Skip to content

SatyamPandey-07/Ares

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

⚡ ARES — AI-Native SOC Platform

Turborepo pnpm Next.js 15 FastAPI Docker Compose

ARES is an enterprise-grade, multi-tenant AI-Native Security Operations Center (SOC) platform designed for modern security analysts, IT teams, and managers. It prioritizes outcomes and decisions over raw telemetry, allowing organizations to triage alerts, manage investigations, and utilize AI assistance inside an integrated, fast, and minimalist workspace.

Built with a pnpm + Turborepo monorepo architecture, ARES bundles a Next.js 15 App Router frontend dashboard with a FastAPI Modular Monolith backend, backed by PostgreSQL, Redis, Elasticsearch, and Kafka.


🏗️ Repository Architecture

The monorepo isolates reusable logic, shared typescript typings, SDK wrappers, and backend/frontend application workspaces:

ares/
├── apps/
│   ├── dashboard/                # Next.js 15 SOC dashboard (Port 3000)
│   ├── api/                      # FastAPI Modular Monolith (Port 8000)
│   ├── ingestion/                # Kafka consumers (skeleton)
│   └── worker/                   # Background jobs (skeleton)
├── packages/
│   ├── ui/                       # Shared React components library
│   ├── types/                    # Shared TypeScript declarations
│   ├── sdk/                      # Type-safe JavaScript/TypeScript client SDK
│   └── schemas/                  # Shared schema generators / OpenAPI definitions
├── infra/
│   └── docker/
│       └── docker-compose.yml    # PostgreSQL, Redis, Elasticsearch, Kafka config
├── turbo.json                    # Turborepo task orchestrator configuration
├── pnpm-workspace.yaml           # pnpm workspaces definition
└── package.json                  # Root monorepo configuration

🛠️ Tech Stack & Design Philosophy

Backend Modular Monolith (apps/api/)

  • FastAPI: Async-first, automatic OpenAPI documentation.
  • SQLAlchemy 2.x: Declarative models mapping, async connections utilizing asyncpg (PostgreSQL) or aiosqlite (local SQLite fallback).
  • Alembic: Database migrations framework setup.
  • Pydantic v2: Type validations and JSON serialization.

Frontend Dashboard (apps/dashboard/)

  • Next.js 15 App Router: Modern styling utilizing Tailwind CSS and React 19.
  • App Shell: Left-aligned navigation, tenant dropdown switcher, dark theme, and audit trail records.
  • Split-Pane Alert Triage: Visual list of alerts coupled with slide-out assessment workspaces (timeline, indicators, AI analysis).
  • Investigations Console: Chronological event logs, gathered evidence tabs, notes tracking, and a docked AI chat assistant panel.
  • Onboarding Wizard: 4-step workflow establishing organization boundaries, connector linkages, and automated mock-data seeding.

⚙️ Environment Variables & Config: Do you need a .env?

Short Answer: No, everything is pre-configured to work out-of-the-box! 🚀

You do not need to create any .env files to run the product locally! The codebase is configured with robust default values that automatically match the local development server scripts and the dockerized infrastructure.

  • Database fallback: If PostgreSQL is not running or accessible, the FastAPI backend will automatically fall back to using a local SQLite file (ares.db in apps/api/) for testing.
  • Mock AI fallback: If the ANTHROPIC_API_KEY is not provided, the platform automatically deploys a context-aware mock AI SOC analyst. The mock agent acts as a simulated Claude assistant, processing alerts and using mock VirusTotal/MITRE mapping data to remain fully testable without third-party API keys or expenses.

Customizing Configuration (For Production/Staging Deployments)

Should you wish to override the default configuration, you can create the following environment files:

1. Backend Config (apps/api/.env)

Create a .env file inside apps/api/ with any of the following variables to customize:

Variable Description Default Value
DATABASE_URL Database connection string postgresql+asyncpg://postgres:postgrespassword@localhost:5433/ares
SECRET_KEY JWT signing secret key ares-super-secret-key-change-in-production-123456
REDIS_URL Cache/sessions server URL redis://localhost:6379/0
ELASTICSEARCH_URL Logs indexer endpoint http://localhost:9200
KAFKA_BOOTSTRAP_SERVERS Event stream brokers localhost:9092
ANTHROPIC_API_KEY Anthropic Claude API key Optional (defaults to Mock AI SOC Analyst if left blank)

2. Frontend Config (apps/dashboard/.env.local)

Create a .env.local file inside apps/dashboard/ to modify client-side target API endpoints:

Variable Description Default Value
NEXT_PUBLIC_API_URL Base API target URL for the dashboard client http://localhost:8000

⚡ Setup & Launch Instructions

1. Prerequisites

Ensure you have the following installed:

  • Node.js (v22+ recommended)
  • pnpm (v10+ recommended)
  • Python (v3.10+)
  • Docker Desktop (active daemon)

2. Install Dependencies

At the root directory, install workspace nodes and compile Typescript packages:

pnpm install
pnpm build

3. Spin up Docker Telemetry Stack

Launch PostgreSQL, Redis, Elasticsearch, and Kafka in the background:

docker compose -f infra/docker/docker-compose.yml up -d

Note

Mapped services run on standard ports, with PostgreSQL bound to 5433 on the host to prevent default host port 5432 conflicts.

4. Configure Python Virtual Environment

Navigate to apps/api/, create a virtualenv, and install requirements:

cd apps/api
python -m venv .venv

# On Windows PowerShell:
.venv\Scripts\Activate.ps1

# On Linux/macOS:
source .venv/bin/activate

pip install -r requirements.txt
cd ../..

5. Run Database Migrations

To initialize your database schema, run the Alembic migrations:

cd apps/api
# Make sure your virtualenv is active!
alembic upgrade head
cd ../..

6. Launch Development Servers

Run the dev servers concurrently using Turborepo:

pnpm dev
  • SOC Dashboard UI: http://localhost:3000
  • FastAPI API Server: http://localhost:8000
  • OpenAPI Documentation: http://localhost:8000/docs

🎯 Verification & Testing Flow

  1. Open http://localhost:3000. You will be redirected to the Login Page.
  2. Click "Create an organization" at the bottom to enter the onboarding wizard.
  3. Define your company, create credentials, select a log source (e.g. Elastic), and click Verify.
  4. The onboarding wizard will register your profile, test connection endpoints, and trigger database seeding:
    • Seeded Alerts: A Critical account takeover brute-force attempt, a High Powershell trojan download process, and a Medium SQL injection scanner probe.
    • Seeded Cases: 2 open cases linked to the threat telemetry logs.
  5. Click "Go to Workspace" to enter the live command console. Select any alert to inspect the timeline, indicators (IPs/hashes), and chat directly with the docked Claude-based AI Analyst.

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors