This is a research prototype. Only the latest commit on main is maintained.
| Version | Supported |
|---|---|
main (latest) |
Active |
| Any tagged release | As-needed |
Do not report security vulnerabilities through public GitHub Issues.
Report via GitHub Security Advisories (repository Security tab → "Report a vulnerability"). This creates a private, encrypted channel.
Please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce (minimal example preferred)
- Affected component (e.g.,
app/routes/ingest.py,app/services/llm_client.py)
We aim to acknowledge reports within 72 hours.
| Component | Concern |
|---|---|
/ingest-log endpoint |
Authentication bypass, payload injection |
LLM context builder (context_builder.py) |
Prompt injection via crafted log messages |
SQLite memory store (sqlite_store.py) |
SQL injection, path traversal |
Decision engine (decision_engine.py) |
Logic flaws enabling automated block bypass |
| Environment variable handling | Accidental secret exposure |
Out of scope: third-party dependency vulnerabilities, issues requiring physical server access.
- LLM isolation: Raw log payloads are never forwarded to the LLM. Only a sanitised prose summary generated by
context_builder.pyis passed. This is the primary defence against prompt injection. - Ingest authentication: Optional
SOC_INGEST_TOKENheader enforces API key auth on the ingest endpoint. Disabled by default (development mode); must be enabled in any internet-facing deployment. - Rate limiting: Sliding-window rate limiter on the ingest endpoint (
INGEST_RATE_LIMIT, default 500 req/min per IP). - No outbound data: The system does not send log data to any external service beyond the configured LLM API endpoint. In mock mode (no API key), no outbound connections are made at all.
- Mock mode is safe by default: Without an API key, the system runs entirely locally using a keyword-heuristic fallback. No data leaves the host.
This is a research prototype. Before deploying in any environment that handles real security data:
- Enable
SOC_INGEST_TOKENauthentication - Place the service behind a reverse proxy with TLS
- Restrict network access to trusted SIEM/log forwarder IPs only
- Review the LLM endpoint configuration — ensure log data is only sent to a trusted, compliant provider
- SQLite is not suitable for multi-instance or high-throughput production use; replace with PostgreSQL
- Conduct a security review of
app/services/context_builder.pyfor prompt injection resistance in your specific log environment