feat(dlm): Phase 8 — Detection Lifecycle Management [FASE-8]
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Tasks 8.1-8.5: Models (8.1): - DetectionAsset: SIEM/EDR/Sigma rule assets with auto-hash - DetectionTechniqueMapping: N:M asset ↔ technique coverage - DetectionValidation: immutable validation records with expiry - TechniqueConfidenceScore: computed multi-factor confidence - InfrastructureChangeLog: infra changes that invalidate detections - DecayPolicy: configurable freshness thresholds per platform/tactic Services (8.2, 8.3): - detection_asset_service: CRUD + SHA-256 rule hashing + auto- invalidation on rule/infra changes - decay_engine_service: daily decay engine — expires stale validations, recalculates confidence (recency/coverage/health/diversity factors), processes infrastructure change propagation Router (8.4): 15 endpoints under /api/v1/detection-lifecycle: assets CRUD, technique mappings, validations, confidence scores, infrastructure changes, decay trigger, executive dashboard Scheduler (8.3): decay engine runs daily at 02:00 Seed (8.5): default policy (90/180/365d) + strict initial-access policy Migration: b034dlm (6 tables, 11 indexes) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
kitos
39
backend/app/seed_decay_policies.py
Normal file
39
backend/app/seed_decay_policies.py
Normal file
@@ -0,0 +1,39 @@
|
||||
"""Seed default decay policies."""
|
||||
from datetime import datetime
|
||||
from sqlalchemy.orm import Session
|
||||
from app.models.decay_policy import DecayPolicy
|
||||
|
||||
|
||||
def seed_decay_policies(db: Session) -> None:
|
||||
existing = db.query(DecayPolicy).filter(DecayPolicy.is_default == True).first()
|
||||
if existing:
|
||||
return
|
||||
|
||||
now = datetime.utcnow()
|
||||
default_policy = DecayPolicy(
|
||||
name="Default Decay Policy",
|
||||
description="Standard: Fresh 90d, Aging 91-180d, Stale 181-365d.",
|
||||
fresh_days=90, aging_days=180, stale_days=365,
|
||||
default_validity_days=180, silent_threshold_days=30,
|
||||
noisy_threshold_daily=100,
|
||||
recency_weight=0.30, coverage_weight=0.30,
|
||||
health_weight=0.25, diversity_weight=0.15,
|
||||
is_default=True, is_active=True,
|
||||
created_at=now, updated_at=now,
|
||||
)
|
||||
db.add(default_policy)
|
||||
|
||||
critical_policy = DecayPolicy(
|
||||
name="Critical Techniques Policy",
|
||||
description="Stricter: Fresh 60d, Aging 90d, Stale 180d.",
|
||||
applies_to_tactic="initial-access",
|
||||
fresh_days=60, aging_days=90, stale_days=180,
|
||||
default_validity_days=90, silent_threshold_days=14,
|
||||
noisy_threshold_daily=50,
|
||||
recency_weight=0.35, coverage_weight=0.30,
|
||||
health_weight=0.25, diversity_weight=0.10,
|
||||
is_default=False, is_active=True,
|
||||
created_at=now, updated_at=now,
|
||||
)
|
||||
db.add(critical_policy)
|
||||
db.commit()
|
||||
Reference in New Issue
Block a user