v0.3.0

.env.example

@@ -13,6 +13,15 @@ API_KEY_SECRET=your_32_char_secret_key_here
 PORT=8080
 HOST=0.0.0.0
 
+# Reverse Proxy / Load Balancer
+# Set to true when running behind Traefik, nginx, or other reverse proxy
+# This enables proper client IP detection for rate limiting and logging
+TRUST_PROXY=false
+
+# Port for Traefik to listen on (default: 80)
+# Only used when deploying with docker-compose.yml (Traefik setup)
+LOGWARD_PORT=80
+
 # SMTP (configure for email alerts)
 SMTP_HOST=smtp.example.com
 SMTP_PORT=587
@@ -45,7 +54,15 @@ SERVICE_NAME=logward-backend
 
 # Frontend (SvelteKit)
 # Public API URL for frontend to connect to backend
-PUBLIC_API_URL=http://localhost:8080
+#
+# When using docker-compose.yml (with Traefik reverse proxy):
+#   - Leave empty or don't set - frontend uses relative URLs automatically
+#   - This is the recommended production setup
+#
+# When running frontend separately or in development:
+#   - Set to the backend URL (e.g., http://localhost:8080)
+#
+# PUBLIC_API_URL=http://localhost:8080
 
 # GitHub API Token (optional - for SigmaHQ integration)
 # Without token: 60 requests/hour rate limit
@@ -58,5 +75,26 @@ PUBLIC_API_URL=http://localhost:8080
 # Available registries:
 #   - Docker Hub: logward/backend:latest, logward/frontend:latest
 #   - GHCR: ghcr.io/logward-dev/logward-backend:latest, ghcr.io/logward-dev/logward-frontend:latest
-# LOGWARD_BACKEND_IMAGE=logward/backend:0.2.4
-# LOGWARD_FRONTEND_IMAGE=logward/frontend:0.2.4
+# LOGWARD_BACKEND_IMAGE=logward/backend:0.3.0
+# LOGWARD_FRONTEND_IMAGE=logward/frontend:0.3.0
+
+# =============================================================================
+# HORIZONTAL SCALING
+# =============================================================================
+#
+# LogWard supports horizontal scaling out of the box. The backend and worker
+# are stateless - all state is stored in PostgreSQL and Redis.
+#
+# For horizontal scaling, use the Traefik overlay:
+#   docker compose -f docker-compose.yml -f docker-compose.traefik.yml up -d
+#   docker compose -f docker-compose.yml -f docker-compose.traefik.yml up -d --scale backend=3 --scale worker=2
+#
+# Architecture:
+#   - Traefik: Reverse proxy, load balances across backend instances (port 3080)
+#   - Backend: Stateless API servers (scale freely)
+#   - Worker: BullMQ job processors (scale freely, jobs distributed via Redis)
+#   - Redis: Shared state (sessions, cache, job queues, rate limiting)
+#   - PostgreSQL: Persistent storage (TimescaleDB)
+#
+# Rate limiting and sessions are shared across instances via Redis.
+# No sticky sessions required - any instance can handle any request.

.gitignore

@@ -47,3 +47,6 @@ claude.md
 /packages/backend/.claude/
 /packages/backend/load-tests/
 /testing-scripts/
+
+# Enrichment databases (downloaded on first run: GeoLite2, IPsum)
+/packages/backend/data/

CHANGELOG.md

@@ -5,6 +5,76 @@ All notable changes to LogWard will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.3.0] - 2025-12-10
+
+### Added
+
+- **SIEM Dashboard**: Full-featured Security Information and Event Management interface
+  - Security Dashboard with 6 real-time widgets:
+    - Summary stats (total detections, incidents, open, critical)
+    - Top threats chart (Sigma rules ranked by detection count)
+    - Detection timeline (time-series visualization)
+    - Affected services list
+    - Severity distribution pie chart
+    - MITRE ATT&CK heatmap (techniques across tactics matrix)
+  - Incident List page with filtering (status, severity) and pagination
+  - Incident Detail page with three tabs:
+    - Detections: matched log events with field details
+    - Comments: collaboration thread for incident response
+    - History: full activity timeline of status changes
+  - Incident status workflow (Open → Investigating → Resolved → False Positive)
+  - Assignee management for incident ownership
+  - PDF export for incident reports (print-based generation)
+  - Real-time updates via SSE (Server-Sent Events)
+
+- **C# / .NET SDK**: Official SDK for .NET 6/7/8 applications
+  - Full documentation at `/docs/sdks/csharp`
+  - Automatic batching with configurable size and interval
+  - Retry logic with exponential backoff
+  - Circuit breaker pattern for fault tolerance
+  - Query API for searching and filtering logs
+  - Trace ID context for distributed tracing
+  - ASP.NET Core middleware for auto-logging HTTP requests
+  - Dependency injection support
+  - Thread-safe, full async/await support
+
+- **IP Reputation & GeoIP Enrichment** (Backend ready, UI in incident detail)
+  - IP reputation lookup integration
+  - GeoIP data display with map visualization
+  - Enrichment cards in incident detail view
+
+- **Organization Invitations**: Invite users to join your organization
+  - Send email invitations to new team members
+  - Pending invitations management (view, resend, revoke)
+  - Role assignment on invite (admin, member)
+  - Invitation acceptance flow with automatic org membership
+  - Invitation expiration handling
+
+- **Horizontal Scaling Documentation**: Guide for scaling LogWard across multiple instances
+  - Traefik reverse proxy configuration with load balancing
+  - Docker Compose overlay for scaled deployments
+  - Sticky sessions for SSE connections
+  - Health check configuration for backend instances
+  - Environment variables for scaling configuration
+
+### Changed
+
+- **Homepage**: Added Go and C# to "Works with your stack" section
+- **SDK Overview**: Added C# SDK card with installation and features
+- **Sidebar Navigation**: Added C# / .NET link to SDKs section
+- **README**:
+  - Added SIEM Dashboard screenshot
+  - Added SIEM feature to Alpha features list
+  - New dedicated section for SIEM Dashboard & Incident Management
+  - Added C# SDK to SDKs table
+  - Updated Kotlin SDK link to GitHub repository
+
+### Fixed
+
+- PDF export now properly connected in incident detail page (was missing `onExportPdf` prop)
+
+---
+
 ## [0.2.4] - 2025-12-04
 
 ### Added

README.md

@@ -15,7 +15,7 @@
   <a href="https://github.com/logward-dev/logward/actions/workflows/ci.yml"><img src="https://github.com/logward-dev/logward/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
   <a href="https://codecov.io/gh/logward-dev/logward"><img src="https://codecov.io/gh/logward-dev/logward/branch/main/graph/badge.svg" alt="Coverage"></a>
   <a href="https://hub.docker.com/r/logward/backend"><img src="https://img.shields.io/docker/v/logward/backend?label=docker&logo=docker" alt="Docker"></a>
-  <img src="https://img.shields.io/badge/version-0.2.4-blue.svg" alt="Version">
+  <img src="https://img.shields.io/badge/version-0.3.0-blue.svg" alt="Version">
   <img src="https://img.shields.io/badge/license-AGPLv3-blue.svg" alt="License">
   <img src="https://img.shields.io/badge/status-alpha-orange.svg" alt="Status">
   <img src="https://img.shields.io/badge/cloud-free_during_alpha-success.svg" alt="Free Cloud">
@@ -50,6 +50,9 @@ Designed for developers and European SMBs who need **GDPR compliance**, **data o
 ### Distributed Tracing
 ![LogWard Traces](docs/images/traces.png)
 
+### SIEM Dashboard
+![LogWard Security](docs/images/security.png)
+
 ### Alerts & Notifications
 ![LogWard Alerts](docs/images/alerts.png)
 
@@ -78,88 +81,19 @@ Total control over your data. **No build required** - uses pre-built images from
 
 **Prerequisites:** Docker & Docker Compose.
 
-1.  **Create `docker-compose.yml`**
-    ```yaml
-    services:
-      postgres:
-        image: timescale/timescaledb:latest-pg16
-        environment:
-          POSTGRES_DB: logward
-          POSTGRES_USER: logward
-          POSTGRES_PASSWORD: ${DB_PASSWORD:-password}
-        volumes:
-          - postgres_data:/var/lib/postgresql/data
-        healthcheck:
-          test: ["CMD-SHELL", "pg_isready -U logward"]
-          interval: 10s
-          timeout: 5s
-          retries: 5
-
-      redis:
-        image: redis:7-alpine
-        command: redis-server --requirepass ${REDIS_PASSWORD:-password}
-        volumes:
-          - redis_data:/data
-        healthcheck:
-          test: ["CMD", "sh", "-c", "redis-cli -a ${REDIS_PASSWORD:-password} ping | grep -q PONG"]
-          interval: 10s
-          timeout: 3s
-          retries: 5
-
-      backend:
-        image: logward/backend:latest
-        ports:
-          - "8080:8080"
-        environment:
-          DATABASE_URL: postgresql://logward:${DB_PASSWORD:-password}@postgres:5432/logward
-          DATABASE_HOST: postgres
-          DB_USER: logward
-          REDIS_URL: redis://:${REDIS_PASSWORD:-password}@redis:6379
-          API_KEY_SECRET: ${API_KEY_SECRET:-change_me_32_chars_secret_key!!}
-        depends_on:
-          postgres:
-            condition: service_healthy
-          redis:
-            condition: service_healthy
-        healthcheck:
-          test: ["CMD", "node", "-e", "require('http').get('http://localhost:8080/health', r => r.statusCode === 200 ? process.exit(0) : process.exit(1))"]
-          interval: 30s
-          timeout: 3s
-          retries: 3
-          start_period: 40s
-
-      worker:
-        image: logward/backend:latest
-        command: ["worker"]
-        environment:
-          DATABASE_URL: postgresql://logward:${DB_PASSWORD:-password}@postgres:5432/logward
-          DATABASE_HOST: postgres
-          DB_USER: logward
-          REDIS_URL: redis://:${REDIS_PASSWORD:-password}@redis:6379
-          API_KEY_SECRET: ${API_KEY_SECRET:-change_me_32_chars_secret_key!!}
-        depends_on:
-          backend:
-            condition: service_healthy
-          redis:
-            condition: service_healthy
-
-      frontend:
-        image: logward/frontend:latest
-        ports:
-          - "3000:3000"
-        environment:
-          PUBLIC_API_URL: http://localhost:8080
-        depends_on:
-          - backend
-
-    volumes:
-      postgres_data:
-      redis_data:
+1.  **Download configuration**
+    ```bash
+    mkdir logward && cd logward
+    curl -O https://raw.githubusercontent.com/logward-dev/logward/main/docker/docker-compose.yml
+    curl -O https://raw.githubusercontent.com/logward-dev/logward/main/docker/.env.example
+    mv .env.example .env
     ```
 
-    > **Note:** Database migrations run automatically when the backend starts. When upgrading, just pull the new images and restart.
-
-2.  **Create `.env`** with secure passwords
+2.  **Edit `.env`** with secure passwords
+    ```bash
+    nano .env
+    ```
+    Required variables:
     ```bash
     DB_PASSWORD=your_secure_db_password
     REDIS_PASSWORD=your_secure_redis_password
@@ -172,13 +106,17 @@ Total control over your data. **No build required** - uses pre-built images from
     ```
 
 4.  **Access LogWard**
-    * **URL:** `http://localhost:3000`
+    * **Frontend:** `http://localhost:3000`
+    * **API:** `http://localhost:8080`
     * **First Time?** Click "Sign up" to create your account
-    * **Then:** Create your first organization and project
+
+> **Note:** Database migrations run automatically on first start.
 
 **Docker Images:** [Docker Hub](https://hub.docker.com/r/logward/backend) | [GitHub Container Registry](https://github.com/logward-dev/logward/pkgs/container/logward-backend)
 
-> **Production:** Pin versions with `image: logward/backend:0.2.4` instead of `latest`.
+> **Production:** Pin versions with `LOGWARD_BACKEND_IMAGE=logward/backend:0.3.0` in your `.env` file.
+
+> **Horizontal Scaling:** For scaling multiple backend instances, see [deployment docs](https://logward.dev/docs/deployment#horizontal-scaling).
 
 ---
 
@@ -192,7 +130,8 @@ We have ready-to-use SDKs for the most popular languages.
 | **Python** | ✅ Ready | [`logward-sdk`](https://pypi.org/project/logward-sdk/) |
 | **Go** | ✅ Ready | [`logward-sdk-go`](https://github.com/logward-dev/logward-sdk-go) |
 | **PHP** | ✅ Ready | [`logward-dev/sdk-php`](https://packagist.org/packages/logward-dev/sdk-php) |
-| **Kotlin** | ✅ Ready | [`logward-sdk-kotlin`](#) |
+| **Kotlin** | ✅ Ready | [`logward-sdk-kotlin`](https://github.com/logward-dev/logward-sdk-kotlin) |
+| **C# / .NET** | ✅ Ready | [`LogWard.SDK`](https://github.com/logward-dev/lgoward-sdk-csharp) |
 | **Docker** | ✅ Ready | Use Fluent Bit / Syslog driver |
 | **HTTP** | ✅ Ready | [API Reference](#) |
 | **OpenTelemetry** | ✅ Ready | OTLP endpoint (logs + traces) |
@@ -207,7 +146,8 @@ We have ready-to-use SDKs for the most popular languages.
 * ✅ **Multi-Organization:** Isolate teams and projects strictly.
 * ✅ **Alerting:** Get notified via Email or Webhook (Slack/Discord) on error spikes.
 * ✅ **Retention Policy:** Automatic cleanup of old logs via TimescaleDB.
-* ✅ **Sigma Rules Detection:** Built-in engine to run security detection rules (YAML) against your logs, effectively turning LogWard into a lightweight SIEM for threat detection.
+* ✅ **Sigma Rules Detection:** Built-in engine to run security detection rules (YAML) against your logs for threat detection.
+* ✅ **SIEM Dashboard:** Security dashboard with incident management, MITRE ATT&CK mapping, and PDF report export. *(New in 0.3.0)*
 * ✅ **OpenTelemetry Support:** Native OTLP ingestion for logs and traces (protobuf + JSON).
 * ✅ **Distributed Tracing:** Trace viewer with span timeline, service dependencies graph, and trace-to-logs correlation.
 
@@ -239,6 +179,27 @@ level: high
 
 ---
 
+## 🚨 SIEM Dashboard & Incident Management (New in 0.3.0)
+
+LogWard now includes a full-featured **Security Information and Event Management (SIEM)** dashboard, turning your log platform into a lightweight security operations center.
+
+### Security Dashboard
+* **Summary Stats:** Total detections, open incidents, critical alerts at a glance
+* **Top Threats Chart:** Sigma rules ranked by detection count
+* **Detection Timeline:** Time-series visualization of security events
+* **Affected Services:** Quick view of which services triggered detections
+* **Severity Distribution:** Pie chart breakdown (Critical/High/Medium/Low)
+* **MITRE ATT&CK Heatmap:** Visualize detected techniques across the ATT&CK matrix
+
+### Incident Management
+* **Incident Workflow:** Track incidents through Open → Investigating → Resolved → False Positive
+* **Comments & Collaboration:** Add notes and discuss incidents with your team
+* **Activity Timeline:** Full audit trail of all status changes and actions
+* **Detection Events:** View matched fields and log context for each detection
+* **PDF Export:** Generate incident reports for compliance and documentation
+
+---
+
 ## 🏗️ Tech Stack
 
 We use modern, type-safe tools to ensure performance and maintainability.

docker/.env.example

@@ -0,0 +1,49 @@
+# LogWard Docker Configuration
+# =============================
+# Copy this file to .env and set secure passwords
+
+# =============================================================================
+# REQUIRED - Set these before starting
+# =============================================================================
+
+# Database password (use a strong random password)
+DB_PASSWORD=your_secure_database_password
+
+# Redis password (use a strong random password)
+REDIS_PASSWORD=your_secure_redis_password
+
+# API key encryption secret (minimum 32 characters)
+API_KEY_SECRET=your_32_character_secret_key_here
+
+# =============================================================================
+# OPTIONAL - Customize if needed
+# =============================================================================
+
+# Database settings (defaults work for most setups)
+DB_NAME=logward
+DB_USER=logward
+
+# Frontend API URL (only change if backend is on different host)
+# Default: http://localhost:8080
+# PUBLIC_API_URL=http://your-server:8080
+
+# Docker images (pin versions for production stability)
+# LOGWARD_BACKEND_IMAGE=logward/backend:0.3.0
+# LOGWARD_FRONTEND_IMAGE=logward/frontend:0.3.0
+
+# =============================================================================
+# EMAIL NOTIFICATIONS (optional)
+# =============================================================================
+# SMTP_HOST=smtp.example.com
+# SMTP_PORT=587
+# SMTP_USER=your_email@example.com
+# SMTP_PASS=your_smtp_password
+# SMTP_FROM=alerts@yourdomain.com
+
+# =============================================================================
+# HORIZONTAL SCALING (advanced)
+# =============================================================================
+# For scaling, use docker-compose.traefik.yml:
+#   docker compose -f docker-compose.yml -f docker-compose.traefik.yml up -d --scale backend=3
+#
+# See docs: https://logward.dev/docs/deployment#horizontal-scaling