cqrenet/antifragile
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add sovereign tool stack and integrate ASTRAL/AOC across playbooks

Browse Source 
New document: Sovereign Tool Stack — complete capability map for our
open-source consulting arsenal.

Documents updated:
- sovereign-tool-stack.md (new): Maps Prowler, BloodHound, CISO Assistant,
  Purple Knight/Forest Druid, ASTRAL, and AOC to engagement modules and
  antifragile pillars. Identifies 6 gaps with recommended closes:
  Wazuh+Sysmon (EDR), Shuffle (SOAR), TheHive+Cortex (case management),
  Cartography (cloud asset mapping), Syft+Grype+Trivy (containers),
  Zeek+Suricata (network analysis). Includes per-module tool pairing,
  deployment complexity matrix, and integration architecture.
- m365-e3-hardening.md: Added ASTRAL 'configuration immunity' section
  and AOC audit log integration references
- endpoint-management-entry-vector.md: Added ASTRAL for Intune
  configuration backup and drift detection
- modular-engagements.md: Added ASTRAL and AOC to Module 1/2/3
  deliverables; linked sovereign tool stack
- retained-capability.md: Added AOC and Wazuh to detection engineering
  description
- ai-assisted-tvm.md: Added AOC and Prowler to discovery layer table
- blue-purple-team-foundation.md: Added sovereign tool stack reference
  for open-source SOC architecture
- zero-budget-hardening.md: Linked sovereign tool stack
- README.md + index.md: Added sovereign-tool-stack.md to navigation
This commit is contained in:
Tomas Kracmar
2026-05-09 17:05:18 +02:00
parent 3569cd7c45
commit 2b969af2a8
10 changed files with 434 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
antifragile-consulting/core/modular-engagements.md
View File

@@ -41,6 +41,7 @@ We do not sell monolithic transformation projects. We sell **building blocks** t
- Compliance baseline: encryption, OS version, password policy, firewall
- Application inventory and shadow IT discovery
- Basic conditional access integration (compliant device required for M365 access)
- ASTRAL deployment for Intune configuration backup and drift detection
- Admin training and operational handover
**Executive pitch**:
@@ -71,6 +72,7 @@ We do not sell monolithic transformation projects. We sell **building blocks** t
- Legacy authentication blocked tenant-wide
- Privileged access workstation (PAW) architecture for admins
- PIM deployment (if E5/Entra ID P2) or manual JIT process (if E3)
- AOC deployment for audit log intelligence and anomalous admin detection
- Guest access audit and time-bounding
- OAuth consent governance
@@ -99,7 +101,8 @@ We do not sell monolithic transformation projects. We sell **building blocks** t
- Mailbox auditing enabled for all users
- Unified Audit Log enabled and forwarded to SIEM
- Microsoft Secure Score baseline and improvement plan
- ASR rule deployment in audit mode (E5) or Defender Antivirus maximization (E3)
- ASR rule deployment in audit mode (E5) or Defender for Endpoint P1 maximisation (E3)
- ASTRAL configuration baseline capture for all M365 security policies
- Windows Defender Firewall and exploit protection baseline
- LAPS deployment for local admin password randomization
@@ -109,7 +112,7 @@ We do not sell monolithic transformation projects. We sell **building blocks** t
**Natural next modules**: Module 4 (Data Governance), Module 5 (AI Sovereignty Bridge), Module 10 (Red Team & Validation)
**See**: [M365 E3 Hardening](../playbooks/m365-e3-hardening.md), [Zero-Budget Hardening](../playbooks/zero-budget-hardening.md)
**See**: [M365 E3 Hardening](../playbooks/m365-e3-hardening.md), [Zero-Budget Hardening](../playbooks/zero-budget-hardening.md), [Sovereign Tool Stack](../playbooks/sovereign-tool-stack.md)
---