fix(rt-import): require Blue Lead validation before coverage counts
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
RT tests are created in 'in_review' state (not validated): - red_validation_status = 'approved' (RT confirmed execution) - blue_validation_status = null (pending Blue Lead review) - detection_result is pre-filled from the import JSON Blue Lead sees these in their normal validation queue and confirms or rejects the detection result. Only after Blue Lead approval does the technique coverage update to validated/not_covered/partial. This gives Blue Lead oversight over RT findings rather than auto- accepting external engagement results as ground truth.
This commit is contained in:
kitos
@@ -145,8 +145,9 @@ export default function ImportRTPage() {
|
||||
Import Red Team Results
|
||||
</h1>
|
||||
<p className="mt-1 text-sm text-gray-400">
|
||||
Upload findings from a real Red Team engagement. Each technique becomes a validated test
|
||||
with its detection result, maintaining full coverage history.
|
||||
Upload findings from a real Red Team engagement. Each technique creates a test in
|
||||
<span className="text-blue-400"> In Review</span> state — Red side is pre-approved by the RT,
|
||||
Blue Lead must still validate the detection result before it counts as coverage.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user