feat: SOC enhancements, SOAR playbooks, and investigative tools#3
Merged
adityashirsatrao007 merged 2 commits intoMay 8, 2026
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR expands SentinelX’s SOC workflow and investigation capabilities by adding new UI surfaces (Threat Graph, Red Team generator, mobile remote demo), enhancing SOAR playbook execution UX, and updating theming/typography. It also introduces backend support for remote event sync plus additional HTTP hardening and rate limiting.
Changes:
- Add new investigative UI pages (ThreatGraph, RedTeam) and a MobileRemote/RemoteSync event-driven demo flow.
- Refresh UI styling by switching Tailwind colors to CSS variables, adjusting typography, and adding new animations.
- Add backend remote event endpoints, security headers, and apply SlowAPI rate limiting to selected auth/analyze endpoints.
Reviewed changes
Copilot reviewed 21 out of 22 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| upgrade_fonts.py | Adds a script to mass-update Tailwind font-size classes in TSX files. |
| frontend/tailwind.config.js | Switches Tailwind color tokens to CSS variable-driven (shadcn-like) theme and adds radius tokens. |
| frontend/src/pages/ThreatGraph.tsx | Adds a new force-directed “Threat Graph” visualization page. |
| frontend/src/pages/RedTeam.tsx | Adds a Red Team phishing payload generator page with “analyze” and “send to mobile” actions. |
| frontend/src/pages/Playbooks.tsx | Adds interactive playbook execution simulation UI with progress/status. |
| frontend/src/pages/Organization.tsx | Updates organization directory UI text and styling to match new theme. |
| frontend/src/pages/MobileRemote.tsx | Adds a mobile “victim/controller” demo UI that polls remote events and triggers actions. |
| frontend/src/pages/Login.tsx | Typography updates to align with new sizing conventions. |
| frontend/src/pages/Dashboard.tsx | UI enhancements (radar sweep animation, stat cards, copy updates). |
| frontend/src/pages/Analyze.tsx | Adds navigation state hydration, call interception simulation, and XAI-style highlighting. |
| frontend/src/pages/Alerts.tsx | Adds quick-response action UI and typography updates. |
| frontend/src/index.css | Updates font imports, shifts to a light theme token set, and adds new animations. |
| frontend/src/components/Sidebar.tsx | Removes theme toggle and adds navigation to new pages. |
| frontend/src/components/RemoteSync.tsx | Adds polling-based remote event handler (navigation/lockdown triggers). |
| frontend/src/App.tsx | Registers new routes and mounts RemoteSync for authenticated views; adds unprotected mobile route. |
| frontend/package.json | Adds graph visualization dependencies. |
| frontend/package-lock.json | Locks dependency tree updates for new packages. |
| backend/app/main.py | Adds TrustedHost middleware, security headers, imports shared limiter, and mounts remote routes. |
| backend/app/core/limiter.py | Centralizes SlowAPI limiter instance. |
| backend/app/api/routes/remote.py | Adds in-memory remote event push/poll endpoints. |
| backend/app/api/routes/auth.py | Adds rate limiting to register/login endpoints. |
| backend/app/api/routes/analyze.py | Adds rate limiting to email/SMS analysis endpoints and injects Request for limiter. |
Files not reviewed (1)
- frontend/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,287 @@ | |||
| import { useState } from 'react'; | |||
| import { useNavigate } from 'react-router-dom'; | |||
| import { Target, Crosshair, AlertTriangle, ShieldAlert, Cpu, Loader2, Copy, CheckCircle2, ArrowRight, Search } from 'lucide-react'; | |||
| nodeVal={node => (node as any).size} | ||
| linkColor={link => (link as any).color} | ||
| linkWidth={link => (link as any).value} | ||
| linkDirectionalParticles={link => (link as any).group === 'threat' ? 4 : 0} |
Comment on lines
+41
to
+49
| case 'PANIC_LOCK': | ||
| document.body.innerHTML = ` | ||
| <div style="background: black; color: red; height: 100vh; display: flex; flex-direction: column; align-items: center; justify-content: center; font-family: monospace; font-weight: bold; text-align: center; padding: 20px;"> | ||
| <h1 style="font-size: 4rem; margin-bottom: 20px;">🚨 SYSTEM LOCKED 🚨</h1> | ||
| <p style="font-size: 1.5rem; letter-spacing: 0.2em;">CRITICAL BREACH DETECTED — EMERGENCY PROTOCOL ACTIVE</p> | ||
| <p style="margin-top: 40px; color: #555;">ADMIN LOCKDOWN INITIATED VIA MOBILE COMMAND</p> | ||
| </div> | ||
| `; | ||
| break; |
Comment on lines
+1
to
+38
| from fastapi import APIRouter, status | ||
| from pydantic import BaseModel | ||
| from typing import List, Optional | ||
| import time | ||
|
|
||
| router = APIRouter(prefix="/remote", tags=["Remote Control"]) | ||
|
|
||
| class RemoteEvent(BaseModel): | ||
| id: int | ||
| event_type: str | ||
| payload: Optional[dict] = None | ||
| created_at: float | ||
|
|
||
| # In-memory store for demo purposes (Hackathon ready) | ||
| events_store: List[RemoteEvent] = [] | ||
|
|
||
| @router.post("/event", status_code=status.HTTP_201_CREATED) | ||
| def push_event(request: dict): | ||
| """Push an event from a mobile device or external trigger.""" | ||
| event_type = request.get("type", "UNKNOWN") | ||
| payload = request.get("payload", {}) | ||
|
|
||
| new_event = RemoteEvent( | ||
| id=len(events_store) + 1, | ||
| event_type=event_type, | ||
| payload=payload, | ||
| created_at=time.time() | ||
| ) | ||
| events_store.append(new_event) | ||
|
|
||
| # Keep only last 50 events | ||
| if len(events_store) > 50: | ||
| events_store.pop(0) | ||
|
|
||
| return new_event | ||
|
|
||
| @router.get("/events", response_model=List[RemoteEvent]) | ||
| def get_events(since_id: int = 0): |
Comment on lines
+73
to
+76
| app.add_middleware( | ||
| TrustedHostMiddleware, | ||
| allowed_hosts=["localhost", "127.0.0.1", "0.0.0.0"] | ||
| ) |
Comment on lines
+113
to
+116
| <p className={`text-sm leading-relaxed ${blocked ? 'line-through text-gray-500' : 'text-gray-300'}`}> | ||
| {incoming.subject ? `Subject: ${incoming.subject}\n` : ''} | ||
| {incoming.body || incoming.message} | ||
| </p> |
| isActive | ||
| ? 'bg-primary/10 text-primary font-bold uppercase tracking-widest text-[10px] border-primary/20 shadow-[0_0_15px_rgba(var(--primary-rgb),0.1)]' | ||
| : 'text-muted-foreground hover:bg-muted hover:text-foreground font-bold uppercase tracking-widest text-[10px] border-transparent' | ||
| ? 'bg-primary/10 text-primary font-bold uppercase tracking-widest text-sm border-primary/20 shadow-[0_0_15px_rgba(var(--primary-rgb),0.1)]' |
Comment on lines
+6
to
+29
| replacements = { | ||
| r'text-\[9px\]': 'text-xs', | ||
| r'text-\[10px\]': 'text-sm', | ||
| r'text-\[11px\]': 'text-sm', | ||
| r'text-\[12px\]': 'text-base', | ||
| r'text-xs': 'text-sm' | ||
| } | ||
|
|
||
| for root, _, files in os.walk(directory): | ||
| for file in files: | ||
| if file.endswith('.tsx'): | ||
| filepath = os.path.join(root, file) | ||
| with open(filepath, 'r') as f: | ||
| content = f.read() | ||
|
|
||
| # Temporarily protect 'text-xs' if we are replacing it | ||
| # But since text-xs to text-sm is straightforward, we can just do it in order | ||
|
|
||
| new_content = content | ||
| for old, new in replacements.items(): | ||
| new_content = re.sub(old, new, new_content) | ||
|
|
||
| if content != new_content: | ||
| with open(filepath, 'w') as f: |
| Mail, MessageSquare, Loader2, ShieldCheck, ShieldAlert, | ||
| Phone, History, Search, ArrowRight, ExternalLink, Clock, Brain, | ||
| Copy, Check, Sparkles, Zap, RefreshCw, Mic2, Waves, Fingerprint | ||
| Phone, Radar, RefreshCw, Smartphone, AlertTriangle, PlayCircle, ArrowRight, |
Comment on lines
+3
to
+4
| Smartphone, ShieldAlert, Zap, Lock, Bell, CheckCircle2, | ||
| Loader2, Send, MessageSquare, ShieldCheck, AlertTriangle, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR introduces a comprehensive suite of enhancements to the SentinelX platform, focusing on SOC operational efficiency, threat investigation, and mobile integration.
Key Enhancements:
upgrade_fonts.pyfor dynamic typography management.These changes provide a more robust and interactive experience for security analysts and researchers.