fix(iwooos): remove public runtime boundary phrases [skip ci]
This commit is contained in:
@@ -154,11 +154,11 @@
|
||||
}
|
||||
},
|
||||
"boundaries": {
|
||||
"secret": "不收 secret value、token、private key、cookie 或 private clone credential。",
|
||||
"secret": "不收機密明文、token、private key、cookie 或 private clone credential。",
|
||||
"production": "不直接改 production runtime、public gateway、Nginx、Docker、K8s 或 firewall。",
|
||||
"repo": "不直接建立 GitHub repo、改 visibility、sync refs、force push 或 trigger workflow。",
|
||||
"data": "不直接做資料庫、backup、restore 或 migration 寫操作。",
|
||||
"security": "不啟動 Wazuh / Kali active response、active scan 或 host containment。"
|
||||
"security": "不啟動 Wazuh / Kali 主動回應流程、active scan 或 host containment。"
|
||||
},
|
||||
"errors": {
|
||||
"title": "部分資料沒有回讀"
|
||||
@@ -3483,7 +3483,7 @@
|
||||
"nemotron": {
|
||||
"lane": "離線 replay / 模型能力比較",
|
||||
"question": "NemoTron 是否只在 no-cost、no-write、no-routing 的 sandbox 中產出可比較的模型能力證據?",
|
||||
"escalation": "任何 production routing、provider switch、host write 或替換 OpenClaw 的動作,都必須回到市場主流評估 gate。"
|
||||
"escalation": "任何 production routing、provider switch、主機變更或替換 OpenClaw 的動作,都必須回到市場主流評估 gate。"
|
||||
},
|
||||
"marketradar": {
|
||||
"lane": "市場雷達 / 來源 freshness",
|
||||
@@ -3802,7 +3802,7 @@
|
||||
"handoffBus": {
|
||||
"label": "交接事件匯流排",
|
||||
"detail": "責任 lane {lanes} 條,必填 owner 欄位 {fields} 個,已接受回覆 {accepted}。",
|
||||
"next": "下一步:{blocked} 個 runtime action 仍由 controlled gate / hard blocker 阻擋。"
|
||||
"next": "下一步:{blocked} 個執行期變更仍由 controlled gate / hard blocker 阻擋。"
|
||||
},
|
||||
"ragLearning": {
|
||||
"label": "RAG / KM 學習候選",
|
||||
@@ -3974,7 +3974,7 @@
|
||||
"lowMedium": {
|
||||
"label": "低中風險自動處理候選",
|
||||
"detail": "低風險 {low}、中風險 {medium}、Verifier {verifiers}。",
|
||||
"next": "OpenClaw 先乾跑與審計理由;blocked runtime action {blocked} 不執行。"
|
||||
"next": "OpenClaw 先乾跑與審計理由;blocked 執行期變更 {blocked} 不執行。"
|
||||
},
|
||||
"highRisk": {
|
||||
"label": "高風險審核與批准包",
|
||||
@@ -6197,7 +6197,7 @@
|
||||
"destructive": "destructive: {value}",
|
||||
"liveExecution": "live execution: {value}",
|
||||
"opensLive": "opens live: {value}",
|
||||
"runtimeAction": "runtime action: {value}"
|
||||
"runtimeAction": "執行期變更:{value}"
|
||||
},
|
||||
"labels": {
|
||||
"nextGate": "next gate: {value}",
|
||||
@@ -6260,7 +6260,7 @@
|
||||
"destructive": "destructive: {value}",
|
||||
"liveReadback": "live readback: {value}",
|
||||
"resultWrite": "result write: {value}",
|
||||
"runtimeAction": "runtime action: {value}"
|
||||
"runtimeAction": "執行期變更:{value}"
|
||||
},
|
||||
"labels": {
|
||||
"sideEffect": "副作用 {count}",
|
||||
@@ -6328,7 +6328,7 @@
|
||||
"targetSystem": "target: {value}",
|
||||
"writeEnabled": "write enabled: {value}",
|
||||
"runtimeWriter": "執行期寫入r: {value}",
|
||||
"runtimeAction": "runtime action: {value}"
|
||||
"runtimeAction": "執行期變更:{value}"
|
||||
},
|
||||
"resultStates": {
|
||||
"diagnostic_only": "只完成診斷",
|
||||
@@ -20527,7 +20527,7 @@
|
||||
"securityControlCoverage": {
|
||||
"eyebrow": "IwoooS 資安納管覆蓋總表",
|
||||
"title": "主機、產品、服務、工具與 AI Agent 先收斂成同一張總帳",
|
||||
"subtitle": "這張板彙整 committed snapshot,集中顯示高價值配置、主機服務、監控告警、SSH / Firewall、runtime surface、Wazuh、agent-bounty-protocol 與 AI Agent 納管狀態;它不查 live host、不讀 secret、不啟動掃描、不送告警、不開 runtime gate。",
|
||||
"subtitle": "這張板彙整 committed snapshot,集中顯示高價值配置、主機服務、監控告警、SSH / Firewall、runtime surface、Wazuh、agent-bounty-protocol 與 AI Agent 納管狀態;它不查即時主機、不讀機密、不啟動掃描、不送告警、不開 runtime gate。",
|
||||
"statusLabel": "總表狀態",
|
||||
"statusDetail": "納管總表只代表控制面可讀與缺口已集中,不代表所有主機、產品、服務或 AI Agent 已完成 runtime 控管。",
|
||||
"emptyDomains": "尚未讀回控制域,維持阻擋狀態。",
|
||||
@@ -20851,7 +20851,7 @@
|
||||
"checksLoading": "正在讀取 reviewer checks。",
|
||||
"checksFallback": "Reviewer checks 尚未由正式 API 讀回,維持 fallback 停止線。",
|
||||
"boundaryTitle": "Reviewer validation 停止線",
|
||||
"boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證;accepted 不代表 manager registry accepted、active response、agent restart、host write、secret rotation 或 runtime gate 已授權。",
|
||||
"boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證;accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。",
|
||||
"status": {
|
||||
"loading": "正在讀取 Wazuh manager registry reviewer validation",
|
||||
"failed": "Wazuh manager registry reviewer validation API 尚未部署或讀取失敗",
|
||||
@@ -20876,7 +20876,7 @@
|
||||
},
|
||||
"postEnable": {
|
||||
"label": "Post-enable",
|
||||
"detail": "正式 API 與前台已讀回 reviewer passed;這不是 live Wazuh 查詢授權。"
|
||||
"detail": "正式 API 與前台已讀回 reviewer passed;這不是管理端即時查詢授權。"
|
||||
},
|
||||
"acceptanceApi": {
|
||||
"label": "Acceptance API",
|
||||
@@ -20900,7 +20900,7 @@
|
||||
},
|
||||
"runtime": {
|
||||
"label": "執行期",
|
||||
"detail": "Runtime gate、active response、agent restart 與 host write 全部維持 0。"
|
||||
"detail": "Runtime gate、主動回應流程、agent restart 與主機變更全部維持 0。"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -21002,7 +21002,7 @@
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
"detail": "runtime gate、host write、active response、scan、auto block 與 action button 都是 0。"
|
||||
"detail": "runtime gate、主機變更、主動回應流程、scan、auto block 與 action button 都是 0。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
@@ -21036,7 +21036,7 @@
|
||||
},
|
||||
"runtimeBoundary": {
|
||||
"title": "執行邊界維持 0 / false",
|
||||
"body": "Wazuh active response、Kali active scan、Kali /execute、Nginx reload、firewall change、SOAR 與 auto block 都未授權。"
|
||||
"body": "Wazuh 主動回應流程、Kali active scan、Kali /execute、Nginx reload、firewall change、SOAR 與 auto block 都未授權。"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -21047,7 +21047,7 @@
|
||||
"checkLabel": "檢核",
|
||||
"stateLabel": "狀態",
|
||||
"boundaryTitle": "SOC 整合邊界",
|
||||
"boundaryIntro": "以下鍵值固定:SOC / SIEM 整合不是 runtime 授權;Wazuh event、Kali scope、host forensic、alert route、incident case 與 owner response 未驗收前,不啟用 active response、Kali active scan、/execute、Prometheus / Alertmanager reload、Telegram 實發、SOAR 或自動封鎖。",
|
||||
"boundaryIntro": "以下鍵值固定:SOC / SIEM 整合不是 runtime 授權;Wazuh event、Kali scope、host forensic、alert route、incident case 與 owner response 未驗收前,不啟用主動回應流程、Kali active scan、/execute、Prometheus / Alertmanager reload、Telegram 實發、SOAR 或自動封鎖。",
|
||||
"summary": {
|
||||
"frameworks": {
|
||||
"label": "框架",
|
||||
@@ -21075,7 +21075,7 @@
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
"detail": "runtime gate、action button、active response 與掃描都仍為 0。"
|
||||
"detail": "runtime gate、action button、主動回應流程與掃描都仍為 0。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
@@ -21109,7 +21109,7 @@
|
||||
},
|
||||
"runtimeBoundary": {
|
||||
"title": "runtime 邊界維持 0 / false",
|
||||
"body": "Wazuh active response、Kali scan、Prometheus reload、Telegram 發送、auto block 與 action button 全部維持關閉。"
|
||||
"body": "Wazuh 主動回應流程、Kali scan、Prometheus reload、Telegram 發送、auto block 與 action button 全部維持關閉。"
|
||||
},
|
||||
"operatingModel": {
|
||||
"title": "營運角色已拆分",
|
||||
@@ -21148,7 +21148,7 @@
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
"detail": "active response、scan、reload、firewall、host write 與 action button 都是 0。"
|
||||
"detail": "主動回應流程、scan、reload、firewall、主機變更與 action button 都是 0。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
@@ -21182,7 +21182,7 @@
|
||||
},
|
||||
"runtimeBoundary": {
|
||||
"title": "跨專案與 runtime 動作不得自動執行",
|
||||
"body": "需要跨專案同步、維護窗口或 break-glass、rollback owner;Wazuh active response、Kali scan、reload、firewall、host write、Telegram 實發與 SOAR 都需獨立批准。"
|
||||
"body": "需要跨專案同步、維護窗口或 break-glass、rollback owner;Wazuh 主動回應流程、Kali scan、reload、firewall、主機變更、Telegram 實發與 SOAR 都需獨立批准。"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -21193,7 +21193,7 @@
|
||||
"checkLabel": "檢核",
|
||||
"stateLabel": "狀態",
|
||||
"boundaryTitle": "資安資產總帳邊界",
|
||||
"boundaryIntro": "以下鍵值固定:資安資產總帳完成只代表 repo-side 控制面已收斂;owner response、live evidence、runtime gate、host write、Kali active scan、Wazuh active response、SOAR、auto block 與 正式環境寫入 仍全部維持 0 / false。",
|
||||
"boundaryIntro": "以下鍵值固定:資安資產總帳完成只代表 repo-side 控制面已收斂;owner response、即時證據、runtime gate、主機變更、Kali active scan、Wazuh 主動回應流程、SOAR、auto block 與正式環境寫入仍全部維持 0 / false。",
|
||||
"summary": {
|
||||
"assetGroups": {
|
||||
"label": "資產群組",
|
||||
@@ -21209,7 +21209,7 @@
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
"detail": "runtime gate、action button、host write、active scan 全部為 0。"
|
||||
"detail": "runtime gate、action button、主機變更、active scan 全部為 0。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
@@ -21219,7 +21219,7 @@
|
||||
},
|
||||
"hostNetwork": {
|
||||
"title": "主機與網路待 owner",
|
||||
"body": "Docker、systemd、SSH、firewall、WireGuard、NodePort 與 NetworkPolicy 只收脫敏狀態,不做 host write。"
|
||||
"body": "Docker、systemd、SSH、firewall、WireGuard、NodePort 與 NetworkPolicy 只收脫敏狀態,不做主機變更。"
|
||||
},
|
||||
"k8sWorkflow": {
|
||||
"title": "GitOps 與 workflow 待回讀",
|
||||
@@ -21227,7 +21227,7 @@
|
||||
},
|
||||
"wazuhKali": {
|
||||
"title": "Wazuh / Kali 維持證據收件",
|
||||
"body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補;active response、active scan 與 /execute 仍未授權。"
|
||||
"body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補;主動回應流程、active scan 與 /execute 仍未授權。"
|
||||
},
|
||||
"alertBackup": {
|
||||
"title": "告警與復原避免假綠燈",
|
||||
@@ -21254,7 +21254,7 @@
|
||||
"checkLabel": "優先",
|
||||
"stateLabel": "狀態",
|
||||
"boundaryTitle": "外部入侵防堵邊界",
|
||||
"boundaryIntro": "以下鍵值固定:防堵矩陣不是主機操作授權;沒有 owner、維護窗口、rollback、validation 與 postcheck 前,不執行 SSH、firewall、Nginx reload、Wazuh active response、套件更新、secret 輪替或 正式環境寫入。",
|
||||
"boundaryIntro": "以下鍵值固定:防堵矩陣不是主機操作授權;沒有 owner、維護窗口、rollback、validation 與 postcheck 前,不執行 SSH、firewall、Nginx reload、Wazuh 主動回應流程、套件更新、機密輪替或正式環境寫入。",
|
||||
"summary": {
|
||||
"domains": {
|
||||
"label": "控制域",
|
||||
@@ -21270,7 +21270,7 @@
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
"detail": "host write、firewall、reload、active response 與 action button 都是 0。"
|
||||
"detail": "主機變更、firewall、reload、主動回應流程與 action button 都是 0。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
@@ -21292,7 +21292,7 @@
|
||||
},
|
||||
"wazuhResponse": {
|
||||
"title": "Wazuh response 先 乾跑",
|
||||
"body": "active response 只能先做 乾跑、blast radius 與 rollback 評估,不能直接啟用。"
|
||||
"body": "主動回應流程只能先做乾跑、blast radius 與 rollback 評估,不能直接啟用。"
|
||||
},
|
||||
"backupRestore": {
|
||||
"title": "復原退路要先驗",
|
||||
@@ -21415,10 +21415,10 @@
|
||||
"ownerEvidenceIntakePreflight": {
|
||||
"eyebrow": "負責人證據收件預檢",
|
||||
"title": "Nginx、DNS、K8s、機密、執行器與 Wazuh 證據先進同一條收件線",
|
||||
"subtitle": "此卡只讀 committed snapshot,把六條 P0 owner-provided redacted evidence lane 統一成可檢查欄位、拒收規則與 0 / false 邊界;不送 request、不收回覆、不寫 reviewer queue、不查 live host、不開 runtime action。",
|
||||
"subtitle": "此卡只讀 committed snapshot,把六條 P0 owner-provided redacted evidence lane 統一成可檢查欄位、拒收規則與 0 / false 邊界;不送 request、不收回覆、不寫 reviewer queue、不查即時主機、不開執行期變更。",
|
||||
"stateLabel": "收件來源",
|
||||
"boundaryTitle": "負責人證據收件邊界",
|
||||
"boundaryIntro": "以下鍵值固定:預檢可見不代表 request 已送出、回覆已收到、reviewer 已接受、Nginx 可 reload、ArgoCD 可 sync、workflow 可改、Wazuh 可 active response 或 Kali 可掃描。",
|
||||
"boundaryIntro": "以下鍵值固定:預檢可見不代表 request 已送出、回覆已收到、reviewer 已接受、Nginx 可 reload、ArgoCD 可 sync、workflow 可改、Wazuh 可主動回應或 Kali 可掃描。",
|
||||
"apiStatus": {
|
||||
"loading": "正在讀取只讀 API",
|
||||
"ready": "只讀 API 已接上",
|
||||
@@ -21493,7 +21493,7 @@
|
||||
},
|
||||
"sshNetwork": {
|
||||
"title": "SSH / network / firewall",
|
||||
"body": "repo-only 清冊已納入 16 個 SSH / network access surface,並新增外部入侵防堵矩陣;目前成熟度 70%,SSH、sudo、known_hosts、firewall、WireGuard、NodePort 與 NetworkPolicy 都需要 before / after state、維護窗口與 rollback owner。防火牆變更、port close / open、SSH 寫入、host write、readback accepted 與 runtime gate 仍全部為 0。"
|
||||
"body": "repo-only 清冊已納入 16 個 SSH / network access surface,並新增外部入侵防堵矩陣;目前成熟度 70%,SSH、sudo、known_hosts、firewall、WireGuard、NodePort 與 NetworkPolicy 都需要 before / after state、維護窗口與 rollback owner。防火牆變更、port close / open、SSH 寫入、主機變更、readback accepted 與 runtime gate 仍全部為 0。"
|
||||
},
|
||||
"k8sGitops": {
|
||||
"title": "K8s / ArgoCD GitOps",
|
||||
@@ -21505,7 +21505,7 @@
|
||||
},
|
||||
"monitoring": {
|
||||
"title": "監控與告警設定",
|
||||
"body": "已新增 60 個 monitoring / alerting / observability surface、事故後回讀計畫、Wazuh / 主機入侵 readback plan 與外部入侵防堵矩陣;目前只讀成熟度 74%。Wazuh event、主機鑑識、containment、recovery proof、active response、host write、runtime gate 與 action button 仍全部為 0。"
|
||||
"body": "已新增 60 個 monitoring / alerting / observability surface、事故後回讀計畫、Wazuh / 主機入侵 readback plan 與外部入侵防堵矩陣;目前只讀成熟度 74%。Wazuh event、主機鑑識、containment、recovery proof、主動回應流程、主機變更、runtime gate 與 action button 仍全部為 0。"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
@@ -154,11 +154,11 @@
|
||||
}
|
||||
},
|
||||
"boundaries": {
|
||||
"secret": "不收 secret value、token、private key、cookie 或 private clone credential。",
|
||||
"secret": "不收機密明文、token、private key、cookie 或 private clone credential。",
|
||||
"production": "不直接改 production runtime、public gateway、Nginx、Docker、K8s 或 firewall。",
|
||||
"repo": "不直接建立 GitHub repo、改 visibility、sync refs、force push 或 trigger workflow。",
|
||||
"data": "不直接做資料庫、backup、restore 或 migration 寫操作。",
|
||||
"security": "不啟動 Wazuh / Kali active response、active scan 或 host containment。"
|
||||
"security": "不啟動 Wazuh / Kali 主動回應流程、active scan 或 host containment。"
|
||||
},
|
||||
"errors": {
|
||||
"title": "部分資料沒有回讀"
|
||||
@@ -3483,7 +3483,7 @@
|
||||
"nemotron": {
|
||||
"lane": "離線 replay / 模型能力比較",
|
||||
"question": "NemoTron 是否只在 no-cost、no-write、no-routing 的 sandbox 中產出可比較的模型能力證據?",
|
||||
"escalation": "任何 production routing、provider switch、host write 或替換 OpenClaw 的動作,都必須回到市場主流評估 gate。"
|
||||
"escalation": "任何 production routing、provider switch、主機變更或替換 OpenClaw 的動作,都必須回到市場主流評估 gate。"
|
||||
},
|
||||
"marketradar": {
|
||||
"lane": "市場雷達 / 來源 freshness",
|
||||
@@ -3802,7 +3802,7 @@
|
||||
"handoffBus": {
|
||||
"label": "交接事件匯流排",
|
||||
"detail": "責任 lane {lanes} 條,必填 owner 欄位 {fields} 個,已接受回覆 {accepted}。",
|
||||
"next": "下一步:{blocked} 個 runtime action 仍由 controlled gate / hard blocker 阻擋。"
|
||||
"next": "下一步:{blocked} 個執行期變更仍由 controlled gate / hard blocker 阻擋。"
|
||||
},
|
||||
"ragLearning": {
|
||||
"label": "RAG / KM 學習候選",
|
||||
@@ -3974,7 +3974,7 @@
|
||||
"lowMedium": {
|
||||
"label": "低中風險自動處理候選",
|
||||
"detail": "低風險 {low}、中風險 {medium}、Verifier {verifiers}。",
|
||||
"next": "OpenClaw 先乾跑與審計理由;blocked runtime action {blocked} 不執行。"
|
||||
"next": "OpenClaw 先乾跑與審計理由;blocked 執行期變更 {blocked} 不執行。"
|
||||
},
|
||||
"highRisk": {
|
||||
"label": "高風險審核與批准包",
|
||||
@@ -6197,7 +6197,7 @@
|
||||
"destructive": "destructive: {value}",
|
||||
"liveExecution": "live execution: {value}",
|
||||
"opensLive": "opens live: {value}",
|
||||
"runtimeAction": "runtime action: {value}"
|
||||
"runtimeAction": "執行期變更:{value}"
|
||||
},
|
||||
"labels": {
|
||||
"nextGate": "next gate: {value}",
|
||||
@@ -6260,7 +6260,7 @@
|
||||
"destructive": "destructive: {value}",
|
||||
"liveReadback": "live readback: {value}",
|
||||
"resultWrite": "result write: {value}",
|
||||
"runtimeAction": "runtime action: {value}"
|
||||
"runtimeAction": "執行期變更:{value}"
|
||||
},
|
||||
"labels": {
|
||||
"sideEffect": "副作用 {count}",
|
||||
@@ -6328,7 +6328,7 @@
|
||||
"targetSystem": "target: {value}",
|
||||
"writeEnabled": "write enabled: {value}",
|
||||
"runtimeWriter": "執行期寫入r: {value}",
|
||||
"runtimeAction": "runtime action: {value}"
|
||||
"runtimeAction": "執行期變更:{value}"
|
||||
},
|
||||
"resultStates": {
|
||||
"diagnostic_only": "只完成診斷",
|
||||
@@ -20527,7 +20527,7 @@
|
||||
"securityControlCoverage": {
|
||||
"eyebrow": "IwoooS 資安納管覆蓋總表",
|
||||
"title": "主機、產品、服務、工具與 AI Agent 先收斂成同一張總帳",
|
||||
"subtitle": "這張板彙整 committed snapshot,集中顯示高價值配置、主機服務、監控告警、SSH / Firewall、runtime surface、Wazuh、agent-bounty-protocol 與 AI Agent 納管狀態;它不查 live host、不讀 secret、不啟動掃描、不送告警、不開 runtime gate。",
|
||||
"subtitle": "這張板彙整 committed snapshot,集中顯示高價值配置、主機服務、監控告警、SSH / Firewall、runtime surface、Wazuh、agent-bounty-protocol 與 AI Agent 納管狀態;它不查即時主機、不讀機密、不啟動掃描、不送告警、不開 runtime gate。",
|
||||
"statusLabel": "總表狀態",
|
||||
"statusDetail": "納管總表只代表控制面可讀與缺口已集中,不代表所有主機、產品、服務或 AI Agent 已完成 runtime 控管。",
|
||||
"emptyDomains": "尚未讀回控制域,維持阻擋狀態。",
|
||||
@@ -20851,7 +20851,7 @@
|
||||
"checksLoading": "正在讀取 reviewer checks。",
|
||||
"checksFallback": "Reviewer checks 尚未由正式 API 讀回,維持 fallback 停止線。",
|
||||
"boundaryTitle": "Reviewer validation 停止線",
|
||||
"boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證;accepted 不代表 manager registry accepted、active response、agent restart、host write、secret rotation 或 runtime gate 已授權。",
|
||||
"boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證;accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。",
|
||||
"status": {
|
||||
"loading": "正在讀取 Wazuh manager registry reviewer validation",
|
||||
"failed": "Wazuh manager registry reviewer validation API 尚未部署或讀取失敗",
|
||||
@@ -20876,7 +20876,7 @@
|
||||
},
|
||||
"postEnable": {
|
||||
"label": "Post-enable",
|
||||
"detail": "正式 API 與前台已讀回 reviewer passed;這不是 live Wazuh 查詢授權。"
|
||||
"detail": "正式 API 與前台已讀回 reviewer passed;這不是管理端即時查詢授權。"
|
||||
},
|
||||
"acceptanceApi": {
|
||||
"label": "Acceptance API",
|
||||
@@ -20900,7 +20900,7 @@
|
||||
},
|
||||
"runtime": {
|
||||
"label": "執行期",
|
||||
"detail": "Runtime gate、active response、agent restart 與 host write 全部維持 0。"
|
||||
"detail": "Runtime gate、主動回應流程、agent restart 與主機變更全部維持 0。"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -21002,7 +21002,7 @@
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
"detail": "runtime gate、host write、active response、scan、auto block 與 action button 都是 0。"
|
||||
"detail": "runtime gate、主機變更、主動回應流程、scan、auto block 與 action button 都是 0。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
@@ -21036,7 +21036,7 @@
|
||||
},
|
||||
"runtimeBoundary": {
|
||||
"title": "執行邊界維持 0 / false",
|
||||
"body": "Wazuh active response、Kali active scan、Kali /execute、Nginx reload、firewall change、SOAR 與 auto block 都未授權。"
|
||||
"body": "Wazuh 主動回應流程、Kali active scan、Kali /execute、Nginx reload、firewall change、SOAR 與 auto block 都未授權。"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -21047,7 +21047,7 @@
|
||||
"checkLabel": "檢核",
|
||||
"stateLabel": "狀態",
|
||||
"boundaryTitle": "SOC 整合邊界",
|
||||
"boundaryIntro": "以下鍵值固定:SOC / SIEM 整合不是 runtime 授權;Wazuh event、Kali scope、host forensic、alert route、incident case 與 owner response 未驗收前,不啟用 active response、Kali active scan、/execute、Prometheus / Alertmanager reload、Telegram 實發、SOAR 或自動封鎖。",
|
||||
"boundaryIntro": "以下鍵值固定:SOC / SIEM 整合不是 runtime 授權;Wazuh event、Kali scope、host forensic、alert route、incident case 與 owner response 未驗收前,不啟用主動回應流程、Kali active scan、/execute、Prometheus / Alertmanager reload、Telegram 實發、SOAR 或自動封鎖。",
|
||||
"summary": {
|
||||
"frameworks": {
|
||||
"label": "框架",
|
||||
@@ -21075,7 +21075,7 @@
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
"detail": "runtime gate、action button、active response 與掃描都仍為 0。"
|
||||
"detail": "runtime gate、action button、主動回應流程與掃描都仍為 0。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
@@ -21109,7 +21109,7 @@
|
||||
},
|
||||
"runtimeBoundary": {
|
||||
"title": "runtime 邊界維持 0 / false",
|
||||
"body": "Wazuh active response、Kali scan、Prometheus reload、Telegram 發送、auto block 與 action button 全部維持關閉。"
|
||||
"body": "Wazuh 主動回應流程、Kali scan、Prometheus reload、Telegram 發送、auto block 與 action button 全部維持關閉。"
|
||||
},
|
||||
"operatingModel": {
|
||||
"title": "營運角色已拆分",
|
||||
@@ -21148,7 +21148,7 @@
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
"detail": "active response、scan、reload、firewall、host write 與 action button 都是 0。"
|
||||
"detail": "主動回應流程、scan、reload、firewall、主機變更與 action button 都是 0。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
@@ -21182,7 +21182,7 @@
|
||||
},
|
||||
"runtimeBoundary": {
|
||||
"title": "跨專案與 runtime 動作不得自動執行",
|
||||
"body": "需要跨專案同步、維護窗口或 break-glass、rollback owner;Wazuh active response、Kali scan、reload、firewall、host write、Telegram 實發與 SOAR 都需獨立批准。"
|
||||
"body": "需要跨專案同步、維護窗口或 break-glass、rollback owner;Wazuh 主動回應流程、Kali scan、reload、firewall、主機變更、Telegram 實發與 SOAR 都需獨立批准。"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -21193,7 +21193,7 @@
|
||||
"checkLabel": "檢核",
|
||||
"stateLabel": "狀態",
|
||||
"boundaryTitle": "資安資產總帳邊界",
|
||||
"boundaryIntro": "以下鍵值固定:資安資產總帳完成只代表 repo-side 控制面已收斂;owner response、live evidence、runtime gate、host write、Kali active scan、Wazuh active response、SOAR、auto block 與 正式環境寫入 仍全部維持 0 / false。",
|
||||
"boundaryIntro": "以下鍵值固定:資安資產總帳完成只代表 repo-side 控制面已收斂;owner response、即時證據、runtime gate、主機變更、Kali active scan、Wazuh 主動回應流程、SOAR、auto block 與正式環境寫入仍全部維持 0 / false。",
|
||||
"summary": {
|
||||
"assetGroups": {
|
||||
"label": "資產群組",
|
||||
@@ -21209,7 +21209,7 @@
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
"detail": "runtime gate、action button、host write、active scan 全部為 0。"
|
||||
"detail": "runtime gate、action button、主機變更、active scan 全部為 0。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
@@ -21219,7 +21219,7 @@
|
||||
},
|
||||
"hostNetwork": {
|
||||
"title": "主機與網路待 owner",
|
||||
"body": "Docker、systemd、SSH、firewall、WireGuard、NodePort 與 NetworkPolicy 只收脫敏狀態,不做 host write。"
|
||||
"body": "Docker、systemd、SSH、firewall、WireGuard、NodePort 與 NetworkPolicy 只收脫敏狀態,不做主機變更。"
|
||||
},
|
||||
"k8sWorkflow": {
|
||||
"title": "GitOps 與 workflow 待回讀",
|
||||
@@ -21227,7 +21227,7 @@
|
||||
},
|
||||
"wazuhKali": {
|
||||
"title": "Wazuh / Kali 維持證據收件",
|
||||
"body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補;active response、active scan 與 /execute 仍未授權。"
|
||||
"body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補;主動回應流程、active scan 與 /execute 仍未授權。"
|
||||
},
|
||||
"alertBackup": {
|
||||
"title": "告警與復原避免假綠燈",
|
||||
@@ -21254,7 +21254,7 @@
|
||||
"checkLabel": "優先",
|
||||
"stateLabel": "狀態",
|
||||
"boundaryTitle": "外部入侵防堵邊界",
|
||||
"boundaryIntro": "以下鍵值固定:防堵矩陣不是主機操作授權;沒有 owner、維護窗口、rollback、validation 與 postcheck 前,不執行 SSH、firewall、Nginx reload、Wazuh active response、套件更新、secret 輪替或 正式環境寫入。",
|
||||
"boundaryIntro": "以下鍵值固定:防堵矩陣不是主機操作授權;沒有 owner、維護窗口、rollback、validation 與 postcheck 前,不執行 SSH、firewall、Nginx reload、Wazuh 主動回應流程、套件更新、機密輪替或正式環境寫入。",
|
||||
"summary": {
|
||||
"domains": {
|
||||
"label": "控制域",
|
||||
@@ -21270,7 +21270,7 @@
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
"detail": "host write、firewall、reload、active response 與 action button 都是 0。"
|
||||
"detail": "主機變更、firewall、reload、主動回應流程與 action button 都是 0。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
@@ -21292,7 +21292,7 @@
|
||||
},
|
||||
"wazuhResponse": {
|
||||
"title": "Wazuh response 先 乾跑",
|
||||
"body": "active response 只能先做 乾跑、blast radius 與 rollback 評估,不能直接啟用。"
|
||||
"body": "主動回應流程只能先做乾跑、blast radius 與 rollback 評估,不能直接啟用。"
|
||||
},
|
||||
"backupRestore": {
|
||||
"title": "復原退路要先驗",
|
||||
@@ -21415,10 +21415,10 @@
|
||||
"ownerEvidenceIntakePreflight": {
|
||||
"eyebrow": "負責人證據收件預檢",
|
||||
"title": "Nginx、DNS、K8s、機密、執行器與 Wazuh 證據先進同一條收件線",
|
||||
"subtitle": "此卡只讀 committed snapshot,把六條 P0 owner-provided redacted evidence lane 統一成可檢查欄位、拒收規則與 0 / false 邊界;不送 request、不收回覆、不寫 reviewer queue、不查 live host、不開 runtime action。",
|
||||
"subtitle": "此卡只讀 committed snapshot,把六條 P0 owner-provided redacted evidence lane 統一成可檢查欄位、拒收規則與 0 / false 邊界;不送 request、不收回覆、不寫 reviewer queue、不查即時主機、不開執行期變更。",
|
||||
"stateLabel": "收件來源",
|
||||
"boundaryTitle": "負責人證據收件邊界",
|
||||
"boundaryIntro": "以下鍵值固定:預檢可見不代表 request 已送出、回覆已收到、reviewer 已接受、Nginx 可 reload、ArgoCD 可 sync、workflow 可改、Wazuh 可 active response 或 Kali 可掃描。",
|
||||
"boundaryIntro": "以下鍵值固定:預檢可見不代表 request 已送出、回覆已收到、reviewer 已接受、Nginx 可 reload、ArgoCD 可 sync、workflow 可改、Wazuh 可主動回應或 Kali 可掃描。",
|
||||
"apiStatus": {
|
||||
"loading": "正在讀取只讀 API",
|
||||
"ready": "只讀 API 已接上",
|
||||
@@ -21493,7 +21493,7 @@
|
||||
},
|
||||
"sshNetwork": {
|
||||
"title": "SSH / network / firewall",
|
||||
"body": "repo-only 清冊已納入 16 個 SSH / network access surface,並新增外部入侵防堵矩陣;目前成熟度 70%,SSH、sudo、known_hosts、firewall、WireGuard、NodePort 與 NetworkPolicy 都需要 before / after state、維護窗口與 rollback owner。防火牆變更、port close / open、SSH 寫入、host write、readback accepted 與 runtime gate 仍全部為 0。"
|
||||
"body": "repo-only 清冊已納入 16 個 SSH / network access surface,並新增外部入侵防堵矩陣;目前成熟度 70%,SSH、sudo、known_hosts、firewall、WireGuard、NodePort 與 NetworkPolicy 都需要 before / after state、維護窗口與 rollback owner。防火牆變更、port close / open、SSH 寫入、主機變更、readback accepted 與 runtime gate 仍全部為 0。"
|
||||
},
|
||||
"k8sGitops": {
|
||||
"title": "K8s / ArgoCD GitOps",
|
||||
@@ -21505,7 +21505,7 @@
|
||||
},
|
||||
"monitoring": {
|
||||
"title": "監控與告警設定",
|
||||
"body": "已新增 60 個 monitoring / alerting / observability surface、事故後回讀計畫、Wazuh / 主機入侵 readback plan 與外部入侵防堵矩陣;目前只讀成熟度 74%。Wazuh event、主機鑑識、containment、recovery proof、active response、host write、runtime gate 與 action button 仍全部為 0。"
|
||||
"body": "已新增 60 個 monitoring / alerting / observability surface、事故後回讀計畫、Wazuh / 主機入侵 readback plan 與外部入侵防堵矩陣;目前只讀成熟度 74%。Wazuh event、主機鑑識、containment、recovery proof、主動回應流程、主機變更、runtime gate 與 action button 仍全部為 0。"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user