codeyourweb
diff --git a/‎.env‎
Lines changed: 1 addition & 1 deletion b/‎.env‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.gitignore‎
Lines changed: 7 additions & 0 deletions b/‎.gitignore‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 134 additions & 99 deletions b/‎README.md‎
Lines changed: 134 additions & 99 deletions
diff --git a/‎data/caddy_logs/.gitkeep‎ b/‎data/caddy_logs/.gitkeep‎
diff --git a/‎data/fluentbit_db/.gitkeep‎ b/‎data/fluentbit_db/.gitkeep‎
diff --git a/‎data/ftp_data/.gitkeep‎ b/‎data/ftp_data/.gitkeep‎
diff --git a/‎data/kibana/.gitkeep‎ b/‎data/kibana/.gitkeep‎
diff --git a/‎data/rulesets/sigma_ruleset/.gitkeep‎ b/‎data/rulesets/sigma_ruleset/.gitkeep‎
diff --git a/‎data/yara_triage_data/.gitkeep‎ b/‎data/yara_triage_data/.gitkeep‎
diff --git a/‎docs/01-create-admin-user.md‎
Lines changed: 0 additions & 66 deletions b/‎docs/01-create-admin-user.md‎
Lines changed: 0 additions & 66 deletions
@@ -1,5 +1,5 @@
 COMPOSE_PROFILES=sftp,phpmyadmin,kibana,internal-monitoring
-APP_ENV=prod
+APP_ENV=dev
 ELASTICSEARCH_CLUSTER_MODE=single-node
 SENTINELKIT_FRONTEND_HOSTNAME=sentinel-kit.local
 SENTINELKIT_BACKEND_HOSTNAME=backend.sentinel-kit.local
 
@@ -1,3 +1,4 @@
+
 *.lock
 /.env.local
 /.env.local.php
@@ -6,16 +7,22 @@
 /config/elastalert_ruleset/*
 /config/backend/*
 /data/caddy_logs/*
+!/data/caddy_logs/.gitkeep
 /data/ftp_data/*
+!/data/ftp_data/.gitkeep
 /data/grafana/*
 /data/kibana/*
+!/data/kibana/.gitkeep
 /data/rulesets/yara_ruleset/*
 /data/rulesets/sigma_ruleset/*
+!/data/rulesets/sigma_ruleset/.gitkeep
 /data/fluentbit_db/*
+!/data/fluentbit_db/.gitkeep
 /data/log_ingest_data/*/*
 !/data/log_ingest_data/*/.gitkeep
 /data/mysql_data/*
 /data/yara_triage_data/*
+!/data/yara_triage_data/.gitkeep
 /docs/graphs/*.bkp
 /sentinel-kit_server_frontend/node_modules/*
 /sentinel-kit_server_frontend/dist/*
 
@@ -1,137 +1,172 @@
 ![Sentinel Kit](docs/img/sentinel-kit_logo.png)
-# 🛡️ Sentinel Kit: The Simplified Platform for Incident Response (SOC & DFIR)
+# 🛡️ Sentinel Kit: The Unified Security Platform for SOC & DFIR
 
-**WARNING**: This project is currently in an early stage of development. Not all components have been ported to this repository, and the features are not yet stable enough for production use. The features already available online are documented [here](docs/index.md).
+**Sentinel Kit** is a comprehensive security platform designed to provide **Security Operations Center (SOC)** and **Digital Forensics and Incident Response (DFIR)** capabilities with unparalleled deployment simplicity.
 
----
-
-**Sentinel Kit** is a comprehensive Docker stack designed to provide **Digital Forensics and Incident Response (DFIR)** and **Security Operations Center (SOC)** capabilities with unparalleled deployment simplicity.
+Built for **real-time security monitoring**, **threat detection**, and **incident response**, this integrated platform enables collection, analysis, detection, and immediate response to security threats.
 
-Ideal for **situational monitoring** or **small-scale security incident response**, this integrated platform enables collection, analysis, detection, and immediate response to threats.
+![Sentinel-Kit homepage](docs/img/homepage_dashboard.png)
 
 ---
 
-## ✨ Key Features
+## ✨ Core Capabilities
 
-Sentinel Kit is an all-in-one toolkit that covers the entire security incident lifecycle:
+Sentinel Kit provides a complete security monitoring and response ecosystem:
 
-* **Log Collection & Parsing (SIEM Lite)**: Uses **Fluent Bit** for data ingestion and **Elasticsearch** for storage and indexing.
-* **Advanced Analysis & Triage**: Planned integration of **Sigma** rules for log-based detection and **YARA** for suspicious file triage (via upload mechanisms).
-* **Detection and Response (EDR)**: A dedicated agent (integrating into the ecosystem) provide real-time detection and response functionalities. In addition, this optional agent can act as a collection element to forward logs from your workstations to the sentinel-kit server.
-* **Secure Uploads**: Provides a dedicated **SFTP** server for uploading evidence, logs, or suspicious files.
-* **Comprehensive Visualization**: Monitoring dashboards via **Kibana** and **Grafana/Prometheus**.
+### 🔍 **Real-Time Threat Detection**
+* **Sigma Rules Engine**: Advanced detection rules for log-based threat hunting
+* **Alert Management**: Real-time alert processing and triage workflow
+* **Custom Detection Logic**: Create and manage custom detection rules
 
----
+### 📊 **Security Monitoring & Analytics**
+* **Unified Dashboard**: Centralized security metrics and KPIs
+* **Data Source Monitoring**: Track log ingestion and data source health
+* **Service Health Monitoring**: Platform component status and performance
 
-## 🚀 Quick Start (Installation)
+### 📁 **Log Collection & Analysis**
+* **Multi-Source Ingestion**: FluentBit-based log collection from various sources
+* **Elasticsearch Storage**: Scalable log storage and indexing
+* **Advanced Search**: Powerful querying and filtering capabilities
 
-This project is designed to be deployed in minutes using Docker Compose.
+### 🎯 **Integrated Analysis Tools**
+* **Native Alert Viewer**: Built-in alert analysis and investigation tools
+* **Kibana Integration**: Advanced log exploration and custom dashboards
+* **Grafana Dashboards**: Infrastructure monitoring and metrics visualization
 
-### Prerequisites
+---
 
-* **Docker**
-* **Docker Compose** (or Docker Engine including Compose)
-* Minimum **8 GB of RAM** (essential for Elasticsearch)
-
-### Deployment Steps
-
-1.  **Clone the Repository:**
-    ```bash
-    git clone 
-    cd sentinel-kit
-    ```
-
-2. **Set the following DNS entry (in hosts file if you are running it locally):**
-```bash
-# OS host file
-127.0.0.1   sentinel-kit.local
-127.0.0.1   backend.sentinel-kit.local
-127.0.0.1   phpmyadmin.sentinel-kit.local
-127.0.0.1   kibana.sentinel-kit.local
-127.0.0.1   grafana.sentinel-kit.local
-```
+## 🚀 Quick Start
 
-3.  **Launch the Stack:**
-    ```bash
-    docker-compose up -d
-    ```
-    *Startup may take several minutes, especially the first time, as Elasticsearch initializes and the backend installs its dependencies.*
+### Prerequisites
 
-3.  **Check Status:**
-    ```bash
-    docker-compose ps
-    ```
-    All services should be in the `Up` status.
+- **Operating System**: Windows 10/11, Linux, or macOS
+- **Docker & Docker Compose** (or Docker Desktop)
+- **Memory**: Minimum 8 GB RAM (16 GB recommended)
+- **Storage**: At least 20 GB free disk space
+- **Network**: Internet access for initial container downloads
+
+### One-Command Deployment
+
+1. **Clone and Start:**
+   ```bash
+   git clone https://github.com/codeyourweb/sentinel-kit.git
+   cd sentinel-kit
+   
+   # Windows PowerShell
+   ./launcher.ps1 build
+   
+   # Linux/macOS
+   ./launcher.sh build
+   ```
+
+   After an initial build. Startup could be done with `start` command
+
+2. **Configure DNS (Local Development):**
+   Use the integrated console command as __Administrator__:
+   ```bash
+   ./launcher.sh local-dns-install
+   ```
+
+   Or, manually add to your hosts file :
+   ```
+    127.0.0.1   sentinel-kit.local
+    127.0.0.1   backend.sentinel-kit.local
+    127.0.0.1   phpmyadmin.sentinel-kit.local
+    127.0.0.1   kibana.sentinel-kit.local
+    127.0.0.1   grafana.sentinel-kit.local
+   ```
+
+3. **Access the Platform:**
+   - **Main Dashboard**: https://sentinel-kit.local
+   - **Kibana**: https://kibana.sentinel-kit.local  
+   - **Grafana**: https://grafana.sentinel-kit.local
+
+### First Steps
+1. [Configure and create an admin user](docs/01-getting-started.md)
+2. [Add new data sources and ingest logs](docs/02-data-ingestion.md)
+3. [Create detection rules](docs/04-sigma-rules.md)
+4. [Monitor and analyze alerts](docs/05-alert-management.md)
+
+## 🏗️ Architecture Overview
+
+Sentinel Kit follows a microservices architecture with the following core components:
+
+| Component | Purpose | Technology Stack |
+|-----------|---------|------------------|
+| **Web Interface** | Main dashboard and management console | Vue.js, Nginx |
+| **Backend API** | Core business logic and data management | PHP Symfony, PHP-FPM |
+| **Detection Engine** | Sigma rules processing and alert generation | Elastalert, Python |
+| **Log Storage** | Centralized log repository and indexing | Elasticsearch |
+| **Log Ingestion** | Multi-source log collection and forwarding | FluentBit |
+| **Database** | Platform configuration and user management | MySQL |
+| **Monitoring** | Infrastructure metrics and dashboards | Prometheus, Grafana |
+| **Service Discovery** | Reverse proxy and SSL termination | Caddy |
 
 ---
 
-## 🌐 Component Access
+## 📚 Documentation
 
-Once the stack is running, you can access the interfaces via the default ports exposed by the Caddy service:
+### User Guides
+* [Getting Started](docs/01-getting-started.md) - Initial setup and first admin user creation
+* [Data Ingestion](docs/02-data-ingestion.md) - Configure log sources and data collection
+* [Sigma Rules Management](docs/04-sigma-rules.md) - Create and manage detection rules
+* [Alert Management](docs/05-alert-management.md) - Investigation and response workflows
+* [Monitoring & Health](docs/06-monitoring-health.md) - Platform monitoring and troubleshooting
 
-| Service | Role | Default Access |
-| :--- | :--- | :--- |
-| **Web Interface** (Admin frontend) | Access to the admin application | `https://sentinel-kit.local` |
-| **Web API**  | Used for clients<->server communications and admin actions over the web interface | `https://backend.sentinel-kit.local` |
-| **Kibana** | Exploration and visualization of Elastic logs | `http://kibana.sentinel-kit.local` |
-| **Grafana** | Monitoring dashboards | `http://grafana.sentinel-kit.local` |
-| **phpMyAdmin** | MySQL database management | `http://phpmyadmin.sentinel-kit.local` |
-| **SFTP Server** | Secure file/evidence upload | Port `2222` |
+---
 
-### Default Credentials (Utilities)
+## 🔄 Management Commands
 
-| Tool | Username | Password |
-| :--- | :--- | :--- |
-| **Grafana** | `sentinel-kit_grafana_admin` | `sentinel-kit_grafana_password` |
-| **MySQL (DB)** | `sentinel-kit_user` | `sentinel-kit_passwd` |
-| **SFTP** | `sentinel-kit_ftp_user` | `sentinel-kit_ftp_passwd` |
+The included launcher provides simplified platform management:
 
-All of this can be edited in `.env` file
+```powershell
+=============================================
+       Sentinel-Kit Management Script        
+=============================================
 
----
+USAGE:
+  .\launcher <command>
 
-## 🛠️ Technical Architecture (via `docker-compose.yml`)
+COMMANDS:
+  start               Start the Docker stack
+  stop                Stop the running Docker stack
+  build               Build and start the Docker stack
+  clean-data          Clean all user data and stop containers
+  console             Access Sentinel-Kit console
+  logs                Show Docker container logs
+  status              Show container status
+  local-dns-install   Install local DNS entries to hosts file
+  local-dns-uninstall Remove local DNS entries from hosts file
+  help                Show this help message
 
-The architecture is modular and relies on the interconnection of several services
-![Sentinel-Kit architecture](docs/img/sentinel-kit_network_flow.png)
+OPTIONS:
+  -Follow     Follow log output (for logs command)
+```
 
-## ⚙️ Configuration
+---
 
-Main configurations are located in the `config/` folder: (edit these elements only if you know what you are doing 😊)
+## 🛟 Support & Community
 
-* `config/caddy_server`: Reverse proxy that serve front and back-end web applications.
-* `config/docker-config`: Server stack configuration (dockerfile, entrypoints...).
-* `config/elasticsearch`: Configuration of the Elasticsearch certification chain and nodes cluster.
-* `config/fluentbit_server`: Fluent Bit configuration files (inputs, filters, outputs to Elasticsearch).
-* `config/grafana`: Grafana initial setup (datasources and dashboards).
-* `config/prometheus`: Prometheus monitoring targets configuration.
-* `config/sigma_ruleset`: sigma rules used on elasticsearch ingested logs
-* `config/yara_ruleset`: yara rules used on `data/yara_triage_data` folder or by *sentinel-kit_datamonitor* agent
+* **Documentation**: Complete guides available in the [docs/](docs/) directory
+* **Issues**: Report bugs via GitHub Issues
+* **Discussions**: Community support and feature discussions
+* **Security Issues**: Report security vulnerabilities privately
 
-## 📖 Data
+---
 
-Persistent data are located in the `data/` folder:
+## 📄 License
 
-* `data/caddy_logs`: Store the caddy server access & error logs.
-* `data/fluentbit_db`: fluentbit ingest database (to avoid indexing same data several times).
-* `data/ftp_data`: Store file uploaded on the SFTP server.
-* `data/grafana`: Contains a persistence of your grafana profile if you want to make your own dashboard and customizations.
-* `data/kibana`: Kibana user customizations (dashboard, config...).
-* `data/log_ingest_data`: Is designed to forward logs if you don't want to use fluentbit HTTP forwarder.
-* `data/yara_triage_data`: is used to automatically scan any file placed in this folder.  
+This project is licensed under the **GNU AFFERO GENERAL PUBLIC LICENSE**. See [LICENSE](LICENSE) for details.
 
 ---
 
-## 🛑 Stopping and Cleaning the Stack
+## 🙏 Acknowledgments
 
-To stop and remove the containers, networks, and volumes created by Docker Compose:
-
-```bash
-docker-compose down -v
-```
-
-If you want to erase all user data, and start from a fresh and clean installation, there is a `clean-user-data` sh or powershell (depending on your OS) to help you erasing all personal data. Then, you can rebuild the whole stack with: 
+* **Sigma Project** for the detection rule format and community rules
+* **Elastic Stack** for the powerful search and analytics engine
+* **FluentBit** for efficient and lightweight log processing
+* **Vue.js Community** for the reactive frontend framework
+* **Symfony** for this powerfull PHP framework, core of Sentinel-Kit backend
+---
 
-```bash
-docker-compose up --build --force-recreate
-```
+*Sentinel Kit - Simplifying Security Operations through Unified Platform Management*