Skip to content

mj0x0/Advanced-EDL

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.vscode
.vscode
 
 
backend
backend
 
 
frontend
frontend
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Advanced EDL (WIP)

Advanced EDL is a high-performance, async-first platform for managing and distributing threat indicators to firewalls, proxies, and SIEMs. Designed from the ground up with privacy and security in mind, it combines modern FastAPI architecture, Vue.js frontend, and RBAC control to provide a robust and extensible solution for dynamic blocklists and whitelists.

Why Advanced EDL?

  • Async-first solution built on FastAPI and async SQLAlchemy (Postgres)
  • Vue.js SPA built on the highly intutive Argon Dashboard, with dynamic Bootstrap modals, real-time SSE, audit logs, and smooth UX
  • Multi-format indicator ingestion Upload JSON, CSV, XLSX with schema validation and bulk conflict handling
  • High-speed IP Geolocation Service via compressed Parquet, NumPy, Redis caching and FastStream
  • Role-based access control (RBAC) with support for custom permissions and roles
  • Two-factor (2FA) and secure session management with JWT + Redis
  • Extensive and well-documented REST API, designed for integration with firewalls, SIEMs and SOARs
  • Modular & extensible design easily plug in new indicator types, filters, outputs, or sources
  • Fully Open Source All libraries and code is open sourced

Ideal For

  • SOC Teams managing Palo Alto, FortiGate, or Check Point
  • Blue teams needing live audit trails of indicator changes
  • DevSecOps teams looking for a plug-and-play EDL platform
  • Anyone tired of managing blocklists in Github and Spreadsheets

What Works

  • API: Stable, versioned endpoints.
  • Authentication: JWT (access/refresh), cookie + header support.
  • 2FA (TOTP): Setup (QR), verify, enforced on login.
  • User Management: Create, edit, delete, roles/permissions (RBAC groundwork).
  • Indicator Management:
    • Add / Edit / Delete single indicator
    • Bulk add / Bulk delete
    • Upload from file (JSON/CSV/XLSX as configured)
    • Filtering system
  • IP2Location Enrichment: IPv4/IPv6, Parquet-backed, Redis caching.
  • Table Management: Create / Delete tables, assign whitelist.
  • Integrations (API-only): CRUD via API; polling/execution under development.

What Needs Work

  • SCSS / Styling: Visual polish and dark-mode consistency.
  • Integrations UI: Frontend wiring and status/health views.
  • Folder Structure: Still a bit messy and needs cleanup/reorganization.

What Needs Work (From the Ground Up)

  • Tasks / Scheduling: Background jobs (enrichment, cleanup, periodic ingestion) to be rebuilt with the current stack.

Contributing

Contributions are welcome 🎉
Open an issue first for major changes. Smaller improvements (docs, typing, tests, performance) are very welcome.

About

High-performance EDL platform with API, 2FA, RBAC, and indicator enrichment.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages