Wildbox is your all-in-one, self-hosted open-source security platform. It unifies threat monitoring, analysis, and automated response in one place, giving you full control over your data and infrastructure.
With Wildbox, you can:
- π Centralize threat intelligence from over 50 sources.
- π‘οΈ Monitor your cloud infrastructure security (CSPM).
- π€ Automate incident response with customizable playbooks.
- π₯οΈ Manage vulnerabilities through a single dashboard.
- π‘ Monitor your endpoints for suspicious activity.
- π§ Leverage AI for threat analysis and report generation.
| Icon | Feature | Description |
|---|---|---|
| πͺ | Intelligent API Gateway | A single, secure entry point with rate-limiting and centralized authentication. |
| π | Identity Management | Manage users, teams, and access with RBAC (Role-Based Access Control) and JWT (JSON Web Tokens). |
| βοΈ | Cloud Security (CSPM) | CSPM (Cloud Security Posture Management): Scan AWS, Azure, and GCP for misconfigurations and compliance. |
| π‘οΈ | Vulnerability Management | Scan, prioritize, and manage the lifecycle of vulnerabilities (CVE tracking). |
| β‘ | Automated Response (SOAR) | SOAR (Security Orchestration, Automation, and Response): Execute YAML-based playbooks to automate incident response. |
| π§ | AI Analysis | Leverage LLMs (Large Language Models) to analyze threats and generate reports. |
Wildbox follows a modern microservices architecture. Each component is an independent service that communicates through a unified API gateway.
graph TD
subgraph "Client Layer"
UI[Dashboard UI]
CLI[CLI Tools]
API_CLIENT[API Clients]
end
subgraph "Gateway Layer"
GATEWAY[πͺ Security Gateway]
IDENTITY[π Identity Service]
end
subgraph "Core Services"
API[π§ Security API]
DATA[π Data Lake]
CSPM[βοΈ CSPM Service]
GUARDIAN[π‘οΈ Guardian]
RESPONDER[β‘ Responder]
AGENTS[π§ AI Agents]
SENSOR[π‘ Sensor]
end
subgraph "Data Layer"
POSTGRES[(PostgreSQL)]
REDIS[(Redis)]
ELASTICSEARCH[(Elasticsearch)]
end
subgraph "External Services"
STRIPE[Stripe]
OPENAI[OpenAI]
FEEDS[Threat Feeds]
CLOUD_APIS[Cloud APIs]
end
UI --> GATEWAY
CLI --> GATEWAY
API_CLIENT --> GATEWAY
GATEWAY --> IDENTITY
GATEWAY --> API
GATEWAY --> DATA
GATEWAY --> CSPM
GATEWAY --> GUARDIAN
GATEWAY --> RESPONDER
GATEWAY --> AGENTS
SENSOR --> GATEWAY
API --> POSTGRES
DATA --> POSTGRES
CSPM --> POSTGRES
GUARDIAN --> POSTGRES
RESPONDER --> POSTGRES
AGENTS --> POSTGRES
GATEWAY --> REDIS
API --> REDIS
CSPM --> REDIS
RESPONDER --> REDIS
DATA --> ELASTICSEARCH
IDENTITY --> STRIPE
AGENTS --> OPENAI
DATA --> FEEDS
CSPM --> CLOUD_APIS
- β‘ Quick Start
- π― Platform Overview
- π Components
- π οΈ Technology Stack
- π Community & Roadmap
- π€ Contributing
- π Documentation
- π License
Get Wildbox running with Docker Compose!
- Docker >= 20.10
- Docker Compose >= 2.0
- 8GB RAM minimum (16GB recommended)
- Linux, macOS, or Windows with WSL2
# 1. Clone the repository
git clone https://github.com/fabriziosalmi/wildbox.git
cd wildbox
# 2. Create environment file from template
cp .env.example .env
# 3. Generate secure secrets for production
# CRITICAL: Replace default secrets before deploying to production
openssl rand -hex 32 # Use output for JWT_SECRET_KEY
openssl rand -hex 32 # Use output for DATABASE_PASSWORD
# Update .env file with generated secrets
# 4. Start all services
docker-compose up -d
# 5. Wait for services to initialize (2-3 minutes)
# Watch logs to monitor startup progress
docker-compose logs -f gateway identity
# 6. Verify health status
curl http://localhost/health # Gateway health
curl http://localhost:8001/health # Identity service health
# 7. Access the platform
# Dashboard: http://localhost:3000
# API Documentation: http://localhost:8000/docs
# Gateway: http://localhost- Email:
[email protected] - Password:
CHANGE-THIS-PASSWORD
- Review Security Best Practices
- Configure Environment Variables
- Read Deployment Guide for production setup
- Explore API Documentation to integrate with your tools
If services fail to start:
- Check Docker logs:
docker-compose logs <service-name> - Verify port availability:
netstat -tuln | grep -E '(8000|8001|3000|5432|6379)' - Ensure sufficient disk space:
df -h - See TROUBLESHOOTING.md for common issues
Wildbox is a complete security operations platform built from the ground up with modularity, scalability, and extensibility at its core. Each component operates as an independent microservice while seamlessly integrating to provide a unified security experience.
The Authentication & Authorization Hub
- Purpose: Centralized identity management, JWT authentication, API key management, and subscription billing
- Technology: FastAPI, PostgreSQL, Stripe, JWT
The Intelligent API Gateway
- Purpose: Single entry point for all Wildbox services with advanced security and routing
- Technology: OpenResty (Nginx + Lua), Redis, Docker
The Security Toolbox
- Purpose: Unified API for 50+ security tools with dynamic discovery and execution
- Technology: FastAPI, Redis, Docker
The Intelligence Repository
- Purpose: Centralized threat intelligence aggregation and serving
- Technology: FastAPI, PostgreSQL, Elasticsearch, Redis
The Cloud Security Posture Manager
- Purpose: Multi-cloud security posture management and compliance scanning.
- Note: This service is under active development and is not enabled in the default
docker-compose.yml. - Technology: FastAPI, Celery, Redis, Python cloud SDKs
The Vulnerability Manager
- Purpose: Comprehensive vulnerability lifecycle management with risk-based prioritization
- Technology: Django, PostgreSQL, Celery, Redis
The Endpoint Agent
- Purpose: Lightweight endpoint monitoring and telemetry collection.
- Note: This service is under active development and is not enabled in the default
docker-compose.yml. - Technology: osquery, Python, HTTPS
The Automation Engine
- Purpose: SOAR platform for incident response automation using Python-based logic.
- Technology: FastAPI, Dramatiq, Redis, YAML
The Workflow Automation Hub
- Purpose: Visual, node-based workflow automation for connecting services and APIs.
- Technology: n8n, Node.js, Docker
The AI Brain
- Purpose: AI-powered security analysis and automation
- Technology: FastAPI, Celery, LangChain, OpenAI
The Command Center
- Purpose: Unified web interface for the entire security platform
- Technology: Next.js, TypeScript, Tailwind CSS, TanStack Query
- Next.js 14: React framework with App Router and Server Components
- TypeScript 5.0+: Type-safe JavaScript with modern features
- Tailwind CSS: Utility-first CSS framework for rapid styling
- Shadcn/ui: High-quality React components built on Radix UI
- TanStack Query: Powerful data synchronization for React
- Recharts: Composable charting library for React
- Lucide React: Beautiful and customizable icon library
- FastAPI: Modern, fast web framework for building APIs with Python
- Django 5.0: High-level Python web framework for rapid development
- OpenResty: High-performance web platform with Nginx and LuaJIT scripting
- PostgreSQL 15: Advanced open-source relational database
- Redis 7: In-memory data structure store for caching and queues
- SQLAlchemy: Python SQL toolkit and Object-Relational Mapping
- Alembic: Lightweight database migration tool for SQLAlchemy
- Celery: Distributed task queue for background processing
- OpenAI GPT-4o: Advanced language model for intelligent analysis
- LangChain: Framework for developing LLM-powered applications
- Pydantic: Data validation using Python type annotations
- Jinja2: Modern and designer-friendly templating language
- NLTK: Natural Language Toolkit for text processing
- Scikit-learn: Machine learning library for predictive analysis
- Docker: Containerization platform for consistent deployments
- Docker Compose: Multi-container Docker application orchestration
- Nginx: High-performance web server and reverse proxy
- Prometheus: Monitoring system and time series database
- Grafana: Analytics and interactive visualization platform
- GitHub Actions: CI/CD platform for automated testing and deployment
- JWT (JSON Web Tokens): Secure authentication token standard
- bcrypt: Password hashing function for secure storage
- python-jose: JavaScript Object Signing and Encryption for Python
- cryptography: Cryptographic recipes and primitives for Python
- osquery: SQL-based host monitoring and endpoint visibility
- TLS 1.3: Latest Transport Layer Security protocol
Current Status: Early Evaluation Phase
Wildbox is ready for community evaluation. We need your feedback to improve the platform.
Phase 1: Evaluation & Stabilization (Current)
- β Core security controls implemented
- β Comprehensive documentation created
- π Community feedback and issue resolution (IN PROGRESS)
Phase 2: Feature Expansion (Based on Community Demand)
- π Additional cloud provider integrations
- π Extended SOAR automation capabilities
- π Advanced threat intelligence integration
We welcome contributions from the security community! Please see our Contributing Guide for details on how to get started, our development process, and what we are looking for.
π Complete documentation available online: Visit Wildbox Documentation Site for the full documentation with organized guides, security reports, and deployment procedures.
For more details, see the following documents:
- SETUP_GUIDE.md - Comprehensive deployment guide
- SECURITY.md - Security policy and vulnerability reporting
- TROUBLESHOOTING.md - Common issues and solutions
Wildbox is licensed under the MIT License. See the LICENSE file for details.
- Issues: Report bugs on GitHub Issues.
- Discussions: Join the GitHub Discussions.
- Security: Email [email protected] for security vulnerabilities.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=64&v=4){kind=small}
