mblanke/ThreatHunt
1
0
Fork 0
mirror of https://github.com/mblanke/ThreatHunt.git synced 2026-03-01 05:50:21 -05:00
Code Issues Packages Projects Releases Wiki Activity
10 Commits 5 Branches 0 Tags
5a2ad8ec1c69359e422845c4f3a0aae29b87d441
Commit Graph

10 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mblanke
5a2ad8ec1c feat: Add Playbook Manager, Saved Searches, and Timeline View components 
- Implemented PlaybookManager for creating and managing investigation playbooks with templates.
- Added SavedSearches component for managing bookmarked queries and recurring scans.
- Introduced TimelineView for visualizing forensic event timelines with zoomable charts.
- Enhanced backend processing with auto-queued jobs for dataset uploads and improved database concurrency.
- Updated frontend components for better user experience and performance optimizations.
- Documented changes in update log for future reference.
 2026-02-23 14:23:07 -05:00
mblanke
37a9584d0c docs: update changelog and add robust dev-up startup script 2026-02-23 14:22:17 -05:00
mblanke
bb562a91ca version 0.3.1 2026-02-20 07:16:17 -05:00
mblanke
04a9946891 feat: host-centric network map, analysis dashboard, deduped inventory 
- Rewrote NetworkMap to use deduplicated host inventory (163 hosts from 394K rows)
- New host_inventory.py service: scans datasets, groups by FQDN/ClientId, extracts IPs/users/OS
- New /api/network/host-inventory endpoint
- Added AnalysisDashboard with 6 tabs (IOC, anomaly, host profile, query, triage, reports)
- Added 16 analysis API endpoints with job queue and load balancer
- Added 4 AI/analysis ORM models (ProcessingJob, AnalysisResult, HostProfile, IOCEntry)
- Filters system accounts (DWM-*, UMFD-*, LOCAL/NETWORK SERVICE)
- Infers OS from hostname patterns (W10-* -> Windows 10)
- Canvas 2D force-directed graph with host/external-IP node types
- Click popover shows hostname, FQDN, IPs, OS, users, datasets, connections
 2026-02-20 07:16:17 -05:00
mblanke
9b98ab9614 feat: interactive network map, IOC highlighting, AUP hunt selector, type filters 
- NetworkMap: hunt-scoped force-directed graph with click-to-inspect popover
- NetworkMap: zoom/pan (wheel, drag, buttons), viewport transform
- NetworkMap: clickable IP/Host/Domain/URL legend chips to filter node types
- NetworkMap: brighter colors, 20% smaller nodes
- DatasetViewer: IOC columns highlighted with colored headers + cell tinting
- AUPScanner: hunt dropdown replacing dataset checkboxes, auto-select all
- Rename 'Social Media (Personal)' theme to 'Social Media' with DB migration
- Fix /api/hunts timeout: Dataset.rows lazy='noload' (was selectin cascade)
- Add OS column mapping to normalizer
- Full backend services, DB models, alembic migrations, new routes
- New components: Dashboard, HuntManager, FileUpload, NetworkMap, etc.
- Docker Compose deployment with nginx reverse proxy
 2026-02-19 15:41:15 -05:00
mblanke
d0c9f88268 Add ThreatHunt agent backend/frontend scaffolding 2025-12-29 10:22:57 -05:00
mblanke
dc2dcd02c1 Document Analyst Assist Agents in THREATHUNT_INTENT.md 
Added section on Analyst Assist Agents in ThreatHunt.
 2025-12-24 13:28:52 -05:00
mblanke
73a2efcde3 Add ThreatHunt roadmap with goals and non-goals 
This document outlines the roadmap for ThreatHunt, detailing near, mid, and long-term goals, as well as explicit non-goals.
 2025-12-24 13:08:23 -05:00
mblanke
77509b08f5 docs: clarify VelociCompanion works with CSV uploads, not direct Velociraptor connection 2025-12-09 14:55:16 -05:00
mblanke
6a2279b704 Initial commit 2025-06-16 08:17:19 -04:00