9f3e0621e5
Architecture: - ja4_logs: raw log ingestion (http_logs_raw, http_logs, mv_http_logs) - ja4_processing: analytics, aggregation, ML, dictionaries, audit Configuration (env vars): - CLICKHOUSE_DB_LOGS (default: ja4_logs) - CLICKHOUSE_DB_PROCESSING (default: ja4_processing) Changes: - SQL migrations (10 files): all mabase_prod refs → ja4_logs or ja4_processing with correct cross-database references (MVs, views, dicts) - deploy_schema.sh: substitutes DB names from env vars at deploy time - Python shared settings: added CLICKHOUSE_DB_LOGS + CLICKHOUSE_DB_PROCESSING - Dashboard routes (19 files): replaced ~80 hardcoded mabase_prod refs with settings.CLICKHOUSE_DB_LOGS / settings.CLICKHOUSE_DB_PROCESSING - Bot-detector: DB → CLICKHOUSE_DB_PROCESSING, fetch_rules.py configurable - Correlator: DSN example updated to ja4_logs - Docker-compose + .env files: new env vars with defaults - All documentation updated (14 markdown files) All tests pass: sentinel 10/10, correlator 67.1%, bot-detector 11, dashboard 20, ja4_common 18 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
23 lines
1.2 KiB
SQL
23 lines
1.2 KiB
SQL
-- =============================================================================
|
|
-- 08_users.sql — ClickHouse users and grants
|
|
-- TODO: Replace 'ChangeMe' with strong passwords before production use.
|
|
-- Store passwords in a secrets manager (Vault, K8s secrets, etc.).
|
|
-- =============================================================================
|
|
|
|
CREATE USER IF NOT EXISTS data_writer IDENTIFIED WITH plaintext_password BY 'ChangeMe';
|
|
CREATE USER IF NOT EXISTS analyst IDENTIFIED WITH plaintext_password BY 'ChangeMe';
|
|
|
|
-- data_writer: INSERT on raw table in ja4_logs (fed by correlator service)
|
|
GRANT INSERT ON ja4_logs.http_logs_raw TO data_writer;
|
|
GRANT SELECT ON ja4_logs.http_logs_raw TO data_writer;
|
|
|
|
-- analyst: read access on ja4_logs (parsed logs)
|
|
GRANT SELECT ON ja4_logs.http_logs TO analyst;
|
|
|
|
-- analyst: read access on ja4_processing (analytics, ML, views, audit)
|
|
GRANT SELECT ON ja4_processing.ml_detected_anomalies TO analyst;
|
|
GRANT SELECT ON ja4_processing.ml_all_scores TO analyst;
|
|
GRANT SELECT ON ja4_processing.view_ai_features_1h TO analyst;
|
|
GRANT SELECT ON ja4_processing.view_ip_recurrence TO analyst;
|
|
GRANT SELECT ON ja4_processing.audit_logs TO analyst;
|