Commit Graph

57 Commits

Author SHA1 Message Date
johannes 89a088c4b3 fix(aria): fix os_eol_status enum cast — use native SQL throughout
CD - Develop / build-and-deploy (push) Failing after 14m42s
PostgreSQL named enum types require explicit casts that Hibernate's
derived query methods don't generate. Replace countByOsEolStatus and
findByOsEolStatusOrderByPostureScoreAsc with native @Query variants that
CAST(:status AS os_eol_status). Same pattern already applied to severity.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-15 15:57:41 -04:00
johannes 1e7625db8b fix(aria): fix stats 500 — use native SQL cast for threat_severity enum
CD - Develop / build-and-deploy (push) Failing after 52s
PostgreSQL named enum types don't accept implicit varchar casts, causing
the derived JPA query findBySeverityOrderByDetectedAtDesc to fail with
'operator does not exist: threat_severity = character varying'.

Replace the count calls in getStats() with a native query that explicitly
casts: CAST(:severity AS threat_severity). Also remove the unused since24h
and since7d variables.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-15 15:36:53 -04:00
johannes 68cee9bd90 feat(aria): Phase 3 — device security posture tracking
CD - Develop / build-and-deploy (push) Failing after 14m13s
Adds per-device security posture reports and compliance dashboard. Agents POST
posture data (disk encryption, audit policy, image hashes, OS version/EOL) to
POST /api/aria/posture/report (service-secret authenticated). DevicePostureService
upserts the record and calculates a 0–100 posture score using a penalty model:
disk encryption off −25, audit policy off −20, OS EOL −20, image hash drift −20,
whitelist off −10, stale check −5/day (capped at −15). REST API adds GET /posture
(filterable by EOL status and score band) and GET /posture/{deviceId}. Stats
endpoint gains lowPostureCount (<50) and eolDeviceCount. Dashboard reorganised
into Threat Activity and Compliance rows. Device Posture SPA view enables the
previously-disabled nav item with score bar, EOL badges, and full detail panel.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-15 14:38:11 -04:00
johannes aa9f8a10ef feat(aria): Phase 2 — precursor sequence detection engine
CD - Develop / build-and-deploy (push) Failing after 11m45s
Adds multi-phase attack sequence detection to ARIA. After each event is
ingested, SequenceDetectionService queries events within a 15-minute window
for the same device and fires a PrecursorSequenceAlert when jackpotting
(PHYSICAL_ACCESS + malware phase) or skimming (PHYSICAL_ACCESS + card reader
tamper/USB) patterns are detected. Confidence is scored 0–1 based on phases
and severity. Detected sequences are published to hiveops.aria.sequences Kafka
topic. Adds REST API (GET /sequences, GET /{id}/events, POST /{id}/resolve) and
enables the Precursor Alerts view in the SPA with filter sidebar, confidence
bar, and event detail slide panel.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-15 14:25:35 -04:00
johannes fe9a252dcd feat(aria): add Svelte SPA frontend and threat events API
CD - Develop / build-and-deploy (push) Failing after 54s
- frontend/: full aria.bcos.dev SPA (port 5187) with Dashboard, Threat Events,
  and IOC Management views; Phase 2-3 nav items disabled as placeholders
- ThreatEventController: GET /api/aria/events (paginated, severity/device filter)
  and GET /api/aria/stats (total/critical/high/activeIoc counts)
- Deployed to bcos.dev: hiveiq-aria-frontend container + aria.bcos.dev NPM proxy

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-15 10:00:07 -04:00
johannes 8c877ddd31 chore: add .gitignore, remove target/ from tracking
CD - Develop / build-and-deploy (push) Failing after 11m21s
2026-06-14 09:31:01 -04:00
johannes e5f25f1c2c feat: Phase 1 — ARIA ATM threat monitoring service
CD - Develop / build-and-deploy (push) Failing after 11m31s
- Spring Boot service on port 8095, database hiveiq_aria
- Flyway schema: threat_ioc, threat_event, precursor_sequence_alert, device_security_posture
- FBI FLASH-20260219-001 IOC seed data (executables, MD5s, directories, registry keys, services)
- ThreatEventClassifier — maps 20+ signal keys to severity + attack phase + IOC match
- ThreatEventIngestionService — persists events, publishes HIGH/CRITICAL to Kafka
- Kafka producer: topic hiveops.aria.threats (AriaThreatEvent payload)
- ThreatIocController — CRUD IOC management (MSP_ADMIN/BCOS_ADMIN)
- ThreatEventIngestionController — agent-facing ingest endpoint with service secret auth
- CI/CD: cd-develop.yml + cd-main.yml
2026-06-14 09:30:46 -04:00