Tomas Kracmar
9271b4e461
Some checks failed
CI / lint-and-test (push) Has been cancelled
- Cache Graph API tokens with expiry-aware reuse in graph/auth.py - Add tenacity-based retry/backoff wrapper (utils/http.py) and apply to all Graph/source API calls - Add Pydantic request/response models (models/api.py) and FastAPI query constraints - Add unit tests for event_model, auth and integration tests for API endpoints - Configure ruff linter/formatter in pyproject.toml - Add GitHub Actions CI pipeline (.github/workflows/ci.yml) - Add requirements-dev.txt with pytest, mongomock, httpx, ruff - Clean up typing imports and fix ruff linting across codebase
64 lines
2.8 KiB
Markdown
64 lines
2.8 KiB
Markdown
# AOC Roadmap
|
|
|
|
This roadmap tracks planned improvements for the Admin Operations Center (AOC) project, organized by phase.
|
|
|
|
---
|
|
|
|
## Phase 1: Harden ✅
|
|
Goal: fix critical security and reliability gaps before production use.
|
|
|
|
- [x] Fix JWT signature verification in `auth.py`
|
|
- [x] Fix broken frontend auth button references (`loginBtn` / `logoutBtn`)
|
|
- [x] Add MongoDB indexes (`dedupe_key`, `timestamp`, `service+timestamp`, `id`, text search)
|
|
- [x] Add MongoDB TTL index for data retention (`RETENTION_DAYS`)
|
|
- [x] Add `/health` endpoint with database connectivity check
|
|
- [x] Replace manual `os.getenv` parsing with Pydantic Settings (`pydantic-settings`)
|
|
- [x] Add structured JSON logging (`structlog`)
|
|
- [x] Configure CORS middleware via `CORS_ORIGINS` environment variable
|
|
- [x] Escape user input before MongoDB `$regex` queries (`routes/events.py`)
|
|
- [x] Fix incorrect return value in `maintenance.py dedupe()`
|
|
|
|
---
|
|
|
|
## Phase 2: Stabilize ✅
|
|
Goal: improve resilience, code quality, and development experience.
|
|
|
|
- [x] Cache Graph API tokens and reuse them until near expiry
|
|
- [x] Add exponential backoff / retry logic for Graph API and Office 365 API calls
|
|
- [x] Add unit tests for `normalize_event()`, `_make_dedupe_key()`, and `auth.py`
|
|
- [x] Add integration tests for `/api/events` and `/api/fetch-audit-logs`
|
|
- [x] Configure linter/formatter (`ruff`) and pre-commit hooks
|
|
- [x] Set up GitHub Actions CI pipeline (lint + test)
|
|
- [x] Add Pydantic request/response models for API endpoints
|
|
- [x] Validate `page_size` and `hours` with strict FastAPI constraints
|
|
|
|
---
|
|
|
|
## Phase 3: Scale
|
|
Goal: handle larger data volumes and support real-time ingestion.
|
|
|
|
- [ ] Replace skip-based pagination with cursor-based (search-after) pagination
|
|
- [ ] Add Prometheus `/metrics` endpoint and a Grafana dashboard
|
|
- [ ] Implement incremental fetch watermarking per source (store last fetch timestamp)
|
|
- [ ] Add webhook endpoints to receive Microsoft Graph change notifications
|
|
- [ ] Evaluate Elasticsearch or Azure Cognitive Search for advanced full-text search
|
|
- [ ] Add request ID / correlation ID middleware for distributed tracing
|
|
|
|
---
|
|
|
|
## Phase 4: Enhance
|
|
Goal: evolve from a polling dashboard into a full security operations tool.
|
|
|
|
- [ ] Migrate frontend to a maintainable framework (Vue 3, React, or HTMX + Alpine.js)
|
|
- [ ] Add rule-based alerting (e.g., alert on privileged operations, after-hours activity)
|
|
- [ ] Add SIEM export (Splunk, Sentinel, syslog webhook)
|
|
- [ ] Build an audit trail for AOC itself (who queried what, who triggered fetches)
|
|
- [ ] Add event tagging and commenting (e.g., `investigating`, `false_positive`)
|
|
- [ ] Add export functionality (CSV / JSON) from the UI
|
|
- [ ] Add source health dashboard showing last fetch time and status per source
|
|
|
|
---
|
|
|
|
## Completed in this PR
|
|
All Phase 1 items were implemented in the latest changes.
|