Tomas Kracmar
b35cac42e0
Some checks failed
CI / lint-and-test (push) Has been cancelled
- Migrate frontend to Alpine.js for reactive state management
- Add source health dashboard in UI and /api/source-health endpoint
- Add event tagging (PATCH /api/events/{id}/tags) and commenting (POST /api/events/{id}/comments)
- Add CSV/JSON export from the UI
- Add rule-based alerting engine (rules.py) with CRUD endpoints (/api/rules)
- Add SIEM export via webhook (siem.py)
- Add AOC audit trail middleware logging all mutations to aoc_audit collection
- Update config with SIEM_ENABLED, SIEM_WEBHOOK_URL, ALERTS_ENABLED
- Add tests for rules engine, tags, comments, and source health
33 lines
991 B
Plaintext
33 lines
991 B
Plaintext
TENANT_ID=your-tenant-id
|
|
CLIENT_ID=your-client-id
|
|
CLIENT_SECRET=your-client-secret
|
|
ENABLE_PERIODIC_FETCH=false
|
|
FETCH_INTERVAL_MINUTES=60
|
|
AUTH_ENABLED=false
|
|
AUTH_TENANT_ID=your-tenant-id
|
|
AUTH_CLIENT_ID=your-api-client-id
|
|
# Optional scope for SPA login (e.g., api://<client-id>/access_as_user)
|
|
AUTH_SCOPE=
|
|
# Comma-separated lists (optional):
|
|
AUTH_ALLOWED_ROLES=
|
|
AUTH_ALLOWED_GROUPS=
|
|
MONGO_ROOT_USERNAME=root
|
|
MONGO_ROOT_PASSWORD=example
|
|
MONGO_PORT=27017
|
|
|
|
# MongoDB connection string (takes precedence over root credentials in Docker Compose)
|
|
MONGO_URI=mongodb://root:example@localhost:27017
|
|
|
|
# Optional: number of days to retain events in MongoDB (0 = disabled)
|
|
RETENTION_DAYS=0
|
|
|
|
# Optional: comma-separated CORS origins (e.g., http://localhost:3000,https://app.example.com)
|
|
CORS_ORIGINS=*
|
|
|
|
# Optional: SIEM export webhook (e.g., Splunk HEC, Sentinel, or generic syslog webhook)
|
|
SIEM_ENABLED=false
|
|
SIEM_WEBHOOK_URL=
|
|
|
|
# Optional: enable rule-based alerting during ingestion
|
|
ALERTS_ENABLED=false
|