Skip to content

feat: attack chain correlation + Trivy scanning + impact diagram (closes #25, #28, #31)#62

Merged
CodeBuildder merged 1 commit intomainfrom
feat/issue-25-attack-chain
Apr 17, 2026
Merged

feat: attack chain correlation + Trivy scanning + impact diagram (closes #25, #28, #31)#62
CodeBuildder merged 1 commit intomainfrom
feat/issue-25-attack-chain

Conversation

@CodeBuildder
Copy link
Copy Markdown
Owner

@CodeBuildder CodeBuildder commented Apr 17, 2026

Summary

Attack chain correlation (closes #25)

  • 30-minute sliding window correlates alerts by namespace+node
  • MITRE kill chain stage mapping for 15+ Falco rules
  • Confidence scoring: 1 stage=35%, 2=60%, 3+=80%
  • GET /attack-chains endpoint
  • Auto-triggers from audit logger on every incident

Trivy image scanning (closes #28)

  • VulnerabilityReport CRD fetcher in enricher.py
  • Kyverno policy blocks CRITICAL CVEs in prod
  • CVE data flows into Claude reasoning prompt
  • trivy source added to enrichment_sources

Impact diagram UI (closes #31)

  • Live cluster topology: all 3 nodes with IPs
  • Pod status: threat/risk/safe/isolated per node
  • Animated scan line continuously sweeps the diagram
  • Risk bars animate on incident selection: data exposure, lateral movement, node compromise
  • Node status derived from incident severity and hostname
  • What happened bullets + numbered action steps

Checks

  • git diff --check passed
  • No system, kubectl, docker, test, or build commands run per instruction; only git and gh CLI commands were used

Closes #25, #28, #31

@CodeBuildder CodeBuildder added enhancement New feature or request module-4 AI Agent Engine module-5 Command & Control UI module-7 AI correlation and learning module-8 Supply chain identity and resilience module-9 Advanced UI visualizations infrastructure Cluster and infra setup security Security policies and tools ai AI and ML features ui User interface work labels Apr 17, 2026
@CodeBuildder CodeBuildder merged commit 6a3f1b9 into main Apr 17, 2026
3 checks passed
@CodeBuildder CodeBuildder deleted the feat/issue-25-attack-chain branch April 17, 2026 20:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ai AI and ML features enhancement New feature or request infrastructure Cluster and infra setup module-4 AI Agent Engine module-5 Command & Control UI module-7 AI correlation and learning module-8 Supply chain identity and resilience module-9 Advanced UI visualizations security Security policies and tools ui User interface work

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CodeBuildder