ThreatScope is an ELK-based threat detection platform designed to identify Advanced Persistent Threats (APTs) using real-time log analysis, rule-based detection, and behavioral insights.
This project aims to provide a modular, scalable system for collecting, processing, and visualizing security events from diverse data sources across an organization.
We use a simple three-branch model:
| Branch | Purpose |
|---|---|
main |
Stable, production-ready code. Only merges via approved Pull Requests. |
dev |
Integration branch for testing features before merging to main. |
feature/* |
Short-lived branches for specific tasks or features (e.g., feature/add-logstash-rule). |
- All changes must go through a Pull Request (PR) into
main. - At least one reviewer must approve a PR before merging.
- CI checks (build/tests) must pass successfully before merge.
- Direct commits to
mainare not allowed.
All sensitive credentials (Elastic passwords, DB credentials, API keys) are stored in the file deploy/.env during local development.
- The repository includes a safe template file
deploy/.env.examplewith placeholder values. - Copy it and rename to
.envbefore running Docker or backend services. - The
.envfile is ignored by Git (listed in.gitignore) to keep secrets private.
