Skip to content
ERPStack

Intelligence And Governance

Security Operations

Incident console for ERPStack security events, Wazuh evidence, Grafana trace/log references, triage, notes, and SLA lanes.

Locally verified Evidence-first module page
Primary users
Platform admin Security operator Service operations Release owner
/app/security-operations
App-derived visual
SIEM Incident Console
Open app route
Events
Tenant scoped
Triage
Persistent
Severity
SLA tracked
Area Status Evidence
Investigation Incident table Wazuh drilldown
Operator Queue health MTTA/MTTR
Evidence Trace/log refs Grafana links

Core workflows

What the module helps operators complete.

Each workflow is written as an operational path, not a marketing claim, so buyers can understand the day-to-day module fit.

Step 1
Review suspicious and high-severity events
Step 2
Filter by tenant, module, severity, rule, and status
Step 3
Triage incidents with notes and ownership
Step 4
Drill into Wazuh, logs, traces, and evidence references

Feature checklist

Capabilities grouped the way operators look for them.

3 capability groups

Incident triage

  • Severity lanes
  • Status workflow
  • Assignment
  • Operator notes

Security evidence

  • Wazuh proof refs
  • Grafana trace links
  • Loki log refs
  • Raw event detail

Service operations

  • Source health
  • SLA breach alerts
  • MTTA/MTTR
  • Operator workload

Connected module map

How this module exchanges business context with the rest of ERPStack.

Module Relationship
All modules Receives suspicious, privileged, compliance, and boundary events
Wazuh Security alert ingestion, rule groups, and threat-hunting evidence
Grafana Trace and log drilldowns for operational investigation
Platform Settings Security-sensitive setting changes and provider controls

Governance and reporting

Controls and management visibility expected from a serious ERP module.

Governance
  • Durable incident workflow
  • Operator notes
  • Wazuh proof refs
  • SLA breach alerts
Reports
  • Incident workload
  • MTTA/MTTR
  • Source health
  • Operator queue

AI coverage policy

What ERPStack can honestly claim for this module today.

AI claims are tied to the official Agent Tool Registry, evaluation evidence, safe-mode controls, and scheduled-agent monitor readiness. Roadmap modules only show planned coverage until module-native tools are implemented.

AI L2/L4 gap
Coverage claim Current AI coverage: Security and Compliance Hardening L2/L4 below target level through the official Agent Tool Registry.
Governance evidence Governance evidence: 2 registered tools, 1 evaluation cases, tenant/RBAC/safe-mode registry controls, and AI log evidence.
Scheduled monitor Scheduled monitor readiness: 1/1 ready (Security Incident Triage Monitor).
L4/L5 boundary Raise Security and Compliance Hardening AI coverage from L2 to L4.

Evidence-first standard

Module pages explain value, workflow, control, and proof in one place.

This page structure supports the current public module catalog with app-derived visuals, connected-module evidence, governance proof, and report context that can be compared against real product routes.

Feature clarity

Buyers can see concrete function groups instead of vague capability claims.

Operational fit

Workflows, users, and connected modules show where the module belongs.

Governance proof

RBAC, audit, SIEM, approvals, and reporting are surfaced as first-class concerns.

Review path

Public pages link back to app routes so reviewers can compare page claims to product surfaces.