  • 7ab0df3680 chore(cleaning): deleted swp vimfile anti 2026-05-02 01:39:17 -04:00
  • ca1e04033c docs(ttp): E.5 verification log appended to TTP_TAGGING.md anti 2026-05-02 01:37:45 -04:00
  • 7d1f048764 docs(ttp): E.4.b/E.4.c DEBT entries — provider review + Sigma deferral anti 2026-05-02 01:35:49 -04:00
  • 301d3feee9 feat(ttp): E.4.a extract decnet/cli/ttp.py with worker run + backfill CLI anti 2026-05-02 01:35:17 -04:00
  • e84b522fd3 feat(ttp): E.3.18c wire RuleEngine via RuleEngineTagger anti 2026-05-02 01:29:58 -04:00
  • 65435f1427 feat(ttp): E.3.18b worker fans session-ended payloads into per-command events anti 2026-05-02 01:27:37 -04:00
  • 44ade3eb63 fix(ttp): E.3.18a worker hydrates per-lifter rule indexes via watch_store anti 2026-05-02 01:25:15 -04:00
  • 9a31d0e50c feat(ttp): E.3.17 worker registration + scoped schemathesis suite anti 2026-05-01 21:26:46 -04:00
  • 07a609973b feat(ttp): E.3.16 frontend TTP UI anti 2026-05-01 21:05:28 -04:00
  • 403d83faba feat(ttp): E.3.15 UKC bridge — production phase-handoff edge fires anti 2026-05-01 21:01:58 -04:00
  • 101127247e feat(ttp): E.3.14 worker bootstrap (insert + ttp.tagged publish) anti 2026-05-01 20:57:57 -04:00
  • 322fd44d72 feat(ttp): E.3.13 IdentityLifter + CredentialLifter (R0001-R0006) anti 2026-05-01 20:52:56 -04:00
  • 62ad76615e docs(ttp): mark E.3.9-E.3.12 lifters done anti 2026-05-01 20:31:47 -04:00
  • 7a89fbb357 feat(ttp): E.3.12 EmailLifter (R0041-R0048) anti 2026-05-01 20:31:03 -04:00
  • f211d394e6 feat(ttp): E.3.11 CanaryFingerprintLifter (R0049-R0053) anti 2026-05-01 20:25:57 -04:00
  • 7865e71aa9 feat(ttp): E.3.10 IntelLifter (R0054-R0058) anti 2026-05-01 20:23:42 -04:00
  • eff3e4bce7 feat(ttp): E.3.9 BehavioralLifter (R0031-R0040) anti 2026-05-01 20:17:59 -04:00
  • 321ea7a2a6 refactor(ttp): normalise lifter:<owner>_<name> match.kind prefix anti 2026-05-01 20:10:33 -04:00
  • e7531ee756 refactor(ttp): extract RuleIndex from RuleEngine anti 2026-05-01 20:09:18 -04:00
  • b819dfefa3 feat(ttp): E.3.8 R0054-R0058 intel cohort + mark step done anti 2026-05-01 09:22:48 -04:00
  • dc1867315d feat(ttp): E.3.8 R0049-R0053 canary fingerprint cohort anti 2026-05-01 09:21:01 -04:00
  • 1ad15470a1 feat(ttp): E.3.8 R0041-R0048 email cohort anti 2026-05-01 09:19:56 -04:00
  • 806301e179 feat(ttp): E.3.8 R0031-R0040 behavioral cohort anti 2026-05-01 09:18:27 -04:00
  • b1fe1f9403 feat(ttp): E.3.8 R0001-R0030 command cohort anti 2026-05-01 09:16:38 -04:00
  • c635478442 feat(ttp): E.3.8 corpus + harness — labelled holdout fixture anti 2026-05-01 09:08:07 -04:00
  • ed3f340ea8 feat(ttp): E.3.7 RuleEngine — evaluate + atomic-swap watch_store anti 2026-05-01 08:49:15 -04:00
  • 8a93ee3129 feat(ttp): E.3.6 DatabaseRuleStore — ttp_rule/ttp_rule_state + master sync anti 2026-05-01 08:39:46 -04:00
  • f41995a229 feat(ttp): E.3.5 FilesystemRuleStore — inotify hot-reload + per-rule events anti 2026-05-01 08:31:05 -04:00
  • 89ce893792 feat(ttp): E.3.4 API handlers wired to repo (rollups + Navigator) anti 2026-05-01 08:06:53 -04:00
  • fee697694d feat(ttp): E.3.3 repository — insert_tags + listing rollups (dual backend) anti 2026-05-01 08:04:46 -04:00
  • 226b3adfa2 docs(ttp): mark E.3.1 + E.3.2 done — schema/bus verification anti 2026-05-01 07:57:38 -04:00
  • 3664ea7008 docs(ttp): mark E.2.9–E.2.14b as done in design doc anti 2026-05-01 07:47:01 -04:00
  • 0217319423 test(ttp): E.2.14b RuleStore conformance — cross-backend + filesystem-specific + database-specific anti 2026-05-01 07:45:32 -04:00
  • bf5414c0d1 test(ttp): E.2.14a follow-up — force DECNET_DEVELOPER_TRACING=true, skip when Jaeger unreachable anti 2026-05-01 07:42:22 -04:00
  • f4fe6fe6e4 test(ttp): E.2.14a observability tracing — span hierarchy + no-PII property anti 2026-05-01 07:40:58 -04:00
  • 4a93e16407 test(ttp): E.2.13 repository tests — TTPMixin idempotency + identity-rollup projection on dual backends anti 2026-05-01 07:39:16 -04:00
  • 6814949bc0 test(ttp): E.2.12 worker bus integration — _TOPICS equality, loop-prevention, delivery asymmetry anti 2026-05-01 07:37:58 -04:00
  • c276b5696e test(ttp): E.2.11 multi-mapping property — N×M fan-out, idempotent UUID, replay-safety anti 2026-05-01 07:36:19 -04:00
  • fd81be0bb1 test(ttp): E.2.10 confidence model — downward-only multiplier property, drop-below-0.3, AbuseIPDB-30 worked example anti 2026-05-01 07:34:58 -04:00
  • 79e6df8343 test(ttp): E.2.9 UKC bridge bijection — pin tactic↔phase mapping, observable round-trip, lossy phases anti 2026-05-01 07:33:47 -04:00
  • bcd1f14cd3 feat(ttp): E.1.11 RuleStore contract — base ABC, factory, filesystem + database stubs anti 2026-05-01 07:25:09 -04:00
  • b6e31e64e9 feat(ttp): E.1.10 repository contract — TTPMixin with insert_tags + list_techniques_by_{identity,attacker,campaign,session} + list_distinct_techniques anti 2026-05-01 07:21:37 -04:00
  • b7f206c8c5 feat(ttp): E.1.9 API contract — seven router endpoints, admin-gated state mutations, response models anti 2026-05-01 07:20:13 -04:00
  • cfbfaabfcd feat(ttp): E.1.8 UKC bridge contract — ATTACK_TACTIC_TO_UKC + tactic_to_ukc_phase + inverse anti 2026-05-01 07:12:00 -04:00
  • b5a19301a2 test(ttp): E.2.8 API shape + auth — GET 200/401 + admin-only POST/DELETE 401/403/200/400 contract anti 2026-05-01 07:00:41 -04:00
  • 0cdf8d90da test(ttp): E.2.7 decoupling lint — TTP code may not import decnet.intel.* providers or decnet.profiler.keystroke anti 2026-05-01 06:58:12 -04:00
  • e2078c868d test(ttp): E.2.6 lifter tolerates absence — six lifters return [] on empty joins, no ERROR logs anti 2026-05-01 06:57:29 -04:00
  • 1ffaa3df41 test(ttp): E.2.5 RuleEngine behavior — empty store, malformed YAML, multi-emit fan-out, version collisions anti 2026-05-01 06:56:28 -04:00
  • 5accf8f1b1 test(ttp): E.2.4 Tagger ABC conformance — hypothesis fuzz over swallowed Exception types anti 2026-05-01 06:54:29 -04:00
  • cce84f23dc test(bus): E.2.3 TTP topic naming — constants, builders, wildcard match anti 2026-05-01 06:53:05 -04:00
  • e58aa4fe3a test(ttp): E.2.2 idempotency — determinism, golden value, replay-safety signature lock anti 2026-05-01 06:45:49 -04:00
  • e6f1da2344 test(ttp): E.2.1b evidence shape — TypedDict keys, PII §6 type-level assertion anti 2026-05-01 06:45:35 -04:00
  • c3a799726f test(ttp): E.2.1 schema invariant tests — CHECK, ValueError guard, UUIDv5, JSON round-trip anti 2026-05-01 06:44:57 -04:00
  • 19cc8aa859 feat(ttp): E.1.7 worker contract — run_ttp_worker_loop, _TOPICS, registry entry anti 2026-05-01 06:33:34 -04:00
  • 208ffd8f4f feat(ttp): E.1.6 per-lifter contracts — six TolerantTagger subclasses anti 2026-05-01 06:31:31 -04:00
  • cb9d183c20 feat(ttp): E.1.5 RuleEngine contract — CompiledRule, RuleSchema, RuleEngine ABC anti 2026-05-01 06:30:12 -04:00
  • a703f9eda7 docs(ttp): mark E.1.3 and E.1.4 as done in design doc anti 2026-05-01 06:22:08 -04:00
  • c3c5813211 feat(ttp): E.1.3+E.1.4 Tagger ABC and composite factory contract anti 2026-05-01 06:20:10 -04:00
  • e395306dcb feat(ttp): E.1.2 bus topic contract — TTP_TAGGED, TTP_RULE_FIRED, TTP_RULE_SUPPRESSED, EMAIL_RECEIVED anti 2026-05-01 06:08:11 -04:00
  • ce7efdfdd2 feat(ttp): E.1.1 schema contract — TTPTag, TTPRule, TTPRuleState, evidence TypedDicts, compute_tag_uuid anti 2026-05-01 06:03:45 -04:00
  • d09764beec docs(ttp): add TTP tagging design (order-of-work step 1) anti 2026-05-01 06:02:56 -04:00