|
 |
|
|
|
We are happy to announce two new open-source releases that together complete a fully automated, intelligence-driven security operations pipeline, closing the loop on hybrid rule-based and AI-driven threat detection and response.
IDPS-ESCAPE (v0.7 + v0.8) brings the most significant functional leap since RADAR was introduced:
RADAR risk engine — a principled weighted fusion model combining anomaly detection signals, signature-based risk, and live CTI scores into a three-tier automated response: notification, remediation with case creation, and full host isolation
DECIPHER integration — a fully operational client that queries CTI from MISP, fuses scores into RADAR's risk model, and opens structured Flowintel incident cases automatically — no manual SOC intervention needed
SONAR — a multivariate anomaly detection engine for Wazuh, powered by the deep learning algorithm MTAD-GAT, with a YAML-based scenario system for repeatable, code-free detection workflows, and debug mode for offline train-detect cycles without a live Wazuh instance
SATRAP-DL (v0.4) delivers the other side of that integration:
DECIPHER — an open-source REST microservice for automated, IOC-based severity-confidence scoring of security alerts backed by MISP threat intelligence and prioritized Flowintel case creation
PyFlowintel — a clean Python library wrapping the Flowintel API, enabling programmatic case management
One-command deployment of the full stack: DECIPHER + MISP + Flowintel
Together, these two releases close the MAPE-K loop end-to-end: RADAR detects a threat → DECIPHER enriches it with live CTI → a risk score drives the right automated response → a prioritized Flowintel incident case lands in the analyst's queue. Entirely open-source.
We are excited to announce C5-DEC CAD v1.2 - our open-source, AI-enabled toolkit for computer-aided secure system design, development, and evaluation.
C5-DEC CAD unifies Common Criteria (CC) tooling, SSDLC traceability, compliance workflows, cyber-physical system security assessment, cryptography, and resource management in one repository-centric platform.
C5-DEC CAD helps teams run a complete secure-by-design workflow in one place:
Common Criteria engineering support with structured knowledge and specification workflows
End-to-end requirements, design artifacts, tests, and traceability built on our SpecEngine subsystem
Practical SSDLC tooling for compliance, threat modelling, risk analysis, documentation, and evidence generation via our DocEngine
What’s new in v1.2:
CRA compliance module: Annex I checklist, Annex VII technical documentation generation, Annex V EU Declaration of Conformity, with support for Default, Class I, Class II, and Critical classes
SBOM lifecycle management: Syft-based generation (CycloneDX/SPDX), validation, diffing, traceability, and CRA cross-verification
Native cryptography module: PQC, SHA-256 integrity checks, GnuPG signing/encryption, Shamir’s Secret Sharing, and digital signatures
Expanded CPSSA: threat model generation (OWASP pytm/Threagile-compatible), FAIR-based quantitative risk analysis, STRIDE-based reporting
SpecEngine and DocEngine enhancements: richer traceability visualization, interactive specification browser, traceability statistics, Mermaid rendering pipeline, design artifact hygiene utilities, and CRA-ready report/presentation templates
Also in v1.2: completed CC:2022 knowledge base content, stronger Docker hardening, and a significantly expanded test suite.