Self-hosted, open-source security operations platform. Threat monitoring, analysis, and automated response with full control over your data.
- Aggregate threat intelligence from 50+ sources
- Monitor cloud infrastructure security posture (AWS, Azure, GCP)
- Automate incident response with YAML playbooks
- Track and manage vulnerabilities
- Collect endpoint telemetry
- Use LLMs for threat analysis and report generation
| Feature | Description |
|---|---|
| API Gateway | Single entry point with rate-limiting and authentication |
| Identity Management | Users, teams, RBAC (Role-Based Access Control), JWT (JSON Web Tokens) |
| Cloud Security (CSPM) | CSPM (Cloud Security Posture Management): scan AWS, Azure, GCP for misconfigurations |
| Vulnerability Management | Scan, prioritize, and track vulnerabilities (CVE) |
| Automated Response (SOAR) | SOAR (Security Orchestration, Automation, and Response): YAML-based playbooks |
| LLM Analysis | LLM-based (Large Language Models) threat analysis and reporting |
Microservices architecture. Each component is an independent service communicating through an API gateway.
graph TD
subgraph "Client Layer"
UI[Dashboard UI]
CLI[CLI Tools]
API_CLIENT[API Clients]
end
subgraph "Gateway Layer"
GATEWAY[Security Gateway]
IDENTITY[Identity Service]
end
subgraph "Core Services"
API[Security API]
DATA[Data Lake]
CSPM[CSPM Service]
GUARDIAN[Guardian]
RESPONDER[Responder]
AGENTS[AI Agents]
SENSOR[Sensor]
end
subgraph "Data Layer"
POSTGRES[(PostgreSQL)]
REDIS[(Redis)]
ELASTICSEARCH[(Elasticsearch)]
end
subgraph "External Services"
STRIPE[Stripe]
OPENAI[OpenAI]
FEEDS[Threat Feeds]
CLOUD_APIS[Cloud APIs]
end
UI --> GATEWAY
CLI --> GATEWAY
API_CLIENT --> GATEWAY
GATEWAY --> IDENTITY
GATEWAY --> API
GATEWAY --> DATA
GATEWAY --> CSPM
GATEWAY --> GUARDIAN
GATEWAY --> RESPONDER
GATEWAY --> AGENTS
SENSOR --> GATEWAY
API --> POSTGRES
DATA --> POSTGRES
CSPM --> POSTGRES
GUARDIAN --> POSTGRES
RESPONDER --> POSTGRES
AGENTS --> POSTGRES
GATEWAY --> REDIS
API --> REDIS
CSPM --> REDIS
RESPONDER --> REDIS
DATA --> ELASTICSEARCH
IDENTITY --> STRIPE
AGENTS --> OPENAI
DATA --> FEEDS
CSPM --> CLOUD_APIS
- Docker >= 20.10
- Docker Compose >= 2.0
- 8GB RAM minimum (16GB recommended)
- Linux, macOS, or Windows with WSL2
# 1. Clone the repository
git clone https://github.com/fabriziosalmi/wildbox.git
cd wildbox
# 2. Create environment file from template
cp .env.example .env
# 3. Generate secure secrets
openssl rand -hex 32 # Use output for JWT_SECRET_KEY
openssl rand -hex 32 # Use output for DATABASE_PASSWORD
# Update .env file with generated secrets
# 4. Start all services
docker-compose up -d
# 5. Wait for services to initialize (2-3 minutes)
docker-compose logs -f gateway identity
# 6. Verify health status
curl http://localhost/health
curl http://localhost:8001/health
# 7. Access the platform
# Dashboard: http://localhost:3000
# API Documentation: http://localhost:8000/docs
# Gateway: http://localhost- Email:
[email protected] - Password:
CHANGE-THIS-PASSWORD
Change default credentials immediately after first login.
- Review Security Best Practices
- Configure Environment Variables
- Read Deployment Guide for production setup
- Explore API Documentation
- Check Docker logs:
docker-compose logs <service-name> - Verify port availability:
netstat -tuln | grep -E '(8000|8001|3000|5432|6379)' - Ensure sufficient disk space:
df -h - See TROUBLESHOOTING.md for common issues
Identity management, JWT authentication, API key management, subscription billing. FastAPI, PostgreSQL, Stripe, JWT.
API gateway with routing, rate-limiting, and authentication. OpenResty (Nginx + Lua), Redis, Docker.
Unified API for 50+ security tools with dynamic discovery and execution. FastAPI, Redis, Docker.
Threat intelligence aggregation and serving. FastAPI, PostgreSQL, Elasticsearch, Redis.
Multi-cloud security posture management and compliance scanning.
Not enabled in the default docker-compose.yml.
FastAPI, Celery, Redis, Python cloud SDKs.
Vulnerability lifecycle management with risk-based prioritization. Django, PostgreSQL, Celery, Redis.
Endpoint monitoring and telemetry collection.
Not enabled in the default docker-compose.yml.
osquery, Python, HTTPS.
Incident response automation with YAML-based playbooks. FastAPI, Dramatiq, Redis.
Node-based workflow automation for connecting services and APIs. n8n, Node.js, Docker.
LLM-based security analysis and automation. FastAPI, Celery, LangChain, OpenAI.
Web interface for the platform. Next.js, TypeScript, Tailwind CSS, TanStack Query.
- Next.js 14 - React framework with App Router
- TypeScript 5.0+ - Type-safe JavaScript
- Tailwind CSS - Utility-first CSS framework
- Shadcn/ui - React components built on Radix UI
- TanStack Query - Data synchronization for React
- Recharts - Charting library for React
- FastAPI - Python async web framework
- Django 4.2 LTS - Python web framework
- OpenResty - Nginx + LuaJIT
- PostgreSQL 15 - Relational database
- Redis 7 - In-memory data store for caching and queues
- SQLAlchemy - Python ORM
- Alembic - Database migrations
- Celery - Distributed task queue
- OpenAI API - LLM integration for threat analysis
- LangChain - LLM application framework
- Pydantic - Data validation
- NLTK - Natural language processing
- Scikit-learn - Machine learning
- Docker / Docker Compose - Containerization and orchestration
- Nginx - Reverse proxy
- Prometheus - Metrics and monitoring
- Grafana - Visualization
- GitHub Actions - CI/CD
- JWT - Authentication tokens
- bcrypt - Password hashing
- cryptography - Cryptographic primitives
- osquery - Endpoint monitoring
- TLS 1.3 - Transport encryption
Current version: v0.5.5 (Security-Hardened)
Phase 1: Stabilization - Done
- Core security controls, documentation, CI/CD
Phase 2: Security Hardening - Done
- 3-round security audit, 35 issues fixed
- 96/98 Dependabot alerts resolved
- JWT revocation, account lockout, network segmentation
- Docker network isolation, CI/CD secrets, Prometheus alerting
Phase 3: Feature Expansion - Planned
- Additional cloud provider integrations
- Extended SOAR capabilities
- Next.js 16 migration
See Contributing Guide for development setup and guidelines.
Full documentation: wildbox.io
- SETUP_GUIDE.md - Deployment guide
- SECURITY.md - Security policy and vulnerability reporting
- TROUBLESHOOTING.md - Common issues and solutions
- CHANGELOG.md - Version history
MIT License. See LICENSE.
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Security: [email protected]