Mirrors/marcredhat-siem-toolkit-patched
1
0
Fork 0
mirror of https://github.com/marcredhat/SIEM-toolkit-patched synced 2026-06-10 13:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add health score, coverage trends, dependency map, PowerQuery playground, onboarding tracker

Browse Source 
Tenant Health Score:
- CoverageSnapshot table stores daily health metrics (parser %, MITRE %, firing %)
- _compute_health() weighted formula: 40% parser coverage + 35% MITRE + 25% firing
  (reweighted 55/45 when firing cache empty)
- GET /api/coverage/health returns score + delta vs previous snapshot
- GET /api/coverage/snapshots returns chronological history for sparklines
- POST /api/coverage/snapshot for manual recording
- Auto-snapshot recorded at end of every sync-sources call
- Overview dashboard: prominent health score card with color coding, component
  breakdown, delta indicator, and inline SVG sparkline (last 30 points)

Rule Dependency Map:
- GET /api/coverage/dependency-map flips the coverage map — rule → required sources
- Each source flagged healthy/inactive/no_parser; at_risk = any source missing
- New section on Threat Coverage tab with at-risk filter toggle

PowerQuery Playground:
- New query.py router: GET /presets (7 curated queries) + POST /run
- New Query nav tab with time-range pills, preset buttons, localStorage history,
  monospace textarea, auto-column results table, client-side CSV export

Onboarding Tracker:
- GET /api/coverage/onboarding-status returns per-source pipeline progress
  across 6 stages: Data Received → Parser File → Parser Active → Source
  Labeled → Detection Rules → Rules Firing
- New section on Onboarding tab with emoji stage dots, progress bars,
  collapsed completed sources with show/hide toggle

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mick
2026-05-22 11:09:43 -04:00
parent b4314c07df
commit d0299e0f23
5 changed files with 916 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/db.py
+17
View File
@@ -57,6 +57,23 @@ class RuleFiringCache(Base):
checked_at = Column(DateTime, default=datetime.utcnow)
class CoverageSnapshot(Base):
__tablename__ = "coverage_snapshots"
id = Column(Integer, primary_key=True)
recorded_at = Column(DateTime, default=datetime.utcnow, index=True)
health_score = Column(Float, default=0.0)
parser_pct = Column(Float, default=0.0) # % sources with working parser
mitre_pct = Column(Float, default=0.0) # % ATT&CK tactics covered
firing_pct = Column(Float, default=0.0) # % rules that have fired
active_sources = Column(Integer, default=0)
covered_sources = Column(Integer, default=0)
rules_loaded = Column(Integer, default=0)
tactics_covered = Column(Integer, default=0)
techniques_covered = Column(Integer, default=0)
rules_with_mitre = Column(Integer, default=0)
rules_fired = Column(Integer, default=0)
def get_db():
db = SessionLocal()
try: