progress

2025-07-13 01:00:52 +02:00
parent 65f7685b01
commit 44349266bd
14 changed files with 2771 additions and 0 deletions
--- a/src/data/services.yaml
+++ b/src/data/services.yaml
@@ -0,0 +1,84 @@
+# Service Status Configuration
+# This file configures the services monitored on the status page
+# Connect to Uptime Kuma API for real-time data
+
+# Uptime Kuma Configuration
+uptimeKuma:
+  enabled: false  # Set to true when Uptime Kuma is configured
+  apiUrl: "https://status.lab.local/api"
+  apiKey: ""  # Add your Uptime Kuma API key here
+  refreshInterval: 30000  # Refresh every 30 seconds
+
+# Static service definitions (used when Uptime Kuma is not available)
+services:
+  - id: timesketch
+    name: "Timesketch Instance"
+    description: "Collaborative forensic timeline analysis platform"
+    url: "https://timesketch.lab.local"
+    category: "Analysis Tools"
+    status: "operational"      # operational|degraded|maintenance|down
+    uptime: "99.9%"
+    responseTime: "245ms"
+    lastChecked: "2025-01-15T10:30:00Z"
+
+  - id: thehive
+    name: "TheHive Platform"
+    description: "Incident response and case management"
+    url: "https://thehive.lab.local"
+    category: "Case Management"
+    status: "operational"
+    uptime: "99.7%"
+    responseTime: "180ms"
+    lastChecked: "2025-01-15T10:30:00Z"
+
+  - id: misp
+    name: "MISP Instance"
+    description: "Threat intelligence sharing platform"
+    url: "https://misp.lab.local"
+    category: "Threat Intelligence"
+    status: "degraded"
+    uptime: "98.2%"
+    responseTime: "890ms"
+    lastChecked: "2025-01-15T10:29:00Z"
+    issues: "High response times due to database optimization"
+
+  - id: elasticsearch
+    name: "Elasticsearch Cluster"
+    description: "Search and analytics engine"
+    url: "https://elastic.lab.local"
+    category: "Infrastructure"
+    status: "operational"
+    uptime: "99.8%"
+    responseTime: "120ms"
+    lastChecked: "2025-01-15T10:30:00Z"
+
+  - id: neo4j
+    name: "Neo4j Database"
+    description: "Graph database for relationship analysis"
+    url: "https://neo4j.lab.local"
+    category: "Infrastructure"
+    status: "maintenance"
+    uptime: "97.1%"
+    responseTime: "N/A"
+    lastChecked: "2025-01-15T09:00:00Z"
+    issues: "Scheduled maintenance window: 09:00-11:00 UTC"
+
+# Service categories for organization
+categories:
+  - name: "Analysis Tools"
+    description: "Forensic analysis and timeline tools"
+  - name: "Case Management"
+    description: "Incident response and case tracking"
+  - name: "Threat Intelligence"
+    description: "IOC sharing and threat analysis"
+  - name: "Infrastructure"
+    description: "Backend services and databases"
+
+# Overall status calculation
+overall:
+  status: "partial_outage"  # operational|degraded|partial_outage|major_outage
+  message: "4 of 5 services operational • 1 service under maintenance"
+  operationalCount: 3
+  degradedCount: 1
+  maintenanceCount: 1
+  downCount: 0
--- a/src/data/tools.yaml
+++ b/src/data/tools.yaml
@@ -0,0 +1,195 @@
+# DFIR Tools Database
+# Edit this file to add, remove, or modify tools
+# Structure: Each tool should have required fields marked with *
+
+tools:
+  - id: sleuthkit
+    name: "The Sleuth Kit"                    # * Display name
+    description: "Collection of command line tools for digital forensic analysis"  # * Brief description
+    domains:                                  # * Array of forensic domains
+      - "Filesystem Forensics"
+    phases:                                   # * Array of DFIR phases
+      - "Examination"
+      - "Analysis"
+    platforms:                               # * Supported platforms
+      - "Linux"
+      - "Windows" 
+      - "macOS"
+    skillLevel: "Intermediate"               # * Beginner|Intermediate|Advanced
+    accessType: "CLI"                        # * CLI|GUI|Web|SaaS
+    url: "https://sleuthkit.org"             # * Project homepage
+    tags:                                    # Optional tags for search
+      - "timeline"
+      - "file-recovery"
+      - "metadata"
+    type: "FOSS"                            # * FOSS|SaaS
+
+  - id: volatility
+    name: "Volatility"
+    description: "Advanced memory forensics framework"
+    domains:
+      - "Memory Forensics"
+      - "Live Forensics"
+    phases:
+      - "Examination"
+      - "Analysis"
+    platforms:
+      - "Linux"
+      - "Windows"
+      - "macOS"
+    skillLevel: "Advanced"
+    accessType: "CLI"
+    url: "https://volatilityfoundation.org"
+    tags:
+      - "memory-analysis"
+      - "malware-detection"
+      - "process-analysis"
+    type: "FOSS"
+
+  - id: wireshark
+    name: "Wireshark"
+    description: "Network protocol analyzer and packet capture tool"
+    domains:
+      - "Network Forensics"
+    phases:
+      - "Examination"
+      - "Reporting"
+    platforms:
+      - "Linux"
+      - "Windows"
+      - "macOS"
+    skillLevel: "Intermediate"
+    accessType: "GUI"
+    url: "https://wireshark.org"
+    tags:
+      - "packet-analysis"
+      - "network-traffic"
+      - "protocol-dissection"
+    type: "FOSS"
+
+  - id: plaso
+    name: "Plaso"
+    description: "Super timeline all the things"
+    domains:
+      - "Filesystem Forensics"
+    phases:
+      - "Analysis"
+      - "Reporting"
+    platforms:
+      - "Linux"
+      - "Windows"
+      - "macOS"
+    skillLevel: "Advanced"
+    accessType: "CLI"
+    url: "https://plaso.readthedocs.io"
+    tags:
+      - "timeline"
+      - "log-analysis"
+      - "artifact-parsing"
+    type: "FOSS"
+
+  - id: yara
+    name: "YARA"
+    description: "Pattern matching engine for malware research"
+    domains:
+      - "Malware Analysis"
+      - "Live Forensics"
+    phases:
+      - "Data Collection"
+      - "Analysis"
+    platforms:
+      - "Linux"
+      - "Windows"
+      - "macOS"
+    skillLevel: "Advanced"
+    accessType: "CLI"
+    url: "https://virustotal.github.io/yara/"
+    tags:
+      - "pattern-matching"
+      - "malware-detection"
+      - "signatures"
+    type: "FOSS"
+
+  # Self-hosted services (what you call "SaaS Tools")
+  - id: timesketch
+    name: "Timesketch"
+    description: "Collaborative forensic timeline analysis"
+    domains:
+      - "Filesystem Forensics"
+      - "Network Forensics"
+    phases:
+      - "Analysis"
+      - "Reporting"
+    platforms:
+      - "Web"
+    skillLevel: "Intermediate"
+    accessType: "Web"
+    url: "https://timesketch.org"
+    tags:
+      - "timeline"
+      - "collaboration"
+      - "visualization"
+    type: "SaaS"
+    selfHosted: true
+    serviceUrl: "https://timesketch.lab.local"  # Internal lab URL
+
+  - id: thehive
+    name: "TheHive"
+    description: "Scalable incident response platform"
+    domains:
+      - "Live Forensics"
+    phases:
+      - "Data Collection"
+      - "Analysis"
+      - "Reporting"
+    platforms:
+      - "Web"
+    skillLevel: "Intermediate"
+    accessType: "Web"
+    url: "https://thehive-project.org"
+    tags:
+      - "incident-response"
+      - "case-management"
+      - "collaboration"
+    type: "SaaS"
+    selfHosted: true
+    serviceUrl: "https://thehive.lab.local"
+
+  - id: misp
+    name: "MISP"
+    description: "Threat intelligence sharing platform"
+    domains:
+      - "Malware Analysis"
+      - "Live Forensics"
+    phases:
+      - "Analysis"
+      - "Reporting"
+    platforms:
+      - "Web"
+    skillLevel: "Advanced"
+    accessType: "Web"
+    url: "https://misp-project.org"
+    tags:
+      - "threat-intelligence"
+      - "ioc-sharing"
+      - "attribution"
+    type: "SaaS"
+    selfHosted: true
+    serviceUrl: "https://misp.lab.local"
+
+# Additional metadata
+metadata:
+  lastUpdated: "2025-01-15"
+  totalTools: 8
+  domains:
+    - "Filesystem Forensics"
+    - "Network Forensics"
+    - "Memory Forensics"
+    - "Live Forensics"
+    - "Malware Analysis"
+    - "Cryptocurrency"
+  phases:
+    - "Data Collection"
+    - "Examination"
+    - "Analysis"
+    - "Reporting"