initstring · initstring · Sep 24, 2025 · Sep 24, 2025 · Sep 24, 2025 · Sep 24, 2025
diff --git a/docs/dev/DESIGN.md b/docs/dev/DESIGN.md
@@ -39,11 +39,11 @@ Plan and execute red‑team operations and measure defensive effectiveness (dete
 
 ## Core Entities
 
-- Operation { name, description, tags[], crownJewels[], threatActor?, status, visibility, accessGroups[], techniques[] }
-- Technique { tactic, technique, subTechnique?, description, start/end, sourceIp?, targetSystem?, crownJewelTargeted?, crownJewelCompromised?, tools[] }
+- Operation { name, description, tags[], targets[], threatActor?, status, visibility, accessGroups[], techniques[] }
+- Technique { tactic, technique, subTechnique?, description, start/end, sourceIp?, targetSystem?, targetEngagements[], tools[] }
 - Outcome { type: DETECTION | PREVENTION | ATTRIBUTION, status, tools[]/logSources[], timestamp? }
 - ThreatActor { name, description, topThreat, mitreTechniques[] }
-- CrownJewel { name, description }
+- Target { name, description, isCrownJewel }
 - Tool { name, type: DEFENSIVE | OFFENSIVE, category }
 - ToolCategory { name, type }
 - Tag { name, description, color }
@@ -61,16 +61,16 @@ Plan and execute red‑team operations and measure defensive effectiveness (dete
 
 - Filters: search, status (All/Planning/Active/Completed/Cancelled), selectable tag chips.
 - List: neutral operation cards; click to open detail. Card delete uses ConfirmModal.
-- Create/Edit Operation: elevated modal with name/description, optional threat actor, dates, tags, crown jewels.
+- Create/Edit Operation: elevated modal with name/description, optional threat actor, dates, tags, targets (mark crown jewels).
 
 #### Operation Detail
 
-- Header: name, description, tags, threat actor, crown jewels, status.
+- Header: name, description, tags, threat actor, targets (CJ flagged), status.
 - KPIs: detection/prevention/attribution (%) computed from graded outcomes (excludes N/A).
 - Tabs
   - Techniques: drag‑and‑drop list; InlineActions for edit/delete. Technique Editor (elevated) with:
     - Overview: tactic/technique (sub‑tech aware) + description.
-    - Execution: start/end (datetime with “Now”), source IP, target system, offensive tools, crown‑jewel flags.
+    - Execution: start/end (datetime with “Now”), source IP, target system, offensive tools, target selection + crown jewel flag.
     - Outcomes: grade detection/prevention/attribution; add tools/log sources; optional timestamps.
   - ATT&CK Heatmap: full MITRE matrix with executed highlighting; sub‑tech expansion; ops/all toggle available in analytics view.
   - Attack Flow: simple flow of techniques (editors can organize).
@@ -90,7 +90,7 @@ Unified pattern across tabs: SettingsHeader + EntityListCard + EntityModal; Inli
 
 - Users: create/edit; role picker; delete via ConfirmModal.
 - Groups: create/edit; manage membership; one Tag per Group; delete via ConfirmModal.
-- Taxonomy: Tags, Tool Categories (by type), Tools, Threat Actors (attach ATT&CK techniques), Crown Jewels, Log Sources.
+- Taxonomy: Tags, Tool Categories (by type), Tools, Threat Actors (attach ATT&CK techniques), Targets (with crown jewel toggle), Log Sources.
 - Data: overview metrics; export/import a combined operations + taxonomy backup (always replaces existing data); clear-all confirmation.
 
 ## Data & Validation
@@ -102,4 +102,4 @@ Unified pattern across tabs: SettingsHeader + EntityListCard + EntityModal; Inli
 
 - Initialization runs before the server starts via `scripts/init.ts`. It ensures an admin account exists and seeds MITRE data if empty by parsing the STIX bundle at `data/mitre/enterprise-attack.json` through `src/lib/mitreStix.ts` (no generated processed file).
 - Development (SQLite): after deleting the DB, run `npm run db:push` once to create tables. Then start the app; initialization will seed admin + MITRE. Data persists across restarts.
-- Production: the app never runs `db push`. Provision schema using migrations (`npm run db:migrate`) or ship a pre-created SQLite file and persist it. Initialization still creates the admin and seeds MITRE if tables are present and empty.
+- Production: the app never runs `db push`. Provision schema ahead of time (for now run `npx prisma db push` during deploys or ship a pre-created SQLite file and persist it). Initialization still creates the admin and seeds MITRE if tables are present and empty.
diff --git a/docs/getting-started.md b/docs/getting-started.md
@@ -11,7 +11,7 @@ This guide walks through the first workflow after you launch the application. Fo
   - Log Sources. Examples: Sysmon, Windows Event Logs, etc. These are used for recording attribution outcomes.
 - Optional:
   - Threat Actors. You can enter them manually or use the import option to pull in techniques directly from MITRE ATT&CK.
-  - Crown Jewels. Examples: Production DB, Source Code Repo, etc.
+  - Targets. Examples: Production DB, Source Code Repo, employee credentials, etc. Mark the ones that are crown jewels so analytics continue to highlight them.
   - Tags. Examples: Stealth, Purple Team, etc. These can be applied to operations and used for filtering lists analytics.
 
 <p align="center">
@@ -38,7 +38,7 @@ This guide walks through the first workflow after you launch the application. Fo
   - From MITRE campaign: imports the techniques from a MITRE ATT&CK campaign
 - Provide the name, description, status
 - Set the start and end dates. These dates drive analytics such as trends and duration metrics, so keep them accurate.
-- Optionally, configure tags, crown jewels, threat actor being emulated, and group access restrictions.
+- Optionally, configure tags, targets (with crown jewel markers), threat actor being emulated, and group access restrictions.
 
 <p align="center">
   <a href="images/new-operation.png">
@@ -53,7 +53,7 @@ This guide walks through the first workflow after you launch the application. Fo
   - Use the Tactic/Technique pickers to choose from the catalog
   - Fill in an optional description
 - Execution tab:
-  - Timing, execution details, offensive tooling, and crown jewel targeting
+  - Timing, execution details, offensive tooling, and target selection with per-target outcome tracking (mark whether each chosen asset was compromised)
 - Outcomes tab:
   - Was the technique detected, prevented, or attributed later during IR?
   - What tooling and log sources were involved in successful outcomes or SHOULD HAVE BEEN involved in failed outcomes?

diff --git a/prisma/schema.prisma b/prisma/schema.prisma
@@ -145,15 +145,18 @@ model ThreatActor {
   @@index([topThreat])
 }
 
-model CrownJewel {
-  id          String      @id @default(cuid())
-  name        String      @unique // e.g., "Customer Database", "Source Code Repository"
-  description String
-  operations  Operation[] @relation("OperationCrownJewels")
-  createdAt   DateTime    @default(now())
-  updatedAt   DateTime    @updatedAt
+model Target {
+  id            String      @id @default(cuid())
+  name          String      @unique // e.g., "Customer Database", "Source Code Repository"
+  description   String
+  isCrownJewel  Boolean     @default(false)
+  operations    Operation[] @relation("OperationTargets")
+  techniqueEngagements TechniqueTarget[]
+  createdAt     DateTime    @default(now())
+  updatedAt     DateTime    @updatedAt
 
   @@index([name])
+  @@index([isCrownJewel])
 }
 
 model Tag {
@@ -266,9 +269,9 @@ model Operation {
   threatActorId String?
 
   // Many-to-many relationships
-  tags        Tag[]        @relation("OperationTags")
-  crownJewels CrownJewel[] @relation("OperationCrownJewels")
-  techniques  Technique[]
+  tags    Tag[]    @relation("OperationTags")
+  targets Target[] @relation("OperationTargets")
+  techniques Technique[]
 
   // Access control
   visibility   OperationVisibility @default(EVERYONE)
@@ -317,8 +320,6 @@ model Technique {
   endTime               DateTime?
   sourceIp              String?
   targetSystem          String?
-  crownJewelTargeted    Boolean   @default(false)
-  crownJewelCompromised Boolean   @default(false)
   executedSuccessfully  Boolean?
 
   // Relationships
@@ -330,8 +331,9 @@ model Technique {
   mitreSubTechniqueId String?
 
   // Many-to-many relationships
-  tools    Tool[]    @relation("TechniqueTools")
-  outcomes Outcome[]
+  tools            Tool[]            @relation("TechniqueTools")
+  outcomes         Outcome[]
+  targetEngagements TechniqueTarget[]
 
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
@@ -341,6 +343,20 @@ model Technique {
   @@index([mitreSubTechniqueId])
 }
 
+model TechniqueTarget {
+  id           String    @id @default(cuid())
+  technique    Technique @relation(fields: [techniqueId], references: [id], onDelete: Cascade)
+  techniqueId  String
+  target       Target    @relation(fields: [targetId], references: [id], onDelete: Cascade)
+  targetId     String
+  wasSuccessful Boolean?
+  createdAt    DateTime  @default(now())
+  updatedAt    DateTime  @updatedAt
+
+  @@unique([techniqueId, targetId])
+  @@index([targetId])
+}
+
 enum OutcomeType {
   DETECTION
   PREVENTION