Hugging Face's logo

Spaces:
S-Dreamer
/
playbook-execution
Running

App Files Community
playbook-execution / index.html
S-Dreamer's picture
S-Dreamer
Add 2 files
c99f4ff verified
raw
history blame contribute delete
34.3 kB
 <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>SOAR Engine Interactive Dashboard</title>
<script src="https://cdn.tailwindcss.com"></script>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
<style>
body { font-family: 'Inter', sans-serif; }
.tab-active {
border-bottom-color: #3b82f6;
color: #3b82f6;
font-weight: 600;
}
.chart-container {
position: relative;
width: 100%;
height: 300px;
}
.code-block {
background-color: #1f2937;
color: #d1d5db;
border-radius: 0.375rem;
}
.arrow {
position: relative;
width: 2px;
background-color: #6b7280;
margin: 1rem auto;
height: 40px;
}
.arrow::after {
content: '';
position: absolute;
bottom: -1px;
left: 50%;
transform: translateX(-50%);
width: 0;
height: 0;
border-left: 6px solid transparent;
border-right: 6px solid transparent;
border-top: 8px solid #6b7280;
}
.step-interactive {
transition: all 0.2s ease-in-out;
cursor: pointer;
}
.step-interactive:hover {
transform: translateY(-2px);
box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1), 0 2px 4px -1px rgba(0, 0, 0, 0.06);
}
.step-selected {
border-color: #3b82f6 !important;
box-shadow: 0 0 0 3px rgba(59, 130, 246, 0.2);
transform: translateY(-2px);
}
.tech-card {
transition: all 0.2s ease;
}
.tech-card:hover {
transform: translateY(-4px);
box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.1);
}
.model-card {
transition: all 0.2s ease;
}
.model-card:hover {
transform: translateY(-2px);
box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1);
}
.copy-btn {
transition: all 0.2s ease;
}
.copy-btn:hover {
background-color: #4b5563;
}
.copy-btn.copied {
background-color: #10b981;
}
.details-pane {
min-height: 400px;
}
@media (max-width: 1023px) {
.workflow-container {
flex-direction: column;
}
.workflow-steps {
width: 100%;
margin-bottom: 2rem;
}
.details-pane {
width: 100%;
}
}
</style>
</head>
<body class="bg-gray-50 text-gray-800">
<div class="container mx-auto p-4 md:p-8 max-w-7xl">
<header class="text-center mb-8">
<h1 class="text-3xl md:text-4xl font-bold text-gray-900">SOAR Engine Dashboard</h1>
<p class="mt-2 text-lg text-gray-600">Interactive Security Orchestration, Automation & Response Platform</p>
<div class="mt-4 flex justify-center space-x-2">
<span class="px-3 py-1 bg-blue-100 text-blue-800 rounded-full text-sm font-medium">Real-time</span>
<span class="px-3 py-1 bg-green-100 text-green-800 rounded-full text-sm font-medium">Automated</span>
<span class="px-3 py-1 bg-purple-100 text-purple-800 rounded-full text-sm font-medium">Scalable</span>
</div>
</header>
<nav class="flex overflow-x-auto pb-2 mb-8 scrollbar-hide">
<div class="flex space-x-1 border-b border-gray-300 mx-auto">
<button data-tab="overview" class="tab-button py-3 px-4 md:px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500 tab-active whitespace-nowrap">
<i class="fas fa-home mr-2"></i>Overview
</button>
<button data-tab="models" class="tab-button py-3 px-4 md:px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500 whitespace-nowrap">
<i class="fas fa-database mr-2"></i>Data Models
</button>
<button data-tab="workflow" class="tab-button py-3 px-4 md:px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500 whitespace-nowrap">
<i class="fas fa-project-diagram mr-2"></i>Workflow
</button>
<button data-tab="api" class="tab-button py-3 px-4 md:px-6 block hover:text-blue-500 focus:outline-none border-b-2 font-medium text-gray-500 whitespace-nowrap">
<i class="fas fa-code mr-2"></i>API Endpoints
</button>
</div>
</nav>
<main>
<div id="overview" class="tab-content">
<div class="bg-white p-6 md:p-8 rounded-xl shadow-md">
<div class="flex items-center justify-between mb-6">
<h2 class="text-2xl font-bold text-gray-800">System Overview</h2>
<div class="flex items-center space-x-2">
<span class="px-2 py-1 bg-blue-100 text-blue-800 rounded-full text-xs font-medium">v2.4.1</span>
<span class="px-2 py-1 bg-green-100 text-green-800 rounded-full text-xs font-medium">Active</span>
</div>
</div>
<p class="text-gray-600 mb-8">The SOAR Engine automates security response workflows by processing trigger events and executing predefined playbooks. Built on a modern tech stack, it provides reliable, scalable security automation with minimal human intervention.</p>
<div class="grid grid-cols-1 md:grid-cols-3 gap-6 mb-8">
<div class="tech-card bg-gray-100 p-6 rounded-lg border border-gray-200 hover:border-blue-200">
<div class="flex items-center mb-3">
<div class="w-10 h-10 bg-blue-100 rounded-full flex items-center justify-center mr-3">
<i class="fas fa-bolt text-blue-600"></i>
</div>
<h3 class="text-lg font-semibold text-gray-700">FastAPI</h3>
</div>
<p class="text-gray-600">High-performance API layer for event ingestion and playbook management with automatic OpenAPI documentation.</p>
</div>
<div class="tech-card bg-gray-100 p-6 rounded-lg border border-gray-200 hover:border-green-200">
<div class="flex items-center mb-3">
<div class="w-10 h-10 bg-green-100 rounded-full flex items-center justify-center mr-3">
<i class="fas fa-database text-green-600"></i>
</div>
<h3 class="text-lg font-semibold text-gray-700">SQLAlchemy</h3>
</div>
<p class="text-gray-600">ORM for database schema management, supporting PostgreSQL, MySQL, and SQLite with advanced query capabilities.</p>
</div>
<div class="tech-card bg-gray-100 p-6 rounded-lg border border-gray-200 hover:border-purple-200">
<div class="flex items-center mb-3">
<div class="w-10 h-10 bg-purple-100 rounded-full flex items-center justify-center mr-3">
<i class="fas fa-file-code text-purple-600"></i>
</div>
<h3 class="text-lg font-semibold text-gray-700">Jinja2</h3>
</div>
<p class="text-gray-600">Templating engine for dynamic playbook execution, enabling context-aware automation with event data.</p>
</div>
</div>
<div class="bg-gray-50 p-6 rounded-lg border border-gray-200">
<h3 class="text-xl font-bold text-gray-800 mb-4 text-center">Playbook Analytics</h3>
<p class="text-gray-600 mb-6 text-center">Quantitative breakdown of playbook components showing the structure of automated workflows.</p>
<div class="grid grid-cols-1 md:grid-cols-2 gap-8 items-center">
<div class="chart-container">
<canvas id="playbookChart"></canvas>
</div>
<div>
<div class="space-y-4">
<div class="flex items-center">
<div class="w-4 h-4 bg-yellow-400 rounded-full mr-3"></div>
<div>
<h4 class="font-medium text-gray-700">Triggers</h4>
<p class="text-sm text-gray-500">Events that initiate playbook execution</p>
</div>
</div>
<div class="flex items-center">
<div class="w-4 h-4 bg-gray-300 rounded-full mr-3"></div>
<div>
<h4 class="font-medium text-gray-700">Conditions</h4>
<p class="text-sm text-gray-500">Logic gates for workflow branching</p>
</div>
</div>
<div class="flex items-center">
<div class="w-4 h-4 bg-indigo-500 rounded-full mr-3"></div>
<div>
<h4 class="font-medium text-gray-700">Action Steps</h4>
<p class="text-sm text-gray-500">Individual automated tasks</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="models" class="tab-content hidden">
<div class="bg-white p-6 md:p-8 rounded-xl shadow-md">
<div class="flex items-center justify-between mb-6">
<h2 class="text-2xl font-bold text-gray-800">Database Schema</h2>
<div class="flex items-center space-x-2">
<span class="px-2 py-1 bg-blue-100 text-blue-800 rounded-full text-xs font-medium">Normalized</span>
<span class="px-2 py-1 bg-green-100 text-green-800 rounded-full text-xs font-medium">Relational</span>
</div>
</div>
<p class="text-gray-600 mb-8 text-center">The database schema is designed for efficient storage and retrieval of security events, playbooks, and execution logs with clear relationships between entities.</p>
<div class="grid grid-cols-1 lg:grid-cols-3 gap-6 mb-8">
<div class="model-card border border-blue-200 rounded-lg p-6 bg-blue-50/50">
<div class="flex items-center mb-3">
<div class="w-10 h-10 bg-blue-100 rounded-full flex items-center justify-center mr-3">
<i class="fas fa-bell text-blue-600"></i>
</div>
<h3 class="text-xl font-semibold text-blue-700">TriggerEvent</h3>
</div>
<p class="text-sm text-blue-600 mb-4">Incoming security alerts that initiate automated responses</p>
<div class="space-y-2 text-gray-700">
<div class="flex items-start">
<div class="bg-blue-100 text-blue-800 px-2 py-1 rounded text-xs font-mono mr-2">PK</div>
<div><strong>id:</strong> <span class="text-gray-600">Integer</span></div>
</div>
<div><strong>event_id:</strong> <span class="text-gray-600">String</span></div>
<div><strong>host:</strong> <span class="text-gray-600">String</span></div>
<div><strong>host_id:</strong> <span class="text-gray-600">String</span></div>
<div><strong>source_ip:</strong> <span class="text-gray-600">String</span></div>
<div><strong>log:</strong> <span class="text-gray-600">JSON</span></div>
<div><strong>severity:</strong> <span class="text-gray-600">String</span></div>
<div><strong>timestamp:</strong> <span class="text-gray-600">DateTime</span></div>
</div>
</div>
<div class="model-card border border-green-200 rounded-lg p-6 bg-green-50/50">
<div class="flex items-center mb-3">
<div class="w-10 h-10 bg-green-100 rounded-full flex items-center justify-center mr-3">
<i class="fas fa-book text-green-600"></i>
</div>
<h3 class="text-xl font-semibold text-green-700">Playbook</h3>
</div>
<p class="text-sm text-green-600 mb-4">Automated response workflows with conditional logic</p>
<div class="space-y-2 text-gray-700">
<div class="flex items-start">
<div class="bg-green-100 text-green-800 px-2 py-1 rounded text-xs font-mono mr-2">PK</div>
<div><strong>id:</strong> <span class="text-gray-600">String</span></div>
</div>
<div><strong>name:</strong> <span class="text-gray-600">String</span></div>
<div><strong>description:</strong> <span class="text-gray-600">Text</span></div>
<div><strong>tags:</strong> <span class="text-gray-600">JSON</span></div>
<div><strong>trigger_type:</strong> <span class="text-gray-600">String</span></div>
<div><strong>trigger_condition:</strong> <span class="text-gray-600">Text</span></div>
<div><strong>steps:</strong> <span class="text-gray-600">JSON</span></div>
</div>
</div>
<div class="model-card border border-purple-200 rounded-lg p-6 bg-purple-50/50">
<div class="flex items-center mb-3">
<div class="w-10 h-10 bg-purple-100 rounded-full flex items-center justify-center mr-3">
<i class="fas fa-history text-purple-600"></i>
</div>
<h3 class="text-xl font-semibold text-purple-700">PlaybookExecution</h3>
</div>
<p class="text-sm text-purple-600 mb-4">Audit log of playbook runs with status and timing</p>
<div class="space-y-2 text-gray-700">
<div class="flex items-start">
<div class="bg-purple-100 text-purple-800 px-2 py-1 rounded text-xs font-mono mr-2">PK</div>
<div><strong>id:</strong> <span class="text-gray-600">Integer</span></div>
</div>
<div class="flex items-start">
<div class="bg-blue-100 text-blue-800 px-2 py-1 rounded text-xs font-mono mr-2">FK</div>
<div><strong>playbook_id:</strong> <span class="text-gray-600">String → Playbook</span></div>
</div>
<div class="flex items-start">
<div class="bg-green-100 text-green-800 px-2 py-1 rounded text-xs font-mono mr-2">FK</div>
<div><strong>trigger_event_id:</strong> <span class="text-gray-600">Integer → TriggerEvent</span></div>
</div>
<div><strong>status:</strong> <span class="text-gray-600">String</span></div>
<div><strong>started_at:</strong> <span class="text-gray-600">DateTime</span></div>
<div><strong>completed_at:</strong> <span class="text-gray-600">DateTime</span></div>
</div>
</div>
</div>
<div class="bg-gray-50 p-6 rounded-lg border border-gray-200">
<h3 class="text-xl font-bold text-gray-800 mb-4 text-center">Entity Relationships</h3>
<div class="flex flex-col items-center">
<div class="w-full max-w-md">
<div class="flex justify-between items-center mb-4">
<div class="text-center">
<div class="w-16 h-16 bg-blue-100 rounded-full flex items-center justify-center mx-auto mb-2">
<i class="fas fa-bell text-blue-600 text-xl"></i>
</div>
<span class="text-sm font-medium text-blue-700">TriggerEvent</span>
</div>
<div class="text-center">
<div class="w-16 h-16 bg-green-100 rounded-full flex items-center justify-center mx-auto mb-2">
<i class="fas fa-book text-green-600 text-xl"></i>
</div>
<span class="text-sm font-medium text-green-700">Playbook</span>
</div>
<div class="text-center">
<div class="w-16 h-16 bg-purple-100 rounded-full flex items-center justify-center mx-auto mb-2">
<i class="fas fa-history text-purple-600 text-xl"></i>
</div>
<span class="text-sm font-medium text-purple-700">Execution</span>
</div>
</div>
<div class="relative h-2 bg-gray-200 rounded-full overflow-hidden">
<div class="absolute inset-0 flex">
<div class="h-full bg-blue-200" style="width: 33%"></div>
<div class="h-full bg-green-200" style="width: 34%"></div>
<div class="h-full bg-purple-200" style="width: 33%"></div>
</div>
</div>
<div class="mt-4 text-center text-sm text-gray-600">
One-to-many relationships between entities with foreign key constraints
</div>
</div>
</div>
</div>
</div>
</div>
<div id="workflow" class="tab-content hidden">
<div class="bg-white p-6 md:p-8 rounded-xl shadow-md">
<div class="flex items-center justify-between mb-6">
<h2 class="text-2xl font-bold text-gray-800">Playbook Execution Flow</h2>
<div class="flex items-center space-x-2">
<span class="px-2 py-1 bg-blue-100 text-blue-800 rounded-full text-xs font-medium">Interactive</span>
<span class="px-2 py-1 bg-green-100 text-green-800 rounded-full text-xs font-medium">Dynamic</span>
</div>
</div>
<p class="text-gray-600 mb-8 text-center">Explore how security events trigger automated responses through our visual workflow. Click on any step to see how event data transforms into actionable parameters.</p>
<div class="workflow-container flex flex-col lg:flex-row gap-6">
<div class="workflow-steps lg:w-2/5">
<div id="trigger-event-box" class="step-interactive border-2 border-dashed border-yellow-400 bg-yellow-50 rounded-lg p-4 mb-4">
<div class="flex items-center">
<div class="w-8 h-8 bg-yellow-100 rounded-full flex items-center justify-center mr-3">
<span class="text-yellow-600 font-bold">1</span>
</div>
<div>
<h4 class="font-bold text-yellow-800">Trigger Event</h4>
<p class="text-sm text-yellow-700">Credential Dumping Detected</p>
</div>
</div>
</div>
<div class="arrow"></div>
<div id="condition-check-box" class="step-interactive border-2 border-gray-300 bg-gray-100 rounded-lg p-4 mb-4">
<div class="flex items-center">
<div class="w-8 h-8 bg-gray-200 rounded-full flex items-center justify-center mr-3">
<span class="text-gray-600 font-bold">2</span>
</div>
<div>
<h4 class="font-bold text-gray-800">Condition Check</h4>
<p class="text-sm text-gray-600">Security event validation</p>
</div>
</div>
</div>
<div class="arrow"></div>
<div class="bg-white p-4 rounded-lg border border-gray-200">
<h4 class="font-bold text-gray-700 mb-3">Automated Actions</h4>
<div id="action-step-1" class="step-interactive border-2 border-transparent bg-blue-100 rounded-lg p-4 mb-3">
<div class="flex items-center">
<div class="w-8 h-8 bg-blue-200 rounded-full flex items-center justify-center mr-3">
<span class="text-blue-700 font-bold">A</span>
</div>
<div>
<h4 class="font-bold text-blue-800">Notify Analyst</h4>
<p class="text-sm text-blue-700">SOC team alert</p>
</div>
</div>
</div>
<div id="action-step-2" class="step-interactive border-2 border-transparent bg-red-100 rounded-lg p-4 mb-3">
<div class="flex items-center">
<div class="w-8 h-8 bg-red-200 rounded-full flex items-center justify-center mr-3">
<span class="text-red-700 font-bold">B</span>
</div>
<div>
<h4 class="font-bold text-red-800">Isolate Host</h4>
<p class="text-sm text-red-700">Contain threat</p>
</div>
</div>
</div>
<div id="action-step-3" class="step-interactive border-2 border-transparent bg-purple-100 rounded-lg p-4">
<div class="flex items-center">
<div class="w-8 h-8 bg-purple-200 rounded-full flex items-center justify-center mr-3">
<span class="text-purple-700 font-bold">C</span>
</div>
<div>
<h4 class="font-bold text-purple-800">Create Ticket</h4>
<p class="text-sm text-purple-700">Incident tracking</p>
</div>
</div>
</div>
</div>
</div>
<div class="details-pane lg:w-3/5 bg-gray-800 rounded-lg p-6">
<div id="details-initial" class="text-gray-400 text-center flex flex-col justify-center h-full">
<i class="fas fa-mouse-pointer text-4xl mb-4 opacity-50"></i>
<p class="text-lg font-medium">Select a step from the workflow</p>
<p class="text-sm mt-2 opacity-70">to see detailed parameter transformation</p>
</div>
<div id="details-content" class="hidden">
<div class="flex items-center justify-between mb-4">
<h3 id="details-title" class="text-xl font-bold text-white"></h3>
<div id="step-badge" class="px-2 py-1 rounded-full text-xs font-medium"></div>
</div>
<div class="mb-6">
<h4 class="text-md font-semibold text-gray-300 mb-2 flex items-center">
<i class="fas fa-file-alt mr-2"></i>Original Parameters
</h4>
<div class="relative">
<pre id="details-params" class="code-block p-4 rounded-md text-sm overflow-x-auto"></pre>
<button onclick="copyDetails('details-params')" class="copy-btn absolute top-2 right-2 bg-gray-600 text-white text-xs font-semibold py-1 px-2 rounded flex items-center">
<i class="fas fa-copy mr-1"></i> Copy
</button>
</div>
</div>
<div>
<h4 class="text-md font-semibold text-gray-300 mb-2 flex items-center">
<i class="fas fa-magic mr-2"></i>Rendered Parameters
</h4>
<div class="relative">
<pre id="details-rendered" class="code-block bg-green-900/50 border border-green-500 p-4 rounded-md text-sm overflow-x-auto"></pre>
<button onclick="copyDetails('details-rendered')" class="copy-btn absolute top-2 right-2 bg-gray-600 text-white text-xs font-semibold py-1 px-2 rounded flex items-center">
<i class="fas fa-copy mr-1"></i> Copy
</button>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="api" class="tab-content hidden">
<div class="bg-white p-6 md:p-8 rounded-xl shadow-md">
<div class="flex items-center justify-between mb-6">
<h2 class="text-2xl font-bold text-gray-800">API Endpoints</h2>
<div class="flex items-center space-x-2">
<span class="px-2 py-1 bg-blue-100 text-blue-800 rounded-full text-xs font-medium">RESTful</span>
<span class="px-2 py-1 bg-green-100 text-green-800 rounded-full text-xs font-medium">OpenAPI</span>
</div>
</div>
<p class="text-gray-600 mb-8 text-center">The SOAR Engine exposes a clean REST API for integration with security tools and custom applications. All endpoints support JSON payloads and include comprehensive documentation.</p>
<div class="space-y-8">
<div class="bg-gray-50 p-6 rounded-lg border border-gray-200">
<div class="flex items-center mb-4">
<div class="bg-blue-100 text-blue-800 px-3 py-1 rounded-md text-sm font-mono mr-4">POST</div>
<h3 class="text-xl font-semibold">/load_playbook/</h3>
</div>
<p class="text-gray-600 mb-4">Registers a new playbook or updates an existing one. The YAML definition includes triggers, conditions, and action steps for automated security responses.</p>
<div class="mb-4">
<h4 class="text-md font-semibold text-gray-700 mb-2">Request Headers:</h4>
<div class="bg-gray-100 p-3 rounded-md font-mono text-sm">
Content-Type: application/yaml<br>
X-API-Key: your_api_key_here
</div>
</div>
<h4 class="text-md font-semibold text-gray-700 mb-2">Example Request:</h4>
<div class="relative">
<pre id="api-load-body" class="code-block p-4 rounded-md text-sm overflow-x-auto">id: credential-dumping-response
name: Credential Dumping Response
description: Automated response to Mimikatz activity
tags:
- credential-access
- t1003
- windows
trigger_type: log_event
trigger_condition: |
event.log.source == 'Security' and
'sekurlsa::logonpasswords' in event.log.message
steps:
- name: Alert Analyst
action: notify
params:
channel: soc_teams
message: "Credential dumping detected on {{ event.host }}"
- name: Isolate Host
action: edr_isolate
params:
host_id: "{{ event.host_id }}"
reason: "Credential dumping detected"
- name: Create Ticket
action: create_ticket
params:
summary: "Security Incident - {{ event.host }}"
severity: "{{ event.severity | default('high') }}"</pre>
<button onclick="copyToClipboard('api-load-body')" class="copy-btn absolute top-2 right-2 bg-gray-600 hover:bg-gray-500 text-white text-xs font-semibold py-1 px-2 rounded flex items-center">
<i class="fas fa-copy mr-1"></i> Copy
</button>
</div>
</div>
<div class="bg-gray-50 p-6 rounded-lg border border-gray-200">
<div class="flex items-center mb-4">
<div class="bg-green-100 text-green-800 px-3 py-1 rounded-md text-sm font-mono mr-4">POST</div>
<h3 class="text-xl font-semibold">/trigger_event/</h3>
</div>
<p class="text-gray-600 mb-4">Submits a security event that will trigger matching playbooks. The event data is used to populate template variables in playbook actions.</p>
<div class="mb-4">
<h4 class="text-md font-sem
</html>