Mirrors/marcredhat-siem-toolkit-patched
1
0
Fork 0
mirror of https://github.com/marcredhat/SIEM-toolkit-patched synced 2026-06-09 21:07:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c182d837ee14700d5ddc0988d90a36c8250056ab
marcredhat-siem-toolkit-pat…/frontend/src/app/onboarding/page.tsx
T
Mick c182d837ee Initial commit: SIEM Toolkit for SentinelOne 
Dockerized SecOps toolkit with:
- Coverage Map: STAR rule vs SDL parser field coverage analysis
- Ingest Dashboard: PowerQuery-powered event volume and source breakdown
- Onboarding Assistant: AI-guided log source onboarding with Claude
- Parser management via SDL MCP integration

Stack: FastAPI + PostgreSQL backend, nginx-served HTML frontend, Docker Compose.
PowerQuery runs via Scalyr XDR API (SDL_XDR_URL + SDL_LOG_READ_KEY).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-19 11:39:26 -04:00

79 lines
3.0 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import { Zap, MessageSquare, FileText, Code2 } from 'lucide-react'
const STEPS = [
{
icon: FileText,
title: '1. Grab a log sample',
desc: 'Copy 1050 representative lines from the new log source. Include edge cases — errors, different event types, varying field presence.',
},
{
icon: MessageSquare,
title: '2. Paste into Claude Code',
desc: 'Open Claude Code and say: "Onboard this log source for SentinelOne SDL" then paste the sample. Mention the source type if known (e.g. "Palo Alto firewall").',
},
{
icon: Code2,
title: '3. Get your artefacts',
desc: 'Claude returns an SDL parser (augmented-JSON), field mappings to the SDL schema, starter STAR detection rules, and parser test assertions.',
},
{
icon: Zap,
title: '4. Deploy',
desc: 'Drop the parser JSON into your /logParsers/ path. Paste the STAR rules into the AI-SIEM rule editor. Run the test assertions to validate extraction.',
},
]
const PROMPT = `Onboard this log source for SentinelOne SDL. Please generate:
1. An SDL parser skeleton in augmented-JSON format (/logParsers/ format)
2. Field mappings from raw fields to the SDL common schema
3. 23 starter STAR detection rules for common threats from this source type
4. 5 parser test assertions (input line → expected field → expected value)
Log source: [describe source, e.g. "Palo Alto PAN-OS firewall"]
Raw log sample:
[paste your log lines here]`
export default function OnboardingPage() {
return (
<div className="p-8 max-w-3xl">
<div className="mb-8">
<h1 className="text-xl font-bold text-white">Onboarding Accelerator</h1>
<p className="text-sm text-gray-400 mt-1">
Use Claude Code directly no API key required
</p>
</div>
<div className="space-y-4 mb-8">
{STEPS.map(({ icon: Icon, title, desc }) => (
<div key={title} className="flex gap-4 bg-gray-900 border border-gray-800 rounded-xl p-4">
<div className="w-8 h-8 shrink-0 rounded-lg bg-purple-900/60 flex items-center justify-center mt-0.5">
<Icon size={15} className="text-purple-300" />
</div>
<div>
<div className="text-sm font-medium text-white">{title}</div>
<div className="text-sm text-gray-400 mt-1">{desc}</div>
</div>
</div>
))}
</div>
<div className="bg-gray-900 border border-gray-800 rounded-xl overflow-hidden">
<div className="px-4 py-2 border-b border-gray-800 flex items-center justify-between">
<span className="text-xs font-medium text-gray-400">Copy this prompt template</span>
<CopyButton text={PROMPT} />
</div>
<pre className="p-4 text-xs text-gray-300 font-mono leading-relaxed whitespace-pre-wrap">{PROMPT}</pre>
</div>
</div>
)
}
function CopyButton({ text }: { text: string }) {
'use client'
return <_CopyButton text={text} />
}
// Split to keep the page a server component with one small client island
import _CopyButton from './_CopyButton'
Reference in New Issue View Git Blame Copy Permalink