Skip to content

docs: action-layer positioning, recent updates, security email #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
keirsalterego wants to merge 1 commit into from
Closed

docs: action-layer positioning, recent updates, security email #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Versions prior to `v0.1.0` are not supported and should not be deployed.

Do not open a public GitHub issue for security reports.

Email: `sec.vyrox@proton.me`
Email: `security@vyrox.dev`

Subject line format:

Expand Down
13 changes: 8 additions & 5 deletions profile/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,20 @@
</p>

## What It Does
Vyrox is the slightly overcaffeinated AI SOC analyst that reads the alert queue, squints at it, and then asks a human before touching anything dangerous.
Vyrox is the action layer that sits between your EDR and your team. It reads the alert queue, squints at it, acts on the real threats, and writes down exactly what it did so you can prove it later. It still asks a human before touching anything dangerous.

```
[EDR Alert] --> [Ingest] --> [Heuristics] --> [LLM triage] --> [Human Approval] --> [Action]
[EDR Alert] --> [Ingest] --> [Heuristics] --> [LLM triage] --> [Human Approval] --> [Action] --> [Audit]
```

1. **Ingest** - CrowdStrike and SentinelOne webhooks arrive like they pay rent here.
1. **Ingest** - CrowdStrike, SentinelOne, Microsoft Defender, and a generic JSON adapter all arrive like they pay rent here.
2. **Triage** - Deterministic heuristics handle most of the obvious nonsense.
3. **Escalate** - Ambiguous cases get a second opinion from the LLM.
4. **Approve** - HIGH/CRITICAL alerts surface with enough context to make a sane decision.
5. **Execute** - Approved actions hit the hardened Rust proxy, because chaos deserves guardrails.
6. **Prove** - Every action lands in a SHA-256 hash-chained, tamper-evident audit log you own. The boring slide that wins the audit.

The important bit: **no autonomous containment**. Humans approve before anything gets isolated, killed, or dramatically overreacted to.
The important bit: **no autonomous containment** today. A human approves before anything gets isolated, killed, or dramatically overreacted to. Autonomy is opt-in and on the roadmap, never a default.

## Repositories

Expand All @@ -43,14 +44,16 @@ The heuristics stay proprietary because that is the actual product, and shipping
## Quick Links

- Website: [vyrox.dev](https://vyrox.dev)
- Security issues: sec.vyrox@proton.me
- Security issues: security@vyrox.dev
- PGP key: [vyrox.dev/.well-known/pgp-key.txt](https://vyrox.dev/.well-known/pgp-key.txt)
- Report vulnerabilities: [SECURITY.md](https://github.com/vyrox-security/.github/blob/main/SECURITY.md)

## Status

Alpha. Breaking things. Moving fast. Wearing a hard hat.

Recently shipped: multi-EDR ingestion (CrowdStrike, SentinelOne, Microsoft Defender, generic JSON), a SHA-256 hash-chained tamper-evident audit log, and an MIT-licensed Rust containment proxy you can read in an afternoon.


<!-- contributors start -->
## Contributors
Expand Down