Colvert is a tool made for cybersecurity teams (CSIRTs / SOCs) and designed to manage their portfolio of detection use cases through their entire lifecycle in the context of Information Security Event Management.
Colvert manage the portfolio of detection use cases with the possibility to document and follow-up use cases development, improvement and implementation; testing status; risk coverage compared to well-known security threats based on multiple contextual data sources; related preventive controls; and instructions for analysts triage, qualification, and correlation as playbooks and Standard Operating Procedures (SOPs). It is designed to be used in the context of the Service Area Information Security Event Management / Service Monitoring and Detection / Function Detection Use Case Management as defined in the CSIRT Services Framework Version 2.1 from the FIRST:
Purpose: Manage the portfolio of detection use cases through their entire lifecycle.
Description: New detection approaches are developed, tested, and improved, and eventually onboarded into a detection use case in production. Instructions for analyst triage, qualification, and correlation need to be developed, for example in the form of playbooks and Standard Operating Procedures (SOPs). Use cases that do not perform well, i.e., that have an unfavorable benefit/effort ratio, need to be improved, redefined, or abandoned. The portfolio of detection use cases should be expanded in a risk-oriented way and in coordination with preventive controls.
Outcome: A portfolio of effective detection use cases that are relevant to the constituency is developed.
To respond to the needs explained above, Colvert offers the following key features:
- Dashboards
- Detection Use Cases Management
- Add / Modify / Delete Detection Use Cases
- From idea to organized and prioritized development
- Map local ideas and needs to those provided by connectors
- Synchronize detection use cases with providers catalogs
- Use cases scoring for priorization
- Add full rich-text documentation and additional more-valued data fields as:
- Runbooks for security analysts
- Implemented queries
- Add Custom Lists (Whitelists, Thresholds, Scope, etc.)
- Attach external documents or reference to
- Development status
- Add / Modify / Delete Detection Use Cases
- Scoring System
- Connectors
- Source Logs
- For now, one Colvert instance is dedicated to one constituency. In the future, Colvert should be able to manage a relationship between detection use cases and multiple constituencies.
- Metrics about use cases that do not perform well, i.e., that have an unfavorable benefit/effort ratio, need to be improved, redefined, or abandoned.
Detection Use Case >>> DUC >>> DUCK >>> Colvert (Mallard duck in French).
That's it.
- Website: colvert.io
- Documentation: docs.colvert.io
- Git Repository:
git clone https://github.com/colvert-project/colvert.git - Last Release: colvert/releases/latest
- Packages: colvert-project/packages
- Discussions: colvert-project/discussions
- Issues Tracker: colvert/issues
Changelog details are available on the releases page.
All topics about installation / deployment / usage / design / architecture / etc. can be found in documentation.
- Security Policy: colvert/security/policy
- Security Advisories: colvert/security/advisories
- Feel free to start a topic in discussions part: colvert-project/discussions
- You can also contact project maintainers via mail: contact@colvert.io
- styx0x6 <https://github.com/styx0x6>
Colvert - The Detection Use Case Management Tool
Copyright © 2024 The Colvert Contributors (see README.md / colvert/settings.py)
Licensed under the EUPL, Version 1.2 only (the "Licence"); You may not use this work except in compliance with the Licence. You may obtain a copy of the Licence, available in the 23 official languages of the European Union, at:
https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
Colvert Logo © 2024 by Colvert Project Team is licensed under CC BY-SA 4.0
Credits are listed in docs/Credits.