Jherostudio/sentinelX-SIEM

# SentinelX SIEM Platform 🛡️  **SentinelX SIEM** is a lightweight, professional-grade Security Information and Event Management (SIEM) platform designed for modern AppSec and Blue Teams. It features real-time threat detection, secure honeypot log ingestion, role-based access control, and a cyberpunk-inspired dark mode dashboard. Built using a scalable **Monorepo architecture** (NPM Workspaces), it separates the frontend interface from the core ingestion backend, ensuring high performance, easy maintenance, and robust security. ## 🚀 Core Features ### 1. Defensive Security Analytics ### 2. Real-Time Observability ### 3. Identity & Access Management (IAM) - **Role-Based Access Control (RBAC):** Distinct `USER` and `ADMIN` privileges. - **Secure Authentication:** Passwords hashed using robust algorithms (`bcryptjs`/`argon2`), and sessions managed via JWT. - **Audit Logging:** Comprehensive tracking of all successful and failed authentication attempts. ## 🛠 Tech Stack | Domain | Technologies | | :--- | :--- | | **Frontend** | Next.js 15 (App Router), React, TailwindCSS, shadcn/ui, Recharts, Lucide Icons | | **Backend** | Node.js, Fastify, TypeScript, Zod, @fastify/websocket | | **Database** | Prisma ORM, SQLite (Local Dev) / PostgreSQL (Production), Redis | | **DevOps** | Docker, Docker Compose, GitHub Actions (CI/CD), Vitest | ## 📂 Project Architecture The project utilizes an NPM Workspace Monorepo structure for code sharing and modularity. sentinelx-siem/ ├── apps/ │ ├── backend/ # Fastify API, Prisma DB, WebSockets, Auth │ └── frontend/ # Next.js Dashboard, Recharts, shadcn UI ├── packages/ │ └── shared/ # Shared Zod schemas and TypeScript interfaces ├── docs/ # Architecture diagrams and screenshots ├── .github/workflows/ # CI/CD Pipelines └── docker-compose.yml # Production infrastructure definition ## ⚙️ Quick Start (Local Development) ### Prerequisites - Node.js `v18+` - NPM `v9+` ### 1. Installation Clone the repository and install all dependencies across the monorepo: git clone https://github.com/your-username/sentinelx-siem.git cd sentinelx-siem npm install ### 2. Database Setup The development environment is configured to use SQLite out-of-the-box for zero-friction setup. cd apps/backend npx prisma db push cd ../.. ### 3. Start Development Servers Run both the frontend and backend concurrently from the root directory: npm run dev - **Frontend Dashboard:** [http://localhost:3001](http://localhost:3001) (or port 3000) - **Backend API:** [http://localhost:3002](http://localhost:3002) - **WebSocket Server:** `ws://127.0.0.1:3002/ws` ## 🧪 Simulating Attacks To test the real-time capabilities of the SIEM without setting up external honeypots, we've included an attack simulator. 1. Keep the development server running (`npm run dev`). 2. Open a new terminal instance in the project root. 3. Run the attack simulator: node simulate_attacks.js *This script will generate and cryptographically sign fake attacks (SQL Injections, Path Traversals, etc.) and send them to the Ingestion API every 3 seconds. You will see them appear immediately on the Frontend Dashboard.* ## 🐳 Docker Deployment (Production) SentinelX is fully containerized using multi-stage Docker builds to ensure minimal image sizes and enhanced security. 1. Make sure Docker Desktop is running. 2. Build and start the entire infrastructure (PostgreSQL, Redis, Backend, Frontend): docker compose up -d --build ## ✅ Testing & CI/CD The project includes an automated Continuous Integration pipeline (`.github/workflows/ci.yml`). Every push to the `main` branch will automatically: - Install dependencies - Generate Prisma Clients - Run unit tests using **Vitest** - Build the Backend and Frontend applications To run tests locally: npm run test -w apps/backend ## 🔒 Security Posture - **CORS & Helmet:** Integrated into Fastify for strict HTTP headers. - **Rate Limiting:** Protects the ingestion API from DoS attacks. - **HMAC Verification:** Ensures logs cannot be spoofed by unauthorized endpoints. - **Audit Trails:** All sensitive actions are immutably logged in the database. *Built with passion for Defensive Security.*

标签：自动化攻击