Skip to content

tidemark-security/intercept

Repository files navigation

Intercept

Modern cybersecurity case management for security teams. Track incidents, manage alerts, and collaborate on investigations—all in one place.

Stack: FastAPI • React • TypeScript • PostgreSQL

Quick Start

Try It (no clone needed)

curl -O https://raw.githubusercontent.com/tidemark-security/intercept/main/docs/quickstart/docker-compose.yml
docker compose up -d

Open http://localhost and log in with admin / admin.

Development Setup

Prerequisites

Setup

# Clone and set up environment
git clone https://github.com/tidemark-security/intercept.git
cd intercept
conda env create -f environment.yml
conda activate intercept

# Install frontend dependencies
cd frontend && npm install && cd ..

# Configure environment
cp backend/.env.example backend/.env
# Edit backend/.env with your settings (SESSION_SECRET_KEY is required)

# Start database and run migrations
cd dev && docker compose up -d && cd ..
cd backend && alembic upgrade head && cd ..

Run

# Terminal 1: Backend
cd backend && uvicorn app.main:app --reload

# Terminal 2: Frontend  
cd frontend && npm run dev

Open http://localhost:5173 and you're in.

Project Structure

intercept/
├── backend/           # FastAPI API server
├── frontend/          # React TypeScript app
├── scripts/           # Dev utilities
├── langflow/          # Example AI agent configurations
└── docs/              # Additional documentation

Development

Git Hooks

Install the tracked Git hooks for this clone:

./scripts/install-git-hooks.sh

The pre-commit hook runs frontend lint when staged changes affect the frontend or lint hook setup. This is intended as a fast local check before CI.

The pre-push hook runs ./scripts/fast-ci-local.sh, which mirrors the Fast CI test jobs locally with targeted backend pytest selection by default, plus frontend typecheck and frontend tests. Docker image builds run when relevant build inputs changed. To force the complete backend suite and all image builds, run FAST_CI_LOCAL_FULL=1 git push or ./scripts/fast-ci-local.sh --full. To skip image builds during a manual run, use ./scripts/fast-ci-local.sh --skip-images.

After Changing Backend Models

Regenerate TypeScript types to keep frontend in sync:

./scripts/generate-types.sh

Releasing a New Version

Uses bump-my-version to update VERSION, frontend/package.json, create a commit, and tag.

# Bump patch (0.0.3 → 0.0.4)
bump-my-version bump patch

# Bump minor (0.0.3 → 0.1.0)
bump-my-version bump minor

# Bump major (0.0.3 → 1.0.0)
bump-my-version bump major

# Push the commit and tag to trigger the release workflow
git push origin main --tags

The v*.*.* tag triggers the Release workflow, which builds and pushes Docker images to GHCR and creates a GitHub Release.

Key Documentation

Operator note: background retries now happen inside the worker with backoff. Alert triage is only marked FAILED after retries are exhausted, and timeline enrichment clears stuck pending state on terminal failure.

Features

  • Case Management — Create, assign, and track security incidents
  • Alert Triage — Ingest and prioritize alerts from multiple sources
  • Timeline Views — Visualize incident progression
  • AI Chat Assistant — LangFlow-powered investigation helper
  • MITRE ATT&CK Mapping — Tag cases with tactics and techniques
  • Role-Based Access — Admin, Analyst, and Viewer roles
  • Audit Logging — Full activity trail for compliance

License

MIT