Roadmap - ninabarzh/ipa-siem-stack GitHub Wiki
IPA-SIEM Stack Development Plan
(Prioritised for shelters' immediate needs while maintaining security/privacy standards)
Phase 1: Foundation & Stability (0-3 months)
Objective: Create a reliable core system for production use.
-
Codebase Restructuring
- Migrate to a modular architecture (separate detection, collection, and response modules)
- Implement proper configuration management (Ansible/Terraform)
- Add comprehensive logging for setup/operation troubleshooting
-
Installation Process
- Rewrite
setup.sh
as a guided wizard with:- Input validation
- Dependency checks
- Progress tracking
- Add offline installation support for air-gapped shelters
- Rewrite
-
Security Hardening
- Automated certificate provisioning (Let's Encrypt integration)
- Role-based access control for Kibana
- Secure credential management (Hashicorp Vault integration)
-
Testing Framework
- Build CI/CD pipeline (GitHub Actions)
- Create test scenarios for:
- Stalkerware detection (mSpy, FlexiSPY test cases)
- False positive validation
Phase 2: Device Support Expansion (3-6 months)
Objective: Broaden protection for survivor devices.
-
Android Enhancements
- Non-root collection via:
- ADB-based forensic tooling
- Shelter-mode workarounds
- Termux automation improvements
- Non-root collection via:
-
iOS Solutions
- Develop iTunes/Finder log parser
- Jailbreak detection alerts
- iCloud backup analysis (where legally permissible)
-
Cross-Platform Features
- USB device monitoring
- Network traffic analysis (detecting C2 servers)
Phase 3: Survivor-Centric Features (6-9 months)
Objective: Make the system more accessible and trauma-informed.
-
Privacy-Preserving Alerts
- Secure notification system (Signal/ProtonMail integration)
- Plain-language threat explanations
-
Legal Preparedness
- Automated evidence packages for law enforcement
- GDPR-compliant redaction tools
-
Shelter Integration
- Multi-tenant support for shared hosting
- Staff training simulator (interactive Kibana demo)
Phase 4: Scaling & Partnerships (9-12 months+)
Objective: Ensure long-term sustainability.
-
Deployment Options
- One-click cloud deployments (Hetzner, AWS LightSail)
- Pre-configured hardware solutions (Raspberry Pi image)
-
Threat Intelligence
- Shared IoC database (opt-in participation)
- Automated rule updates
-
Community Building
- Advocate training program
- Partner with forensic organisations for rule validation