Tomas Kracmar
b35cac42e0
Some checks failed
CI / lint-and-test (push) Has been cancelled
- Migrate frontend to Alpine.js for reactive state management
- Add source health dashboard in UI and /api/source-health endpoint
- Add event tagging (PATCH /api/events/{id}/tags) and commenting (POST /api/events/{id}/comments)
- Add CSV/JSON export from the UI
- Add rule-based alerting engine (rules.py) with CRUD endpoints (/api/rules)
- Add SIEM export via webhook (siem.py)
- Add AOC audit trail middleware logging all mutations to aoc_audit collection
- Update config with SIEM_ENABLED, SIEM_WEBHOOK_URL, ALERTS_ENABLED
- Add tests for rules engine, tags, comments, and source health
71 lines
1.9 KiB
Python
71 lines
1.9 KiB
Python
from pydantic_settings import BaseSettings, SettingsConfigDict
|
|
|
|
|
|
class Settings(BaseSettings):
|
|
model_config = SettingsConfigDict(
|
|
env_file=[".env", "../.env"],
|
|
env_file_encoding="utf-8",
|
|
extra="ignore",
|
|
)
|
|
|
|
# Microsoft Graph / App credentials
|
|
TENANT_ID: str = ""
|
|
CLIENT_ID: str = ""
|
|
CLIENT_SECRET: str = ""
|
|
|
|
# MongoDB
|
|
MONGO_URI: str = ""
|
|
DB_NAME: str = "micro_soc"
|
|
|
|
# Periodic fetch
|
|
ENABLE_PERIODIC_FETCH: bool = False
|
|
FETCH_INTERVAL_MINUTES: int = 60
|
|
|
|
# Auth (OIDC/Bearer) settings
|
|
AUTH_ENABLED: bool = False
|
|
AUTH_TENANT_ID: str = ""
|
|
AUTH_CLIENT_ID: str = ""
|
|
AUTH_SCOPE: str = ""
|
|
AUTH_ALLOWED_ROLES: str = ""
|
|
AUTH_ALLOWED_GROUPS: str = ""
|
|
|
|
# Data retention (0 = disabled)
|
|
RETENTION_DAYS: int = 0
|
|
|
|
# CORS
|
|
CORS_ORIGINS: str = "*"
|
|
|
|
# SIEM export
|
|
SIEM_ENABLED: bool = False
|
|
SIEM_WEBHOOK_URL: str = ""
|
|
|
|
# Alerting
|
|
ALERTS_ENABLED: bool = False
|
|
|
|
|
|
_settings = Settings()
|
|
|
|
# Backward-compatible module-level exports
|
|
TENANT_ID = _settings.TENANT_ID
|
|
CLIENT_ID = _settings.CLIENT_ID
|
|
CLIENT_SECRET = _settings.CLIENT_SECRET
|
|
MONGO_URI = _settings.MONGO_URI
|
|
DB_NAME = _settings.DB_NAME
|
|
|
|
ENABLE_PERIODIC_FETCH = _settings.ENABLE_PERIODIC_FETCH
|
|
FETCH_INTERVAL_MINUTES = _settings.FETCH_INTERVAL_MINUTES
|
|
|
|
AUTH_ENABLED = _settings.AUTH_ENABLED
|
|
AUTH_TENANT_ID = _settings.AUTH_TENANT_ID or _settings.TENANT_ID or ""
|
|
AUTH_CLIENT_ID = _settings.AUTH_CLIENT_ID or _settings.CLIENT_ID or ""
|
|
AUTH_SCOPE = _settings.AUTH_SCOPE
|
|
AUTH_ALLOWED_ROLES = {r.strip() for r in _settings.AUTH_ALLOWED_ROLES.split(",") if r.strip()}
|
|
AUTH_ALLOWED_GROUPS = {g.strip() for g in _settings.AUTH_ALLOWED_GROUPS.split(",") if g.strip()}
|
|
|
|
RETENTION_DAYS = _settings.RETENTION_DAYS
|
|
CORS_ORIGINS = [o.strip() for o in _settings.CORS_ORIGINS.split(",") if o.strip()]
|
|
|
|
SIEM_ENABLED = _settings.SIEM_ENABLED
|
|
SIEM_WEBHOOK_URL = _settings.SIEM_WEBHOOK_URL
|
|
ALERTS_ENABLED = _settings.ALERTS_ENABLED
|