Skip to content

Siem #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Polliog merged 8 commits into from
Dec 9, 2025
Merged

Siem #36

Polliog merged 8 commits into from
Dec 9, 2025

Conversation

@Polliog
Copy link
Collaborator

@Polliog Polliog commented Dec 9, 2025

This pull request introduces major enhancements to the backend database schema, primarily focused on adding comprehensive Security Incident & Event Management (SIEM) capabilities, team invitation and role management, and Sigma rule enablement. It also updates package dependencies and configuration utilities. The most important changes are grouped below:

SIEM & Incident Management Infrastructure:

  • Adds new tables for SIEM and incident management: detection_events (as a TimescaleDB hypertable for time-series analytics), incidents (main incident tracking), incident_alerts (linking incidents to alerts), incident_comments (collaboration), and incident_history (audit trail). Includes indexes, triggers for audit and timestamping, MITRE ATT&CK support, and enrichment fields for IP reputation and GeoIP. [1] [2] [3]
  • Updates the database type definitions in types.ts to reflect the new SIEM-related tables and their fields, including enums for severity and status. [1] [2]

Team Invitation & Role Management:

  • Adds an organization_invitations table for inviting team members via email with role assignment and token-based acceptance, plus supporting indexes and a cleanup function. Also adds a role index for organization_members and updates the type definition to use a strict role enum. [1] [2]
  • Updates the organization_members and organization_invitations types to use explicit role enums ('owner' | 'admin' | 'member').

Sigma Rule Management:

  • Adds an enabled boolean field to the sigma_rules table (and type definition) to allow enabling/disabling rules, with a supporting index for filtering. [1] [2]

Incident History User Context Fix:

  • Alters the incident_history table to make the user_id column nullable, ensuring audit triggers work even when user context is unavailable.

Dependency and Utility Updates:

  • Adds @maxmind/geoip2-node and maxmind packages for GeoIP enrichment. [1] [2]
  • Adds isSmtpConfigured() utility function for checking SMTP configuration.

These changes lay the groundwork for advanced security analytics, incident response, and team management features in the backend.

refs: #5

@Polliog Polliog merged commit 13d2720 into 0.3.0 Dec 9, 2025
Polliog added a commit that referenced this pull request Dec 11, 2025
@Polliog
v0.3.0 (#38)
0eb2c3f 
* Siem (#36)

* 20 infrastructure horizontal scaling support (#37)

* feat: Add C# / .NET SDK section and PDF export functionality to SIEM dashboard

* feat: Update version numbers to 0.3.0 in environment variables, README, and related files
@Polliog Polliog deleted the siem branch February 6, 2026 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Polliog