cqrenet/aoc
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 29 Wiki Activity

29 Releases 37 Tags

RSS Feed
  • v1.3.2 fb5d45dfb3
    Compare

    v1.3.2 — AI Event Explanation & Copy Raw Event
    All checks were successful
    CI / lint-and-test (push) Successful in 23s
    Details
    Release / build-and-push (push) Successful in 1m38s
    Details
    Stable

    tomas.kracmar released this 2026-04-21 20:28:52 +00:00 | 41 commits to main since this release

    What's New

    AI Event Explanation

    • New POST /api/events/{id}/explain endpoint sends an audit event (plus up to 10 related events from the last 24h) to the LLM for a security-focused explanation.
    • The LLM explains what happened, who performed the action, whether it's typical or suspicious, any security implications, and recommended next steps.
    • Available in the raw event modal — click Explain when viewing any event.
    • Gracefully falls back when LLM_API_KEY is not configured.

    Copy Raw Event

    • New Copy button in the raw event modal copies the full JSON to the clipboard.

    Upgrade Notes

    docker compose pull && docker compose up -d

    No configuration changes required.

    Downloads
  • v1.3.1 a5db0d363d
    Compare

    v1.3.1 — MCP over SSE + UI Polish
    All checks were successful
    Release / build-and-push (push) Successful in 1m16s
    Details
    CI / lint-and-test (push) Successful in 25s
    Details
    Stable

    tomas.kracmar released this 2026-04-21 09:28:32 +00:00 | 43 commits to main since this release

    What's New

    MCP Server over SSE (production-ready)

    • New HTTP/SSE MCP transport at GET /mcp/sse and POST /mcp/messages/
    • Reuses existing OIDC Bearer token validation — requires a valid Entra token when AUTH_ENABLED=true
    • Same four tools as the stdio server: search_events, get_event, get_summary, ask
    • Shared tool handlers extracted to mcp_common.py (used by both stdio and SSE transports)
    • Mounted inside FastAPI when AI_FEATURES_ENABLED=true

    UI Polish

    • Page title changed from "AOC Events" → "Admin Operations Center"
    • Hero heading changed from "Directory Audit Explorer" → "Audit Log Explorer"
    • Subtitle updated to mention all data sources: Entra, Intune, Exchange, SharePoint, Teams
    • Filter section moved before the Ask panel for better flow

    Upgrade Notes

    docker compose pull && docker compose up -d

    No configuration changes required.

    Downloads
  • v1.3.0 60b6ad15c4
    Compare

    v1.3.0 — AI Feature Flag & MCP Server
    All checks were successful
    CI / lint-and-test (push) Successful in 45s
    Details
    Release / build-and-push (push) Successful in 1m34s
    Details
    Stable

    tomas.kracmar released this 2026-04-20 16:11:31 +00:00 | 48 commits to main since this release

    What's New

    AI Feature Flag (AI_FEATURES_ENABLED)

    • Gate all AI/natural-language features with a single environment variable.
    • When false, the /api/ask endpoint is completely unregistered and the "Ask a question" panel is hidden from the UI.
    • New GET /api/config/features endpoint exposes feature flags to the frontend.

    MCP Server (backend/mcp_server.py)

    • Standalone Model Context Protocol server for Claude Desktop, Cursor, and other MCP clients.
    • Connects directly to MongoDB (bypasses FastAPI auth layer — run only in trusted environments).
    • Exposes four tools:
      • search_events — filter by entity, service, operation, result, and time range.
      • get_event — retrieve raw event JSON by ID.
      • get_summary — aggregated activity summary (by service, operation, result, top actors) for the last N days.
      • ask — natural language query that returns recent matching events.

    Natural Language Query (/api/ask)

    • Ask questions like "What happened to device ABC123 in the last 3 days?"
    • Intent-aware service filtering: broad queries automatically exclude high-volume Exchange/SharePoint noise.
    • Smart sampling: when datasets are large, failures and high-value services are prioritized for LLM context.
    • Aggregated overviews for datasets with >50 events.
    • Respects active UI filters (services, actor, operation, result, tags).
    • Azure OpenAI / MS Foundry compatible (api-key header, api-version, max_completion_tokens).

    Version Endpoint

    • GET /api/version returns the running version (baked into the Docker image at build time).
    • Displayed as a badge in the UI header.

    Upgrade Notes

    1. Pull the new image: docker compose pull && docker compose up -d
    2. Optionally set AI_FEATURES_ENABLED=false in .env to disable AI features.
    3. Optionally configure LLM_API_KEY, LLM_BASE_URL, LLM_MODEL for the /api/ask endpoint.
    4. For MCP: install mcp from requirements.txt and configure your MCP client to run python backend/mcp_server.py.
    Downloads
  • v1.2.7 b4e504a87b
    Compare

    AOC v1.2.7
    All checks were successful
    Release / build-and-push (push) Successful in 1m31s
    Details
    CI / lint-and-test (push) Successful in 34s
    Details
    Stable

    tomas.kracmar released this 2026-04-20 15:41:21 +00:00 | 49 commits to main since this release

    Intent-aware querying

    • Questions like 'what happened to my laptop' automatically scope to Intune/Device events
    • 'Any new users' scopes to Directory/UserManagement
    • Broad questions ('what happened last week') exclude noisy Exchange/SharePoint logs by default

    Smart sampling

    • MongoDB fetches up to 1000 events, then curates the best 200 for the LLM
    • Failures are always included
    • High-admin-value services (Intune, Directory, Device) are prioritised
    • Exchange/SharePoint only included when explicitly asked for

    Docker image: git.cqre.net/cqrenet/aoc-backend:v1.2.7

    Downloads
  • v1.2.6 d100388c7d
    Compare

    AOC v1.2.6
    All checks were successful
    CI / lint-and-test (push) Successful in 31s
    Details
    Release / build-and-push (push) Successful in 1m17s
    Details
    Stable

    tomas.kracmar released this 2026-04-20 15:29:10 +00:00 | 51 commits to main since this release

    What's new

    • Natural language query with Azure OpenAI / MS Foundry support
    • Filter-aware queries
    • Aggregated event overviews for large result sets
    • Version badge in header
    • Production hardening: non-root container, Gunicorn, nginx, internal-only MongoDB

    Docker image: git.cqre.net/cqrenet/aoc-backend:v1.2.6

    Downloads
  • v1.2.5 11fd87411d
    Compare

    AOC v1.2.5
    All checks were successful
    Release / build-and-push (push) Successful in 1m18s
    Details
    CI / lint-and-test (push) Successful in 20s
    Details
    Stable

    tomas.kracmar released this 2026-04-20 15:24:20 +00:00 | 53 commits to main since this release

    Natural language query (/api/ask)

    Ask plain-English questions and get AI-generated answers backed by audit logs. Supports OpenAI, Azure OpenAI, and MS Foundry.

    Filter-aware queries

    The ask endpoint respects the UI filter panel.

    Scales to thousands of events

    Large result sets are pre-aggregated (counts by service/action/result/actor + failure highlights + 50 recent samples).

    Version display

    Badge in the header shows the running version.

    Production hardening

    Non-root container, Gunicorn workers, internal-only MongoDB, nginx reverse proxy.

    Downloads
  • v1.0.3 86966bb57f
    Compare

    v1.0.3
    Some checks failed
    CI / lint-and-test (push) Failing after 21s
    Details
    Release / build-and-push (push) Failing after 23s
    Details
    Stable

    tomas.kracmar released this 2026-04-16 16:51:14 +00:00 | 74 commits to main since this release

    Release v1.0.3 - Bulk tagging and tag-based filtering

    Added

    • include_tags / exclude_tags query params for /api/events
    • POST /api/events/bulk-tags endpoint for bulk tagging matching events
    • Frontend tag filters (Include tags / Exclude tags)
    • Frontend Bulk tag matching button with append/replace modes

    Changed

    • Improved filter panel layout
    Downloads
  • v1.0.2 6d00d7cf32
    Compare

    v1.0.2
    Some checks failed
    CI / lint-and-test (push) Failing after 2m40s
    Details
    Release / build-and-push (push) Failing after 20s
    Details
    Stable

    tomas.kracmar released this 2026-04-16 10:13:36 +00:00 | 76 commits to main since this release

    Release v1.0.2 - First automated Gitea registry build

    Changed

    • CI/CD: release workflow now pushes Docker images to git.cqre.net/cqrenet/aoc-backend
    • docker-compose.yml pulls images from Gitea container registry
    • Migrated all workflows from GitHub Actions to Gitea Actions
    Downloads
  • v1.0.1 194858490d
    Compare

    v1.0.1
    Some checks failed
    CI / lint-and-test (push) Has been cancelled
    Details
    Release / build-and-push (push) Failing after 6m17s
    Details
    Stable

    tomas.kracmar released this 2026-04-16 09:41:22 +00:00 | 80 commits to main since this release

    Release v1.0.1 - Versioning infrastructure and Docker release pipeline

    Added

    • Semantic versioning starting at v1.0.1
    • Gitea Actions release workflow for building and pushing Docker images
    • VERSION file tracking current release
    • docker-compose.yml pinned to ghcr.io/cqrenet/aoc-backend:v1.0.1

    Fixes (since v1.0.0)

    • JWT auth InvalidSignatureError resolved with idToken fallback
    • Source health dashboard with per-source status
    • Multi-select App / Service filter
    • Application actor support for Intune events
    Downloads