feat: Add sovereign tool stack and integrate ASTRAL/AOC across playbooks
New document: Sovereign Tool Stack — complete capability map for our
open-source consulting arsenal.
Documents updated:
- sovereign-tool-stack.md (new): Maps Prowler, BloodHound, CISO Assistant,
Purple Knight/Forest Druid, ASTRAL, and AOC to engagement modules and
antifragile pillars. Identifies 6 gaps with recommended closes:
Wazuh+Sysmon (EDR), Shuffle (SOAR), TheHive+Cortex (case management),
Cartography (cloud asset mapping), Syft+Grype+Trivy (containers),
Zeek+Suricata (network analysis). Includes per-module tool pairing,
deployment complexity matrix, and integration architecture.
- m365-e3-hardening.md: Added ASTRAL 'configuration immunity' section
and AOC audit log integration references
- endpoint-management-entry-vector.md: Added ASTRAL for Intune
configuration backup and drift detection
- modular-engagements.md: Added ASTRAL and AOC to Module 1/2/3
deliverables; linked sovereign tool stack
- retained-capability.md: Added AOC and Wazuh to detection engineering
description
- ai-assisted-tvm.md: Added AOC and Prowler to discovery layer table
- blue-purple-team-foundation.md: Added sovereign tool stack reference
for open-source SOC architecture
- zero-budget-hardening.md: Linked sovereign tool stack
- README.md + index.md: Added sovereign-tool-stack.md to navigation
Tomas Kracmar
2b969af2a8