diff --git a/README.md b/README.md index 038e5ae..4ca0540 100644 --- a/README.md +++ b/README.md @@ -90,4 +90,4 @@ See CONTRIBUTING.md for full contribution process, style expectations, and merge This repository is distributed under Vyrox organisation terms for public community files. See LICENCE in the relevant target repository for component-specific licence terms. -Website: vyrox.dev (coming soon) \ No newline at end of file +Website: [vyrox.dev](https://vyrox.dev) \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md index f0625e1..1fe2556 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -13,7 +13,7 @@ Versions prior to `v0.1.0` are not supported and should not be deployed. Do not open a public GitHub issue for security reports. -Email: `sec.vyrox@proton.me` +Email: `security@vyrox.dev` Subject line format: diff --git a/profile/README.md b/profile/README.md index 257f3aa..adc295b 100644 --- a/profile/README.md +++ b/profile/README.md @@ -11,19 +11,20 @@

## What It Does -Vyrox is the slightly overcaffeinated AI SOC analyst that reads the alert queue, squints at it, and then asks a human before touching anything dangerous. +Vyrox is the action layer that sits between your EDR and your team. It reads the alert queue, squints at it, acts on the real threats, and writes down exactly what it did so you can prove it later. It still asks a human before touching anything dangerous. ``` -[EDR Alert] --> [Ingest] --> [Heuristics] --> [LLM triage] --> [Human Approval] --> [Action] +[EDR Alert] --> [Ingest] --> [Heuristics] --> [LLM triage] --> [Human Approval] --> [Action] --> [Audit] ``` -1. **Ingest** - CrowdStrike and SentinelOne webhooks arrive like they pay rent here. +1. **Ingest** - CrowdStrike, SentinelOne, Microsoft Defender, and a generic JSON adapter all arrive like they pay rent here. 2. **Triage** - Deterministic heuristics handle most of the obvious nonsense. 3. **Escalate** - Ambiguous cases get a second opinion from the LLM. 4. **Approve** - HIGH/CRITICAL alerts surface with enough context to make a sane decision. 5. **Execute** - Approved actions hit the hardened Rust proxy, because chaos deserves guardrails. +6. **Prove** - Every action lands in a SHA-256 hash-chained, tamper-evident audit log you own. The boring slide that wins the audit. -The important bit: **no autonomous containment**. Humans approve before anything gets isolated, killed, or dramatically overreacted to. +The important bit: **no autonomous containment** today. A human approves before anything gets isolated, killed, or dramatically overreacted to. Autonomy is opt-in and on the roadmap, never a default. ## Repositories @@ -31,19 +32,19 @@ The important bit: **no autonomous containment**. Humans approve before anything |------|-------------|---------|-------| | [vyrox-proxy](https://github.com/vyrox-security/vyrox-proxy) | Rust containment proxy for the important kind of panic | MIT | ![vyrox-proxy stars](https://img.shields.io/github/stars/vyrox-security/vyrox-proxy?style=flat-square) | | [vyrox-docs](https://github.com/vyrox-security/vyrox-docs) | Architecture docs for the stuff everyone pretends not to read | Proprietary | ![vyrox-docs stars](https://img.shields.io/github/stars/vyrox-security/vyrox-docs?style=flat-square) | -| [vyrox-simulator](https://github.com/vyrox-security/vyrox-simulator) | Alert simulation, because production is a terrible place to improvise | Proprietary | ![vyrox-simulator stars](https://img.shields.io/github/stars/vyrox-security/vyrox-simulator?style=flat-square) | +| [vyrox-simulator](https://github.com/vyrox-security/vyrox-simulator) | Alert simulation, because production is a terrible place to improvise | MIT | ![vyrox-simulator stars](https://img.shields.io/github/stars/vyrox-security/vyrox-simulator?style=flat-square) | | [vyrox-landing](https://github.com/vyrox-security/vyrox-landing) | Public marketing site with just enough polish to be dangerous | Proprietary | ![vyrox-landing stars](https://img.shields.io/github/stars/vyrox-security/vyrox-landing?style=flat-square) | ## Why Open Core The proxy is MIT because if software can isolate a production host, the public should at least be able to audit the melodrama. -The heuristics stay proprietary because that is the actual product, and shipping detection logic publicly would be a very generous gift to the other team. +The heuristics stay proprietary because shipping detection logic publicly would be a very generous gift to the other team. The thing customers actually buy is the part you CAN inspect: the action layer and the tamper-evident record it leaves behind. ## Quick Links - Website: [vyrox.dev](https://vyrox.dev) -- Security issues: sec.vyrox@proton.me +- Security issues: security@vyrox.dev - PGP key: [vyrox.dev/.well-known/pgp-key.txt](https://vyrox.dev/.well-known/pgp-key.txt) - Report vulnerabilities: [SECURITY.md](https://github.com/vyrox-security/.github/blob/main/SECURITY.md) @@ -51,6 +52,8 @@ The heuristics stay proprietary because that is the actual product, and shipping Alpha. Breaking things. Moving fast. Wearing a hard hat. +Recently shipped: multi-EDR ingestion (CrowdStrike, SentinelOne, Microsoft Defender, generic JSON), a SHA-256 hash-chained tamper-evident audit log, and an MIT-licensed Rust containment proxy you can read in an afternoon. + ## Contributors