Roadmap - ninabarzh/ipa-siem-stack GitHub Wiki

IPA-SIEM Stack Development Plan

(Prioritised for shelters' immediate needs while maintaining security/privacy standards)

Phase 1: Foundation & Stability (0-3 months)

Objective: Create a reliable core system for production use.

  1. Codebase Restructuring

    • Migrate to a modular architecture (separate detection, collection, and response modules)
    • Implement proper configuration management (Ansible/Terraform)
    • Add comprehensive logging for setup/operation troubleshooting

  2. Installation Process

    • Rewrite setup.sh as a guided wizard with:
      • Input validation
      • Dependency checks
      • Progress tracking
    • Add offline installation support for air-gapped shelters

  3. Security Hardening

    • Automated certificate provisioning (Let's Encrypt integration)
    • Role-based access control for Kibana
    • Secure credential management (Hashicorp Vault integration)

  4. Testing Framework

    • Build CI/CD pipeline (GitHub Actions)
    • Create test scenarios for:
      • Stalkerware detection (mSpy, FlexiSPY test cases)
      • False positive validation

Phase 2: Device Support Expansion (3-6 months)

Objective: Broaden protection for survivor devices.

  1. Android Enhancements

    • Non-root collection via:
      • ADB-based forensic tooling
      • Shelter-mode workarounds
    • Termux automation improvements

  2. iOS Solutions

    • Develop iTunes/Finder log parser
    • Jailbreak detection alerts
    • iCloud backup analysis (where legally permissible)

  3. Cross-Platform Features

    • USB device monitoring
    • Network traffic analysis (detecting C2 servers)

Phase 3: Survivor-Centric Features (6-9 months)

Objective: Make the system more accessible and trauma-informed.

  1. Privacy-Preserving Alerts

    • Secure notification system (Signal/ProtonMail integration)
    • Plain-language threat explanations

  2. Legal Preparedness

    • Automated evidence packages for law enforcement
    • GDPR-compliant redaction tools

  3. Shelter Integration

    • Multi-tenant support for shared hosting
    • Staff training simulator (interactive Kibana demo)

Phase 4: Scaling & Partnerships (9-12 months+)

Objective: Ensure long-term sustainability.

  1. Deployment Options

    • One-click cloud deployments (Hetzner, AWS LightSail)
    • Pre-configured hardware solutions (Raspberry Pi image)

  2. Threat Intelligence

    • Shared IoC database (opt-in participation)
    • Automated rule updates

  3. Community Building

    • Advocate training program
    • Partner with forensic organisations for rule validation