Colvert is a tool designed to manage your portfolio of detection use cases through their entire lifecycle in the context of Information Security Event Management.

Colvert manage the portfolio of detection use cases with the possibility to document and follow-up use cases development, improvement and implementation; testing status; risk coverage compared to well-known security threats based on multiple contextual data sources; related preventive controls; and instructions for analysts triage, qualification, and correlation as playbooks and Standard Operating Procedures (SOPs). It is designed to be used in the context of the Service Area Information Security Event Management / Service Monitoring and Detection / Function Detection Use Case Management as defined in the CSIRT Services Framework Version 2.1 from the FIRST:

Purpose: Manage the portfolio of detection use cases through their entire lifecycle.

Description: New detection approaches are developed, tested, and improved, and eventually onboarded into a detection use case in production. Instructions for analyst triage, qualification, and correlation need to be developed, for example in the form of playbooks and Standard Operating Procedures (SOPs). Use cases that do not perform well, i.e., that have an unfavorable benefit/effort ratio, need to be improved, redefined, or abandoned. The portfolio of detection use cases should be expanded in a risk-oriented way and in coordination with preventive controls.

Outcome: A portfolio of effective detection use cases that are relevant to the constituency is developed.

To respond to the needs explained above, Colvert offers the following key features:

• TODO - List key features.

• For now, one Colvert instance is dedicated to one constituency. In the future, Colvert should be able to manage a relationship between detection use cases and multiple constituencies.
• TODO - Use cases that do not perform well, i.e., that have an unfavorable benefit/effort ratio, need to be improved, redefined, or abandoned. TODO Statistics follow-up?
• TODO Finish list

Detection Use Case >>> DUC >>> DUCK >>> Colvert (Mallard duck in French). That's it.

• Website: colvert.io
• Git Repository: git clone https://github.com/colvert-project/colvert.git
• Last Release: colvert/releases/latest
• TODO Packages: colvert-project/packages
• Docker Registries:
  • Docker Hub: TODO
  • GitHub Container: https://ghcr.io/TODO
• Issues Tracker: colvert/issues
• Discussions: colvert-project/discussions
• Documentation: docs.colvert.io

Changelog details are available on the releases page.

TODO Deploy how to run code, development and maintenance

Needs a WSGI server

Docker install

TODO Live demo website

• • Link in links
• • Link in Intro

()

AdminLTE

Colvert is a web application written in Python 3, built on Django 5 web framework with AdminLTE 4 as Bootstrap 5 template for view and control parts.

jQuery .TODO

TODO Check also with 3.10, 3.11, etc. (recents Python version)

TODO - For all concern about software logic, please refer to the design documentation. See DESIGN.md for all technical details.

TODO - git clone doc

docs.colvert.io

TODO User doc.

TODO Dev. doc.

TODO DESIGN.md

• Software Lifecycle
  • Design & Technicals
  • CD/CI Ecosystem Status
    • TODO GitHub Status
    • https://www.traviscistatus.com/

TODO Dependencies badge out of date?

TODO NewReleases.io

• Feel free to start a topic in discussions part: colvert-project/discussions
• You can also contact project maintainers via mail: [email protected]

TODO Advisory

TODO SECURITY.md

• Security Policy: colvert/security/policy
• Security Advisories: colvert/security/advisories

• styx0x6 <https://github.com/styx0x6>

Colvert - The Detection Use Case Management Tool

Copyright © 2024 The Colvert Contributors (see README.md / colvert/settings.py)

Licensed under the EUPL, Version 1.2 only (the "Licence"); You may not use this work except in compliance with the Licence. You may obtain a copy of the Licence, available in the 23 official languages of the European Union, at:

https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12

Colvert Logo © 2024 by Colvert Project Team is licensed under CC BY-SA 4.0

Credits are listed in documentation. TODO Set exact link.