v0.1 Mick Marc merged

.env.example

@@ -0,0 +1,29 @@
+# ─────────────────────────────────────────────────────────────────────────────
+# SIEM Toolkit — Environment Configuration
+# ─────────────────────────────────────────────────────────────────────────────
+# 1. Copy this file:   cp .env.example .env
+# 2. Fill in values below (see comments for where to find each one)
+# 3. Start the app:    docker-compose up -d --build
+# ─────────────────────────────────────────────────────────────────────────────
+
+# SentinelOne Management Console
+# ─ URL: your console (e.g. https://demo.sentinelone.net)
+# ─ Token: Settings → Users → Service Users → generate API token
+S1_BASE_URL=https://demo.sentinelone.net
+S1_API_TOKEN=
+
+# Singularity Data Lake (SDL) — PowerQuery credentials
+# ─ Console: Settings → Integrations → Data Lake API Keys
+# ─ XDR URL: shown on the API Keys page (e.g. https://xdr.us1.sentinelone.net)
+# ─ Log Read Key: copy the "Log Read" key from that page
+SDL_XDR_URL=https://xdr.us1.sentinelone.net
+SDL_LOG_READ_KEY=
+
+# Anthropic (for Onboarding Accelerator AI features)
+# ─ https://console.anthropic.com/settings/api-keys
+ANTHROPIC_API_KEY=
+
+# SDL Configuration Read key — used by /api/quality/sync-from-sdl to
+# download parser files from /logParsers/ on the SDL tenant.
+# Generate in S1 console: Settings -> Integrations -> Data Lake API Keys (Configuration Read scope).
+SDL_CONFIG_READ_KEY=