harborgrid-justin/black-cross

# Black-Cross: Enterprise Cyber Threat Intelligence Platform Black-Cross is a comprehensive, enterprise-grade cyber threat intelligence platform designed for security analysts and teams to effectively manage, analyze, and respond to cyber threats. The platform provides 15 core enterprise features, each with multiple sub-modules for complete threat lifecycle management. ## Quick Start ### Prerequisites - **Node.js** >= 20.0.0 and **npm** >= 9.0.0 - **Docker** and **Docker Compose** ### 1. Start Infrastructure Services PostgreSQL is required. MongoDB, Redis, Elasticsearch, and RabbitMQ are optional. # Start all infrastructure (recommended) docker-compose up -d postgres mongodb redis elasticsearch rabbitmq # Or start only PostgreSQL (minimum required) docker-compose up -d postgres | Service | Port | Status | |-----------------|-------|----------| | PostgreSQL | 5433 | Required | | MongoDB | 27017 | Optional | | Redis | 6379 | Optional | | Elasticsearch | 9200 | Optional | | RabbitMQ | 5672 / 15672 (UI) | Optional | ### 2. Install Dependencies npm install --ignore-scripts ### 3. Sync Database npm run db:sync This creates all required tables in PostgreSQL using Sequelize. ### 4. Seed Database npm run db:seed This creates default users and sample data (incidents, vulnerabilities, assets, IOCs, threat actors). ### 5. Start the Platform npm run dev This starts both frontend and backend concurrently: | Component | URL | |--------------|----------------------------------| | Frontend | http://localhost:3000 | | Backend API | http://localhost:8080/api/v1 | | Health Check | http://localhost:8080/health | | API Docs | http://localhost:8080/api/v1/docs | ## Default Login Credentials All seeded user passwords are `Password123!` | Email | Role | |--------------------------|---------| | admin@blackcross.com | Admin | | analyst@blackcross.com | Analyst | | hunter@blackcross.com | Hunter | | manager@blackcross.com | Manager | | viewer@blackcross.com | Viewer | ## Tech Stack | Layer | Technology | |-----------|-------------------------------------------------------| | Frontend | React 18, TypeScript, Vite, Material-UI, Redux Toolkit | | Backend | Node.js, Express, TypeScript (gradual migration from JS) | | Database | PostgreSQL (Sequelize ORM), MongoDB (optional), Redis, Elasticsearch | | Testing | Cypress (E2E), Jest (backend unit tests) | ## Project Structure black-cross/ ├── frontend/ # React 18 + TypeScript + Vite │ ├── src/ │ │ ├── components/ # Reusable UI components (layout, auth) │ │ ├── pages/ # Feature pages (one per security module) │ │ ├── store/ # Redux Toolkit slices │ │ ├── services/ # API client and service modules │ │ └── types/ # TypeScript type definitions │ └── cypress/ # E2E test specs ├── backend/ │ ├── index.ts # Express entry point │ ├── models/ # Sequelize models (User, Incident, Vulnerability, etc.) │ ├── modules/ # 15 feature modules (routes, controllers, services) │ │ ├── auth/ # Authentication (login, logout, JWT) │ │ ├── threat-intelligence/ │ │ ├── incident-response/ │ │ ├── vulnerability-management/ │ │ ├── siem/ │ │ ├── threat-actors/ │ │ ├── ioc-management/ │ │ ├── threat-feeds/ │ │ ├── threat-hunting/ │ │ ├── risk-assessment/ │ │ ├── collaboration/ │ │ ├── reporting/ │ │ ├── malware-analysis/ │ │ ├── dark-web/ │ │ ├── compliance/ │ │ └── automation/ │ ├── middleware/ # Auth, rate limiting, validation, error handling │ ├── config/ # Database and app configuration │ └── scripts/ # DB sync, seed, admin creation utilities ├── docker-compose.yml # All infrastructure services └── package.json # npm workspaces root ## Commands Reference ### Development npm run dev # Start frontend + backend concurrently npm run dev:backend # Backend only (port 8080) npm run dev:frontend # Frontend only (port 3000) ### Database npm run db:sync # Create/update tables from Sequelize models npm run db:seed # Seed default users and sample data npm run db:seed -- --full # Seed comprehensive dataset npm run db:seed -- --force # Clear and reseed npm run create-admin # Interactive admin user creation ### Testing npm run test:backend # Jest backend tests npm run test:e2e # Cypress E2E tests (headless) npm run cypress # Cypress GUI ### Build and Lint npm run build # Build frontend + backend npm run lint # Lint both projects npm run type-check # TypeScript type checking ### Docker docker-compose up -d postgres mongodb redis elasticsearch rabbitmq # Start infrastructure docker-compose ps # Check service status docker-compose down # Stop all services docker-compose down -v # Stop and remove volumes ## API Endpoints All routes are prefixed with `/api/v1/`: | Endpoint | Description | |----------------------------|--------------------------| | `POST /auth/login` | Authenticate user | | `POST /auth/logout` | Logout (requires token) | | `GET /auth/me` | Current user profile | | `GET /health` | Platform health status | | `/threat-intelligence` | Threat data management | | `/incidents` | Incident response | | `/vulnerabilities` | Vulnerability tracking | | `/iocs` | Indicators of Compromise | | `/threat-actors` | Threat actor profiles | | `/threat-feeds` | Feed management | | `/threat-hunting` | Hunt operations | | `/siem` | SIEM events and rules | | `/risk-assessment` | Risk scoring | | `/collaboration` | Team collaboration | | `/reporting` | Reports and analytics | | `/malware-analysis` | Malware sandbox | | `/dark-web` | Dark web monitoring | | `/compliance` | Compliance management | | `/automation` | Playbook automation | ## Environment Configuration Environment files: - `backend/.env` — Backend config (database, JWT, API keys) - `frontend/.env` — Frontend config (`VITE_API_URL=http://localhost:8080/api/v1`) Key backend settings in `backend/.env`: DATABASE_URL=postgresql://blackcross:blackcross_secure_password@localhost:5433/blackcross?schema=public JWT_SECRET=blackcross_development_jwt_secret_32_chars_minimum_length CORS_ORIGIN=http://localhost:3000 ## Troubleshooting **`npm install` fails with "Invalid Version":** Delete `package-lock.json` and run `npm install --ignore-scripts`. **Blank page on frontend:** Check browser console for errors. The `SimpleDashboard` component must be imported in `App.tsx`. **Login returns 401:** Run `npm run db:seed` to create default users. Credentials are `admin@blackcross.com` / `Password123!`. **RabbitMQ keeps restarting:** This is optional and does not affect core functionality. The platform runs fine without it. **Backend can't connect to PostgreSQL:** Ensure Docker PostgreSQL is running (`docker-compose ps`) and the port in `backend/.env` matches the Docker mapping (default: 5433). ## Features 1. **Threat Intelligence** — Real-time threat data collection, enrichment, and correlation 2. **Incident Response** — Ticket creation, prioritization, workflow automation 3. **Threat Hunting** — Query builder, hunting playbooks, anomaly detection 4. **Vulnerability Management** — CVE tracking, asset mapping, patch workflows 5. **SIEM** — Log normalization, event correlation, detection rules 6. **Threat Actors** — TTP mapping, attribution, campaign tracking 7. **IoC Management** — Multi-format IoC support, confidence scoring, enrichment 8. **Threat Feeds** — Multi-source aggregation, reliability scoring, deduplication 9. **Risk Assessment** — Asset criticality, impact analysis, risk scoring models 10. **Collaboration** — RBAC, task management, real-time team tools 11. **Reporting** — Custom templates, scheduled reports, data visualization 12. **Malware Analysis** — Static/dynamic analysis, sandbox, YARA rules 13. **Dark Web Monitoring** — Forum monitoring, credential leak detection 14. **Compliance** — NIST/ISO/PCI-DSS mapping, gap analysis, audit trails 15. **Automation** — Playbook builder, conditional logic, SOAR integration ## License MIT — see [LICENSE](./LICENSE).

标签：自动化攻击