diff --git a/README.md b/README.md index c811f00e..a5ab61f2 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,64 @@ Whether you’re running a small deployment or managing large fleets, **osctrl** You can find the documentation of the project in [https://osctrl.net](https://osctrl.net) +## πŸ—‚ Project Structure + +```text +osctrl/ +β”œβ”€β”€ cmd/ # Service and CLI entrypoints +β”‚ β”œβ”€β”€ admin/ # osctrl-admin (web UI + admin handlers/templates/static) +β”‚ β”œβ”€β”€ api/ # osctrl-api (REST API service) +β”‚ β”œβ”€β”€ cli/ # osctrl-cli (operator CLI) +β”‚ └── tls/ # osctrl-tls (osquery remote API endpoint) +β”œβ”€β”€ pkg/ # Shared application packages +β”‚ β”œβ”€β”€ auditlog/ # Audit log manager +β”‚ β”œβ”€β”€ backend/ # DB manager/bootstrap +β”‚ β”œβ”€β”€ cache/ # Redis/cache managers +β”‚ β”œβ”€β”€ carves/ # File carve logic/storage integrations +β”‚ β”œβ”€β”€ config/ # Config structs/flags/validation +β”‚ β”œβ”€β”€ environments/ # Environment management +β”‚ β”œβ”€β”€ handlers/ # Shared HTTP handlers +β”‚ β”œβ”€β”€ logging/ # Log pipeline + logger backends +β”‚ β”œβ”€β”€ nodes/ # Node state/registration/cache +β”‚ β”œβ”€β”€ queries/ # Query management/scheduling/results +β”‚ β”œβ”€β”€ settings/ # Runtime settings +β”‚ β”œβ”€β”€ tags/ # Tag management +β”‚ β”œβ”€β”€ users/ # User and permissions management +β”‚ β”œβ”€β”€ utils/ # Utility helpers +β”‚ β”œβ”€β”€ types/ # Shared type definitions +β”‚ └── version/ # Version metadata +β”œβ”€β”€ deploy/ # Deployment configs/scripts (docker/nginx/osquery/systemd, CI/CD, redis, config, helpers, etc.) +β”œβ”€β”€ tools/ # Dev/release helpers and API test assets (Bruno collections, scripts) +β”œβ”€β”€ bin/ # Built binaries (from make) +β”œβ”€β”€ docker-compose-dev.yml # Local multi-service development stack +β”œβ”€β”€ Makefile # Build/test/dev targets +└── osctrl-api.yaml # OpenAPI specification for osctrl-api +``` + +## πŸ› Architecture + +```mermaid +flowchart LR + A["osquery Agents"] -->|TLS Remote API| T["osctrl-tls"] + O["Operators"] -->|Web UI| W["osctrl-admin"] + O -->|CLI| C["osctrl-cli"] + O -->|REST| P["osctrl-api"] + + W -->|HTTP API| P + C -->|HTTP API| P + + T --> S["Shared Packages (pkg/*)"] + W --> S + P --> S + C --> S + C -.->|Direct DB mode| D + + S --> D["PostgreSQL Backend"] + S --> R["Redis Cache"] + S --> L["Log Destinations (DB, file, S3, Elastic, Splunk, Graylog, Kafka, Kinesis, Logstash)"] + S --> F["Carve Storage (DB, local, S3)"] +``` + ## πŸ›  Development The fastest way to get started with **osctrl** development is by using [Docker](https://www.docker.com/) and [Docker Compose](https://docs.docker.com/compose/). But you can find other methods below.