Fix / Improvement: Refactor parser mappings to JSON and standardize configuration

.env copy

@@ -8,12 +8,13 @@ DISABLE_AUTH=true
 SECRET_KEY=change-me-in-development
 
 # API keys (only used if DISABLE_AUTH=false)
-API_KEYS_ADMIN=
-API_KEYS_READ_ONLY=
-API_KEYS_WRITE=
+JARVIS_ADMIN_KEYS=
+JARVIS_READ_KEYS=
+JARVIS_WRITE_KEYS=
 
 # Integrations
 S1_SDL_API_TOKEN=
+S1_HEC_TOKEN=
 
 # Frontend -> Backend API key (not needed when DISABLE_AUTH=true)
 BACKEND_API_KEY=

.env.example

@@ -0,0 +1,139 @@
+# ==============================================================================
+# JARVIS CODING - CONFIGURATION ENVIRONMENT
+# ==============================================================================
+# Copy this file to .env and update values for your environment
+# cp .env.example .env
+#
+# IMPORTANT: Never commit the .env file to version control!
+# ==============================================================================
+
+# ==============================================================================
+# RUNTIME SETTINGS
+# ==============================================================================
+
+# Server host
+HOST=0.0.0.0
+
+# API server port (default: 8000)
+PORT=8000
+
+# Log level: debug, info, warning, error, critical
+LOG_LEVEL=info
+
+# ==============================================================================
+# AUTHENTICATION & SECURITY
+# ==============================================================================
+
+# Disable authentication for local development (true/false)
+# WARNING: Set to false in production!
+DISABLE_AUTH=true
+
+# Secret key for JWT tokens and session encryption
+# CRITICAL: Change this to a strong random string in production!
+# Generate with: python -c "import secrets; print(secrets.token_urlsafe(32))"
+SECRET_KEY=change-me-in-production
+
+# API Keys - Comma-separated for multiple keys per role
+# Only used when DISABLE_AUTH=false
+# Generate secure keys with: openssl rand -hex 32
+
+# Admin keys
+JARVIS_ADMIN_KEYS=
+
+# Write keys / Mandatory
+# Get it from SentinelOne Console → Policy & Settings → API Keys → Log Access Keys (New Write Key)
+JARVIS_WRITE_KEYS=
+
+# Read-only keys
+JARVIS_READ_KEYS=
+
+# Frontend -> Backend API key (required when DISABLE_AUTH=false)
+# Should match one of the JARVIS_ADMIN_KEYS or JARVIS_WRITE_KEYS
+BACKEND_API_KEY=
+
+# ==============================================================================
+#  SENTINELONE HEC INTEGRATION (REQUIRED FOR PRODUCTION)
+# ==============================================================================
+# HEC = HTTP Event Collector - Used to SEND/WRITE events TO SentinelOne
+
+# SentinelOne HEC Token
+# REQUIRED: To send events to SentinelOne AI-SIEM for ingestion and parsing
+# Get from: SentinelOne Console > Settings > Integrations > HEC Tokens
+# This token is used throughout the application (hec_sender.py, Frontend, scenarios)
+S1_HEC_TOKEN=
+
+# SentinelOne HEC Endpoint URL
+# Format: https://your-instance.sentinelone.net/api/v1/cloud_connect/events/raw
+# Replace "your-instance" with your SentinelOne instance name
+# Get information : https://your-console.sentinelone.net/soc-docs/en/services-and-ports-for-management.html#hec-endpoints-for-sdl-ingestion
+S1_HEC_URL=https://your-instance.sentinelone.net/api/v1/cloud_connect/events/raw
+
+# ==============================================================================
+#  HEC (HTTP EVENT COLLECTOR) ADVANCED SETTINGS
+# ==============================================================================
+
+# HEC Authentication Scheme: "Splunk" or "Bearer"
+# - Splunk: Uses "Splunk <token>" header format (default)
+# - Bearer: Uses "Bearer <token>" header format
+S1_HEC_AUTH_SCHEME=Splunk
+
+# HEC Event Metadata (optional)
+# Default source, host, and index for events
+S1_HEC_SOURCE=jarvis_coding
+S1_HEC_HOST=jarvis-generator
+S1_HEC_INDEX=main
+
+# HEC Batching Configuration
+# Enable batch mode for better performance (true/false)
+S1_HEC_BATCH=true
+
+# Maximum batch size in bytes (default: 1MB)
+# SentinelOne recommends max 5MB per batch
+S1_HEC_BATCH_MAX_BYTES=1048576
+
+# Batch flush interval in milliseconds (default: 500ms)
+S1_HEC_BATCH_FLUSH_MS=500
+
+# Number of worker threads for batch processing
+S1_HEC_WORKERS=10
+
+# HEC TLS/SSL Configuration
+# Verify SSL certificates (true/false)
+# Set to false only for development/testing with self-signed certs
+# S1_HEC_VERIFY=true
+
+# Use lower TLS security level for compatibility with older systems
+S1_HEC_TLS_LOW=false
+
+# Enable debug logging for HEC sender (0=off, 1=basic, 2=verbose)
+S1_HEC_DEBUG=0
+
+# HEC API Timeout and Retry Settings
+S1_API_TIMEOUT=30
+S1_API_RETRY_ATTEMPTS=3
+
+# ==============================================================================
+#  KEYRING CONFIGURATION (FRONTEND CREDENTIAL STORAGE)
+# ==============================================================================
+
+# Python keyring backend type
+# Options: keyrings.alt.file.EncryptedKeyring, keyring.backends.SecretService.Keyring
+PYTHON_KEYRING_BACKEND=keyrings.alt.file.EncryptedKeyring
+
+# Password for encrypted keyring file
+# IMPORTANT: Change this to a strong password in production!
+KEYRING_CRYPTFILE_PASSWORD=change-this-strong-password
+
+# Path to keyring file
+# Docker: /app/Frontend/.keyring.cfg
+# Local: ./Frontend/.keyring.cfg
+KEYRING_CRYPTFILE_PATH=/app/Frontend/.keyring.cfg
+
+# ==============================================================================
+# DEPRECATED VARIABLES (NOT USED IN CURRENT VERSION)
+# ==============================================================================
+#
+# S1_SDL_API_TOKEN - SDL API token (for querying events from SentinelOne)S
+# This was planned for parser validation features but is NOT currently used.
+# The functionality exists in Backend/archive/ but is not integrated in the API.
+# Leave commented unless you're working with the archived validation scripts.

Backend/docker-compose.yml

@@ -1,5 +1,3 @@
-version: '3.8'
-
 services:
   api:
     build:
@@ -15,12 +13,19 @@ services:
       - SECRET_KEY=${SECRET_KEY:-change-me-in-production}
       # Authentication settings
       - DISABLE_AUTH=${DISABLE_AUTH:-false}
-      - API_KEYS_ADMIN=${API_KEYS_ADMIN}
-      - API_KEYS_READ_ONLY=${API_KEYS_READ_ONLY}
-      - API_KEYS_WRITE=${API_KEYS_WRITE}
+      - JARVIS_ADMIN_KEYS=${JARVIS_ADMIN_KEYS}
+      - JARVIS_WRITE_KEYS=${JARVIS_WRITE_KEYS}
+      - JARVIS_READ_KEYS=${JARVIS_READ_KEYS}
       # SentinelOne integration
       - S1_HEC_TOKEN=${S1_HEC_TOKEN}
+      - S1_HEC_URL=${S1_HEC_URL}
       - S1_SDL_API_TOKEN=${S1_SDL_API_TOKEN}
+      # HEC batching and configuration
+      - S1_HEC_BATCH=${S1_HEC_BATCH:-false}
+      - S1_HEC_BATCH_MAX_BYTES=${S1_HEC_BATCH_MAX_BYTES:-1048576}
+      - S1_HEC_BATCH_FLUSH_MS=${S1_HEC_BATCH_FLUSH_MS:-500}
+      - S1_HEC_DEBUG=${S1_HEC_DEBUG:-0}
+      - S1_HEC_VERIFY=${S1_HEC_VERIFY:-true}
       # Database
       - DATABASE_URL=sqlite+aiosqlite:///./data/jarvis_coding.db
     volumes: