cqrenet/aoc
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 29 Wiki Activity

29 Releases 37 Tags

RSS Feed
  • v1.7.0 0a16cf6870
    Compare

    v1.7.0
    All checks were successful
    CI / lint-and-test (push) Successful in 26s
    Details
    Release / build-and-push (push) Successful in 1m15s
    Details
    Stable

    tomas.kracmar released this 2026-04-22 12:12:49 +00:00 | 20 commits to main since this release

    v1.7.0 — Admin Operations SIEM

    What's new

    • Alert notifications with retry logic: webhook, Slack, or Microsoft Teams formats
    • Alert deduplication: same rule + same actor within 15 minutes produces only one alert
    • 10 pre-built admin-ops rule templates seeded automatically on first startup:
      1. Failed Conditional Access
      2. After-Hours Admin Activity
      3. New Application Registration
      4. Admin Role Assignment
      5. License Change
      6. Bulk User Deletion
      7. Device Compliance Failure
      8. Exchange Transport Rule Change
      9. Service Principal Credential Added
      10. External Sharing Enabled
    • Alert dashboard in the UI with severity/status filters
    • Alert actions: Acknowledge, Resolve, False Positive, Reopen
    • Alert summary badge in the hero header showing open high/medium/low counts
    • New API endpoints: GET /api/alerts, PATCH /api/alerts/{id}/status, GET /api/alerts/summary
    • New env vars: ALERT_WEBHOOK_URL, ALERT_WEBHOOK_FORMAT (generic/slack/teams), ALERT_DEDUPE_MINUTES

    Design philosophy

    This is an admin operations alerting system, not a security SIEM. It focuses on things admins need to know about: policy changes, role assignments, license changes, compliance failures — not threat detection.

    Downloads