fix: D3FEND expandable cards, System page cleanup, and multi-source improvements

- Make D3FEND defense cards clickable with expandable details and external link
- Fix D3FEND URLs to use PascalCase technique names matching the ontology
- Remove duplicate Import Atomic Red Team from System page (use Data Sources)
- Add bulk Activate All / Deactivate All buttons with confirmation modal
- Fix template admin list to show both active and inactive templates
- Add PATCH /test-templates/bulk-activate backend endpoint
- Auto-seed data sources on container startup via entrypoint.sh
- Fix SigmaHQ, CALDERA, GTFOBins import issues
- Register D3FEND sync handler in data sources router
- Add CIS Controls v8 compliance framework import
- Expand Test Catalog source filters (CALDERA, LOLBAS, GTFOBins)
- Campaign Generate from Threat Actor now opens actor selector modal
- Add coverage snapshot creation button to Comparison page
- Update README with accurate data source and feature documentation

README.md

@@ -13,19 +13,19 @@ Aegis is a comprehensive platform for tracking and managing security coverage ag
 - **Role-Based Access Control** — Granular permissions for 6 roles (admin, red_tech, blue_tech, red_lead, blue_lead, viewer)
 
 ### Enhanced (V2)
-- **Test Template Catalog** — Import from Atomic Red Team, create custom templates, instantiate tests
+- **Test Template Catalog** — Import from Atomic Red Team, CALDERA, LOLBAS, GTFOBins; create custom templates; bulk activate/deactivate
 - **In-App Notifications** — Real-time notification bell with polling and automatic state-change alerts
 - **Reports & Export** — Coverage summary, test results, and remediation reports in JSON and CSV
 - **Remediation Tracking** — Step-by-step remediation assignments with status tracking
 - **Metrics Dashboard** — Pipeline funnel, team activity, validation rates
 
 ### Advanced (V3)
-- **Multi-Source Data Import** — Sigma, Elastic, CALDERA, LOLBAS, D3FEND, MITRE CTI threat actors, compliance mappings
+- **Multi-Source Data Import** — Sigma, CALDERA, LOLBAS, GTFOBins, D3FEND, MITRE CTI threat actors, compliance mappings (NIST 800-53, CIS Controls v8)
 - **Detection Rule Tracking** — Import and evaluate Sigma/Elastic detection rules per test
 - **ATT&CK Heatmap** — Interactive Navigator-style heatmap with layers, filters, and export
 - **Threat Actor Intelligence** — Track intrusion sets and their technique coverage
 - **Campaign Management** — Group tests into campaigns with dependencies, scheduling, and recurring execution
-- **Compliance Mapping** — Map NIST 800-53 controls to ATT&CK techniques with gap analysis
+- **Compliance Mapping** — Map NIST 800-53 and CIS Controls v8 to ATT&CK techniques with gap analysis
 - **Granular Scoring** — 0–100 scoring for techniques, tactics, actors, and organization with configurable weights
 - **Operational Metrics** — MTTD, MTTR, detection efficacy, alert fidelity, coverage velocity
 - **Executive Dashboard** — High-level KPIs for leadership (leads + admin)
@@ -141,17 +141,20 @@ Password: admin123
 
 ### Importing Data Sources
 
-After initial setup, populate the platform with data:
+After initial setup, the entrypoint script automatically seeds the initial data sources (Atomic Red Team, SigmaHQ, CALDERA, LOLBAS, GTFOBins, D3FEND). You can then sync each source from the UI:
+
+1. Navigate to **System > Data Sources** in the admin panel
+2. Click **Sync** on each data source to import its content
+3. Trigger a **MITRE ATT&CK Sync** from the **System > MITRE Sync** page
+
+Alternatively, use the API:
 
 ```bash
-# 1. Sync MITRE ATT&CK techniques
+# Sync MITRE ATT&CK techniques
 curl -X POST http://localhost:8000/api/v1/system/sync-mitre -H "Authorization: Bearer $TOKEN"
 
-# 2. Import test templates from Atomic Red Team
-curl -X POST http://localhost:8000/api/v1/system/import-atomic-red-team -H "Authorization: Bearer $TOKEN"
-
-# 3. Import additional sources via the Data Sources admin page
-#    Navigate to System → Data Sources in the UI
+# Sync all data sources at once
+curl -X POST http://localhost:8000/api/v1/data-sources/sync-all -H "Authorization: Bearer $TOKEN"
 ```
 
 See [docs/DATA_SOURCES.md](docs/DATA_SOURCES.md) for detailed instructions on all data sources.
@@ -203,8 +206,8 @@ Or at runtime via the admin API — see [docs/SCORING.md](docs/SCORING.md).
 📈 Comparison                    (leads + admin)
 📄 Reports
 ⚙️ System                       (admin only)
-  ├─ Data Sources
-  ├─ MITRE Sync
+  ├─ Data Sources               (sync Atomic, Sigma, CALDERA, LOLBAS, GTFOBins, D3FEND)
+  ├─ MITRE Sync                 (ATT&CK sync, intel scan, template management)
   ├─ Users
   └─ Audit Log
 ```
@@ -223,7 +226,7 @@ Interactive API documentation available at:
 | Auth | `/api/v1/auth` | Login, get current user |
 | Techniques | `/api/v1/techniques` | CRUD, list with filters, mark reviewed |
 | Tests | `/api/v1/tests` | Full Red/Blue workflow, remediation, retest chain |
-| Test Templates | `/api/v1/test-templates` | CRUD, import, stats, toggle active |
+| Test Templates | `/api/v1/test-templates` | CRUD, stats, toggle active, bulk activate/deactivate |
 | Evidence | `/api/v1/tests/{id}/evidence` | Upload evidence, get presigned URLs |
 | Campaigns | `/api/v1/campaigns` | CRUD, scheduling, history |
 | Threat Actors | `/api/v1/threat-actors` | CRUD, technique mappings |