Skip to content

v1.0.0 — Initial Release: Lab + Pipeline

Choose a tag to compare

@jayelbotvibe-web jayelbotvibe-web released this 04 Jul 14:17
52fe543

v1.0.0 — Purple Loop Initial Release

What's included

  • Wazuh 4.9.2 single-node lab with Linux Docker victim + Windows 11 VMware victim
  • Five pluggable Go interfaces: Executor (Docker + SSH), Collector (Wazuh archives), Evaluator (Sigma), Feed (static + arbiter), Reporter (JSON + HTML + ATT&CK Navigator)
  • Campaign orchestration: executes technique plans, collects real telemetry, produces verdicts
  • threat-intel-arbiter integration: SSVC-prioritized campaigns from CISA KEV + MISP feeds
  • Multi-stage emulation plans: discovery chain + APT29 subset
  • Detection-as-code CI: Sigma lint + fixture regression + gitleaks
  • 10 Sigma rules with fixture pairs for regression testing

Lab

  • Linux victim: agent 001 (Docker), command + SCA telemetry
  • Windows victim: agent 002 (VMware bridged), Sysmon + Windows Event Channel
  • SSH key-auth to Windows with firewall on (port 22 only)

Architecture

See DESIGN.md for the full architecture and interface contracts.