From 965456b777517a28a8bfb32d197eaf806455636f Mon Sep 17 00:00:00 2001 From: "Rodrigo Rodriguez (Pragmatismo)" Date: Sat, 10 Jan 2026 09:41:19 -0300 Subject: [PATCH] Add security protection tools documentation - Create protection-tools.md with comprehensive documentation - Explain root access requirement and security model - Document sudoers configuration (no wildcards) - Add API reference and troubleshooting guide - Update SUMMARY.md with new entry --- src/04-gbui/apps/billing.md | 225 ++++++++++++++++ src/04-gbui/apps/crm.md | 205 ++++++++++++++ src/04-gbui/apps/products.md | 244 +++++++++++++++++ src/04-gbui/apps/tickets.md | 252 ++++++++++++++++++ src/23-security/protection-tools.md | 398 ++++++++++++++++++++++++++++ src/SUMMARY.md | 5 + 6 files changed, 1329 insertions(+) create mode 100644 src/04-gbui/apps/billing.md create mode 100644 src/04-gbui/apps/crm.md create mode 100644 src/04-gbui/apps/products.md create mode 100644 src/04-gbui/apps/tickets.md create mode 100644 src/23-security/protection-tools.md diff --git a/src/04-gbui/apps/billing.md b/src/04-gbui/apps/billing.md new file mode 100644 index 00000000..88e37605 --- /dev/null +++ b/src/04-gbui/apps/billing.md @@ -0,0 +1,225 @@ +# Billing - Invoices, Payments & Quotes + +> **Manage your financial transactions from quote to payment** + +--- + +## Overview + +Billing is your complete invoicing solution following Microsoft Dynamics nomenclature. Create quotes for opportunities, convert them to invoices, and track payments through to completion. + +--- + +## Key Concepts (Dynamics Nomenclature) + +| Entity | Description | +|--------|-------------| +| **Quote** | Price quotation sent to prospect/customer | +| **Invoice** | Bill sent to customer for payment | +| **Payment** | Payment received against an invoice | + +### Entity Flow + +``` +Quote ──(accept)──► Invoice ──(pay)──► Payment +``` + +--- + +## Features + +### Invoices Management + +Track all your billing documents: + +- **Invoice Number** - Unique identifier +- **Account** - Customer being billed +- **Date** - Invoice creation date +- **Due Date** - Payment deadline +- **Amount** - Total invoice value +- **Status** - Draft, Sent, Paid, Overdue, Cancelled + +### Invoice Statuses + +| Status | Description | +|--------|-------------| +| **Draft** | Invoice being prepared, not yet sent | +| **Sent** | Invoice delivered to customer | +| **Paid** | Payment received in full | +| **Overdue** | Past due date, unpaid | +| **Cancelled** | Invoice voided | + +### Payments + +Record and track incoming payments: + +- **Payment ID** - Unique identifier +- **Invoice** - Associated invoice +- **Account** - Paying customer +- **Date** - Payment received date +- **Amount** - Payment amount +- **Method** - Payment method used + +### Payment Methods + +| Method | Description | +|--------|-------------| +| **Bank Transfer** | Wire/ACH transfer | +| **Credit Card** | Card payment | +| **PIX** | Brazilian instant payment | +| **Boleto** | Brazilian bank slip | +| **Cash** | Cash payment | + +### Quotes + +Create proposals for potential deals: + +- **Quote Number** - Unique identifier +- **Account** - Customer receiving quote +- **Opportunity** - Associated sales opportunity +- **Date** - Quote creation date +- **Valid Until** - Expiration date +- **Amount** - Total quoted value +- **Status** - Draft, Sent, Accepted, Rejected, Expired + +--- + +## Summary Dashboard + +Real-time financial metrics: + +| Metric | Description | +|--------|-------------| +| **Pending** | Total value of unpaid invoices | +| **Overdue** | Total value past due date | +| **Paid This Month** | Payments received this month | +| **Revenue This Month** | Total revenue for current month | + +--- + +## Navigation Tabs + +| Tab | View | +|-----|------| +| **Invoices** | All invoice records | +| **Payments** | Payment history | +| **Quotes** | Price quotations | + +--- + +## API Endpoints + +| Endpoint | Method | Description | +|----------|--------|-------------| +| `/api/billing/invoices` | GET | List invoices with filters | +| `/api/billing/invoices` | POST | Create new invoice | +| `/api/billing/invoices/:id` | GET | Get invoice details | +| `/api/billing/invoices/:id` | PUT | Update invoice | +| `/api/billing/invoices/:id/send` | POST | Mark invoice as sent | +| `/api/billing/invoices/:id/cancel` | POST | Cancel invoice | +| `/api/billing/invoices/export` | GET | Export invoices | +| `/api/billing/payments` | GET | List payments | +| `/api/billing/payments` | POST | Record new payment | +| `/api/billing/quotes` | GET | List quotes | +| `/api/billing/quotes` | POST | Create new quote | +| `/api/billing/quotes/:id/accept` | POST | Convert quote to invoice | +| `/api/billing/search` | GET | Search billing records | +| `/api/billing/stats/*` | GET | Get billing statistics | + +--- + +## @ Mentions in Chat + +Reference billing entities directly in chat: + +| Mention | Example | +|---------|---------| +| `@invoice:` | @invoice:INV-2024-001 | + +Hover over a mention to see invoice details. Click to navigate to the record. + +--- + +## Filtering Options + +### Invoice Filters + +| Filter | Options | +|--------|---------| +| **Status** | All, Draft, Sent, Paid, Overdue, Cancelled | +| **Period** | All Time, This Month, This Quarter, This Year | + +### Payment Filters + +| Filter | Options | +|--------|---------| +| **Method** | All Methods, Bank Transfer, Credit Card, PIX, Boleto, Cash | + +### Quote Filters + +| Filter | Options | +|--------|---------| +| **Status** | All, Draft, Sent, Accepted, Rejected, Expired | + +--- + +## Keyboard Shortcuts + +| Shortcut | Action | +|----------|--------| +| `N` | New invoice (when in Billing) | +| `Escape` | Close modal | +| `/` | Focus search | + +--- + +## Integration with CRM + +Billing integrates seamlessly with CRM: + +1. **Quote from Opportunity** - Create quotes linked to opportunities +2. **Convert on Win** - When opportunity is won, convert quote to invoice +3. **Account Linking** - Invoices automatically linked to customer accounts + +--- + +## Best Practices + +### Invoice Management + +1. **Send promptly** - Issue invoices immediately after delivery +2. **Set clear terms** - Include payment terms and due dates +3. **Follow up** - Track overdue invoices proactively + +### Payment Tracking + +1. **Record immediately** - Log payments as soon as received +2. **Match correctly** - Ensure payments match the right invoices +3. **Reconcile regularly** - Review payment records weekly + +### Quote Management + +1. **Include details** - List all line items with descriptions +2. **Set expiration** - Use reasonable validity periods +3. **Follow up** - Check on pending quotes before expiration + +--- + +## Reports + +Available in Analytics: + +| Report | Description | +|--------|-------------| +| **Revenue Summary** | Total revenue over time | +| **Aging Report** | Overdue invoices by age | +| **Payment History** | Payments received over time | +| **Monthly Revenue** | Month-over-month comparison | + +--- + +## See Also + +- [CRM](./crm.md) — Link invoices to accounts and opportunities +- [Products](./products.md) — Add products to invoices and quotes +- [Analytics](./analytics.md) — Billing reports and dashboards \ No newline at end of file diff --git a/src/04-gbui/apps/crm.md b/src/04-gbui/apps/crm.md new file mode 100644 index 00000000..45ce2813 --- /dev/null +++ b/src/04-gbui/apps/crm.md @@ -0,0 +1,205 @@ +# CRM - Customer Relationship Management + +> **Manage your sales pipeline from lead to close** + +--- + +## Overview + +CRM is your complete sales management solution following Microsoft Dynamics nomenclature. Track leads through qualification, manage opportunities in a visual pipeline, and convert them to accounts and contacts when deals close. + +--- + +## Key Concepts (Dynamics Nomenclature) + +| Entity | Description | +|--------|-------------| +| **Lead** | Unqualified prospect - someone who might become a customer | +| **Opportunity** | Qualified lead in the active sales process | +| **Account** | Company/organization (converted customer) | +| **Contact** | Person at an Account | +| **Activity** | Tasks, calls, emails linked to any entity | + +### Entity Flow + +``` +Lead ──(qualify)──► Opportunity ──(convert)──► Account + Contact +``` + +--- + +## Features + +### Pipeline View (Kanban) + +The default view shows your sales pipeline as a Kanban board with drag-and-drop functionality: + +| Stage | Description | +|-------|-------------| +| **Lead** | New unqualified prospects | +| **Qualified** | Leads that meet your criteria | +| **Proposal** | Opportunities with sent proposals | +| **Negotiation** | Active deal discussions | +| **Won** | Successfully closed deals | +| **Lost** | Deals that didn't close | + +**Drag cards between columns** to update opportunity stages instantly. + +### Leads Management + +Track and qualify incoming prospects: + +- **Name** - Contact name +- **Company** - Organization name +- **Email** - Primary contact email +- **Phone** - Contact phone number +- **Source** - Where the lead came from (web, referral, event, etc.) +- **Status** - New, Contacted, Qualified + +### Opportunities + +Manage active sales deals: + +- **Opportunity Name** - Deal identifier +- **Account** - Associated company +- **Value** - Expected deal amount +- **Stage** - Current pipeline position +- **Probability** - Win likelihood percentage +- **Expected Close** - Target close date +- **Owner** - Sales representative + +### Accounts + +Company records for your customers: + +- **Account Name** - Company name +- **Industry** - Business sector +- **Phone** - Main phone number +- **City** - Location +- **Annual Revenue** - Company size indicator +- **Contacts** - Number of associated contacts + +### Contacts + +People at your customer accounts: + +- **Name** - Full name +- **Account** - Associated company +- **Title** - Job title/role +- **Email** - Contact email +- **Phone** - Direct phone + +--- + +## Pipeline Summary Metrics + +Real-time dashboard showing: + +| Metric | Description | +|--------|-------------| +| **Total Pipeline Value** | Sum of all active opportunity values | +| **Conversion Rate** | Percentage of leads that convert to wins | +| **Avg Deal Size** | Average value of won opportunities | +| **Won This Month** | Total value closed this month | + +--- + +## Navigation Tabs + +| Tab | View | +|-----|------| +| **Pipeline** | Kanban board of opportunities | +| **Leads** | Table of all leads | +| **Opportunities** | Table of all opportunities | +| **Accounts** | Table of all accounts | +| **Contacts** | Table of all contacts | + +--- + +## API Endpoints + +| Endpoint | Method | Description | +|----------|--------|-------------| +| `/api/crm/leads` | GET | List leads with filters | +| `/api/crm/leads` | POST | Create new lead | +| `/api/crm/leads/:id` | GET | Get lead details | +| `/api/crm/leads/:id` | PUT | Update lead | +| `/api/crm/leads/:id/qualify` | POST | Qualify lead to opportunity | +| `/api/crm/opportunities` | GET | List opportunities | +| `/api/crm/opportunities` | POST | Create opportunity | +| `/api/crm/opportunity/:id/stage` | POST | Update opportunity stage | +| `/api/crm/accounts` | GET | List accounts | +| `/api/crm/accounts` | POST | Create account | +| `/api/crm/contacts` | GET | List contacts | +| `/api/crm/contacts` | POST | Create contact | +| `/api/crm/pipeline` | GET | Get pipeline data by stage | +| `/api/crm/count` | GET | Get counts by stage | +| `/api/crm/stats/*` | GET | Get various statistics | +| `/api/crm/search` | GET | Search across all CRM entities | + +--- + +## @ Mentions in Chat + +Reference CRM entities directly in chat conversations: + +| Mention | Example | +|---------|---------| +| `@lead:` | @lead:John Smith | +| `@opportunity:` | @opportunity:Enterprise Deal | +| `@account:` | @account:Acme Corp | +| `@contact:` | @contact:Jane Doe | + +Hover over a mention to see entity details. Click to navigate to the record. + +--- + +## Keyboard Shortcuts + +| Shortcut | Action | +|----------|--------| +| `N` | New lead (when in CRM) | +| `Escape` | Close modal | +| `/` | Focus search | + +--- + +## Filtering Options + +### Leads Filter + +- All Leads +- New +- Contacted +- Qualified + +--- + +## Best Practices + +### Lead Management + +1. **Respond quickly** - Follow up on new leads within 24 hours +2. **Qualify early** - Move quality leads to Opportunities promptly +3. **Track source** - Know where your best leads come from + +### Pipeline Health + +1. **Update stages daily** - Keep pipeline accurate +2. **Set realistic close dates** - Update Expected Close as needed +3. **Review weekly** - Identify stuck opportunities + +### Data Quality + +1. **Complete profiles** - Fill in all available information +2. **Link contacts to accounts** - Maintain relationships +3. **Log activities** - Track all customer interactions + +--- + +## See Also + +- [Billing](./billing.md) — Create invoices from won opportunities +- [Products](./products.md) — Add products to quotes and invoices +- [Analytics](./analytics.md) — CRM reports and dashboards +- [Tasks](./tasks.md) — Create follow-up tasks from CRM \ No newline at end of file diff --git a/src/04-gbui/apps/products.md b/src/04-gbui/apps/products.md new file mode 100644 index 00000000..5dfeca1f --- /dev/null +++ b/src/04-gbui/apps/products.md @@ -0,0 +1,244 @@ +# Products - Product & Service Catalog + +> **Manage your complete product and service offerings** + +--- + +## Overview + +Products is your catalog management solution following Microsoft Dynamics nomenclature. Maintain your product inventory, service offerings, and price lists for use across CRM quotes and billing invoices. + +--- + +## Key Concepts (Dynamics Nomenclature) + +| Entity | Description | +|--------|-------------| +| **Product** | Physical or digital item for sale | +| **Service** | Service offering (hourly, fixed, recurring) | +| **Price List** | Pricing tier with currency and validity dates | + +### Entity Relationships + +``` +Product/Service ──► Price List ──► Quote/Invoice Line Items +``` + +--- + +## Features + +### Product Catalog + +Manage your product inventory: + +- **Name** - Product name +- **Description** - Product details +- **SKU** - Stock keeping unit code +- **Category** - Product classification +- **Price** - Base price +- **Unit** - Unit of measure +- **Status** - Active or Inactive + +### Product Categories + +| Category | Description | +|----------|-------------| +| **Software** | Software licenses and subscriptions | +| **Hardware** | Physical equipment and devices | +| **Subscription** | Recurring subscription products | +| **Consulting** | Consulting packages | +| **Training** | Training courses and materials | +| **Support** | Support packages and plans | + +### Services + +Track your service offerings: + +- **Name** - Service name +- **Description** - Service details +- **Type** - Billing type (hourly, fixed, recurring) +- **Price** - Service rate +- **Unit** - Billing unit (hour, project, month) +- **Status** - Active or Inactive + +### Service Types + +| Type | Description | +|------|-------------| +| **Hourly** | Billed per hour worked | +| **Fixed Price** | One-time fixed amount | +| **Recurring** | Monthly/annual subscription | + +### Price Lists + +Manage pricing across different contexts: + +- **Name** - Price list name +- **Description** - Purpose or context +- **Currency** - USD, EUR, BRL, GBP, etc. +- **Items** - Number of products/services included +- **Valid From** - Start date +- **Valid To** - End date +- **Default** - Is this the default price list? + +--- + +## Summary Dashboard + +Real-time catalog metrics: + +| Metric | Description | +|--------|-------------| +| **Total Products** | Number of products in catalog | +| **Total Services** | Number of services offered | +| **Active Items** | Currently active products and services | +| **Price Lists** | Number of configured price lists | + +--- + +## Navigation Tabs + +| Tab | View | +|-----|------| +| **Catalog** | Product grid/list view | +| **Services** | Service table | +| **Price Lists** | Price list management | + +--- + +## View Options + +The catalog supports two view modes: + +| View | Description | +|------|-------------| +| **Grid** | Visual card layout (default) | +| **List** | Compact table layout | + +Toggle between views using the view buttons in the toolbar. + +--- + +## API Endpoints + +| Endpoint | Method | Description | +|----------|--------|-------------| +| `/api/products/items` | GET | List products with filters | +| `/api/products/items` | POST | Create new product | +| `/api/products/items/:id` | GET | Get product details | +| `/api/products/items/:id` | PUT | Update product | +| `/api/products/items/:id` | DELETE | Delete product | +| `/api/products/services` | GET | List services | +| `/api/products/services` | POST | Create new service | +| `/api/products/services/:id` | GET | Get service details | +| `/api/products/pricelists` | GET | List price lists | +| `/api/products/pricelists` | POST | Create new price list | +| `/api/products/pricelists/:id` | GET | Get price list details | +| `/api/products/pricelists/:id/items` | GET | Get items in price list | +| `/api/products/search` | GET | Search products and services | +| `/api/products/stats/*` | GET | Get catalog statistics | + +--- + +## @ Mentions in Chat + +Reference products directly in chat: + +| Mention | Example | +|---------|---------| +| `@product:` | @product:Enterprise License | + +Hover over a mention to see product details. Click to navigate to the record. + +--- + +## Filtering Options + +### Catalog Filters + +| Filter | Options | +|--------|---------| +| **Category** | All, Software, Hardware, Subscription, Consulting, Training, Support | +| **Status** | Active, All, Inactive | + +### Service Filters + +| Filter | Options | +|--------|---------| +| **Type** | All Types, Hourly, Fixed Price, Recurring | + +### Price List Filters + +| Filter | Options | +|--------|---------| +| **Currency** | All Currencies, USD, EUR, BRL, GBP | + +--- + +## Keyboard Shortcuts + +| Shortcut | Action | +|----------|--------| +| `N` | New product (when in Products) | +| `Escape` | Close modal | +| `/` | Focus search | +| `G` | Toggle grid/list view | + +--- + +## Integration with Billing + +Products integrate with the billing system: + +1. **Quote Line Items** - Add products/services to quotes +2. **Invoice Line Items** - Products appear on invoices +3. **Price List Selection** - Choose appropriate price list per quote/invoice +4. **Automatic Pricing** - Prices pulled from selected price list + +--- + +## Best Practices + +### Catalog Management + +1. **Use clear names** - Make products easily identifiable +2. **Complete descriptions** - Include all relevant details +3. **Assign SKUs** - Use consistent SKU naming conventions +4. **Categorize properly** - Assign appropriate categories + +### Pricing Strategy + +1. **Multiple price lists** - Create lists for different markets/customers +2. **Set validity dates** - Use date ranges for promotional pricing +3. **Mark defaults** - Designate default price list per currency +4. **Review regularly** - Update pricing as needed + +### Service Offerings + +1. **Define scope** - Clear descriptions prevent misunderstandings +2. **Set appropriate units** - Choose billing units that match delivery +3. **Track utilization** - Monitor which services sell best + +--- + +## Multi-Currency Support + +Price lists support multiple currencies: + +| Currency | Code | +|----------|------| +| US Dollar | USD | +| Euro | EUR | +| Brazilian Real | BRL | +| British Pound | GBP | + +Create separate price lists for each currency you operate in. + +--- + +## See Also + +- [CRM](./crm.md) — Add products to opportunities +- [Billing](./billing.md) — Include products in invoices and quotes +- [Analytics](./analytics.md) — Product performance reports \ No newline at end of file diff --git a/src/04-gbui/apps/tickets.md b/src/04-gbui/apps/tickets.md new file mode 100644 index 00000000..69151515 --- /dev/null +++ b/src/04-gbui/apps/tickets.md @@ -0,0 +1,252 @@ +# Tickets - AI-Assisted Support Cases + +> **Manage customer support with AI-powered resolution suggestions** + +--- + +## Overview + +Tickets is your AI-assisted support system following Microsoft Dynamics nomenclature. Create and manage support cases, track resolution times, and leverage AI to suggest solutions and automate common responses. + +--- + +## Key Concepts (Dynamics Nomenclature) + +| Entity | Description | +|--------|-------------| +| **Case** | Support ticket/request from a customer | +| **Resolution** | AI-suggested or manual solution to a case | +| **Activity** | Actions taken on a case (responses, calls, etc.) | + +--- + +## Features + +### Case Management + +Track and resolve customer support requests: + +- **Case Number** - Unique identifier +- **Subject** - Brief description of the issue +- **Account** - Customer reporting the issue +- **Contact** - Person who reported the issue +- **Priority** - Urgency level +- **Status** - Current case state +- **Category** - Issue classification +- **Description** - Full issue details +- **Assigned To** - Support agent handling the case + +### Case Statuses + +| Status | Description | +|--------|-------------| +| **Open** | New case awaiting attention | +| **Pending** | Waiting for customer response or external input | +| **In Progress** | Being actively worked on | +| **Resolved** | Solution provided, awaiting confirmation | +| **Closed** | Case completed and closed | + +### Priority Levels + +| Priority | Description | +|----------|-------------| +| **Critical** | System down, immediate attention required | +| **High** | Major issue affecting business operations | +| **Medium** | Standard issue with workaround available | +| **Low** | Minor issue or general inquiry | + +### AI Assistance + +The AI assistant helps with: + +- **Auto-categorization** - Automatically classify incoming cases +- **Solution Suggestions** - Recommend resolutions based on similar cases +- **Response Templates** - Generate contextual reply drafts +- **Priority Detection** - Identify urgent cases from description +- **Knowledge Search** - Find relevant KB articles automatically + +--- + +## Summary Dashboard + +Real-time support metrics: + +| Metric | Description | +|--------|-------------| +| **Open Cases** | Number of unresolved cases | +| **Urgent** | Cases with critical/high priority | +| **Resolved Today** | Cases closed today | +| **AI Resolved** | Percentage of cases resolved by AI | + +--- + +## Navigation Tabs + +| Tab | View | +|-----|------| +| **All Cases** | Complete case list | +| **Open** | Only open cases | +| **Pending** | Cases awaiting response | +| **Resolved** | Completed cases | + +--- + +## API Endpoints + +| Endpoint | Method | Description | +|----------|--------|-------------| +| `/api/tickets` | GET | List cases with filters | +| `/api/tickets` | POST | Create new case | +| `/api/tickets/:id` | GET | Get case details | +| `/api/tickets/:id` | PUT | Update case | +| `/api/tickets/:id/resolve` | POST | Mark case as resolved | +| `/api/tickets/:id/close` | POST | Close case | +| `/api/tickets/:id/reopen` | POST | Reopen closed case | +| `/api/tickets/:id/assign` | POST | Assign to agent | +| `/api/tickets/:id/activities` | GET | Get case activities | +| `/api/tickets/:id/activities` | POST | Add activity to case | +| `/api/tickets/:id/ai-suggest` | GET | Get AI resolution suggestions | +| `/api/tickets/search` | GET | Search cases | +| `/api/tickets/stats/*` | GET | Get support statistics | + +--- + +## @ Mentions in Chat + +Reference cases directly in chat conversations: + +| Mention | Example | +|---------|---------| +| `@case:` | @case:CS-2024-001 | + +Hover over a mention to see case details. Click to navigate to the record. + +--- + +## Filtering Options + +### Status Filters + +| Filter | Options | +|--------|---------| +| **Status** | All, Open, Pending, In Progress, Resolved, Closed | + +### Priority Filters + +| Filter | Options | +|--------|---------| +| **Priority** | All, Critical, High, Medium, Low | + +### Category Filters + +| Filter | Options | +|--------|---------| +| **Category** | All, Technical, Billing, General, Feature Request | + +--- + +## Keyboard Shortcuts + +| Shortcut | Action | +|----------|--------| +| `N` | New case (when in Tickets) | +| `Escape` | Close modal | +| `/` | Focus search | +| `R` | Reply to selected case | + +--- + +## AI Resolution Flow + +1. **Case Created** - Customer submits support request +2. **AI Analysis** - System analyzes case description +3. **Auto-Categorize** - Priority and category assigned +4. **Suggest Solutions** - AI finds similar resolved cases +5. **Generate Response** - Draft reply created for review +6. **Agent Review** - Support agent approves or modifies +7. **Resolution** - Customer receives response + +--- + +## Integration with CRM + +Tickets integrates with your CRM data: + +1. **Account Linking** - Cases linked to customer accounts +2. **Contact Association** - Track who reported each issue +3. **History Access** - View customer's previous cases +4. **Activity Sync** - Support activities appear in CRM timeline + +--- + +## Best Practices + +### Case Management + +1. **Respond quickly** - Acknowledge cases within SLA +2. **Set accurate priority** - Ensure urgent issues get attention +3. **Document thoroughly** - Record all resolution steps +4. **Update status** - Keep case status current + +### Using AI Assistance + +1. **Review suggestions** - Always verify AI recommendations +2. **Train the model** - Mark good suggestions to improve accuracy +3. **Personalize responses** - Edit AI drafts for customer context +4. **Escalate when needed** - Don't rely on AI for complex issues + +### SLA Management + +1. **Define SLAs** - Set response and resolution time targets +2. **Monitor compliance** - Track SLA performance +3. **Escalate proactively** - Flag cases approaching SLA breach + +--- + +## Reports + +Available in Analytics: + +| Report | Description | +|--------|-------------| +| **Open Cases by Priority** | Distribution of active cases | +| **Resolution Time** | Average time to resolve by category | +| **Cases by Category** | Volume breakdown by issue type | +| **AI Resolution Rate** | Percentage resolved with AI assistance | +| **Agent Performance** | Cases handled per agent | +| **SLA Compliance** | Percentage meeting SLA targets | + +--- + +## Case Categories + +| Category | Description | +|----------|-------------| +| **Technical** | Product bugs, errors, technical issues | +| **Billing** | Invoice questions, payment issues | +| **General** | General inquiries, how-to questions | +| **Feature Request** | Suggestions for new features | + +--- + +## Activity Types + +Activities logged on cases: + +| Activity | Description | +|----------|-------------| +| **Email** | Email sent to/from customer | +| **Phone Call** | Phone conversation logged | +| **Note** | Internal note added | +| **Status Change** | Case status updated | +| **Assignment** | Case reassigned | +| **Resolution** | Solution provided | + +--- + +## See Also + +- [CRM](./crm.md) — Link cases to accounts and contacts +- [Chat](./chat.md) — AI assistant for support queries +- [Analytics](./analytics.md) — Support reports and dashboards +- [Tasks](./tasks.md) — Create follow-up tasks from cases \ No newline at end of file diff --git a/src/23-security/protection-tools.md b/src/23-security/protection-tools.md new file mode 100644 index 00000000..74f97151 --- /dev/null +++ b/src/23-security/protection-tools.md @@ -0,0 +1,398 @@ +# Security Protection Tools + +The Security Protection module provides comprehensive host-level security through integration with industry-standard Linux security tools. This module allows administrators to manage security audits, rootkit detection, intrusion detection, and malware scanning through the General Bots UI. + +## Overview + +### Architecture + +``` +┌─────────────────────────────────────────────────────────────┐ +│ Browser / UI │ +│ (Security → Protection tab) │ +└─────────────────────────────────────────────────────────────┘ + │ + ▼ HTMX/API calls +┌─────────────────────────────────────────────────────────────┐ +│ botserver (port 8088) │ +│ /api/v1/security/protection/* │ +└─────────────────────────────────────────────────────────────┘ + │ + ▼ sudo (via sudoers) +┌─────────────────────────────────────────────────────────────┐ +│ Host System (Linux) │ +│ ┌─────────┐ ┌─────────┐ ┌──────────┐ ┌─────────┐ │ +│ │ Lynis │ │RKHunter │ │Chkrootkit│ │Suricata │ │ +│ └─────────┘ └─────────┘ └──────────┘ └─────────┘ │ +│ ┌─────────┐ ┌─────────┐ │ +│ │ ClamAV │ │ LMD │ │ +│ └─────────┘ └─────────┘ │ +└─────────────────────────────────────────────────────────────┘ +``` + +### Tools Included + +| Tool | Purpose | Type | +|------|---------|------| +| **Lynis** | Security auditing and hardening | Audit | +| **RKHunter** | Rootkit detection | Scanner | +| **Chkrootkit** | Rootkit detection | Scanner | +| **Suricata** | Network intrusion detection/prevention | IDS/IPS | +| **ClamAV** | Antivirus scanning | Antivirus | +| **LMD** | Linux Malware Detect | Malware Scanner | + +## Installation + +### Requirements + +> **⚠️ IMPORTANT: Root Access Required** +> +> Unlike other botserver components that run in containers, Security Protection tools run on the **host system** and require **root privileges** for installation. + +The installation process: +1. Installs security packages via `apt-get` +2. Installs Linux Malware Detect (LMD) from source +3. Creates a sudoers configuration for runtime execution +4. Updates security databases + +### Install Command + +```bash +sudo botserver install protection +``` + +This command must be run as root (via `sudo`) because it: +- Installs system packages +- Writes to `/etc/sudoers.d/` +- Updates system security databases + +### What Gets Installed + +**Packages (via apt-get):** +- `lynis` - Security auditing tool +- `rkhunter` - Rootkit Hunter +- `chkrootkit` - Rootkit checker +- `suricata` - Network IDS/IPS +- `clamav` - Antivirus engine +- `clamav-daemon` - ClamAV daemon service + +**From Source:** +- Linux Malware Detect (LMD/maldetect) + +**Configuration:** +- `/etc/sudoers.d/gb-protection` - Allows botserver to execute security commands without password + +### Verify Installation + +Check the status of installed protection tools: + +```bash +botserver status protection +``` + +This shows: +- Which tools are installed +- Whether sudoers is properly configured +- Tool versions + +## Security Model + +### Why Root Access? + +Security tools need elevated privileges because they: +1. **Scan system files** - Access to `/etc`, `/var`, `/usr` requires root +2. **Manage services** - Starting/stopping Suricata/ClamAV requires systemctl +3. **Update databases** - Signature updates write to protected directories +4. **Detect rootkits** - Checking kernel modules and hidden processes needs root + +### Sudoers Configuration + +The installation creates `/etc/sudoers.d/gb-protection` with **exact command specifications** (no wildcards): + +```sudoers +# Lynis - security auditing +gbuser ALL=(ALL) NOPASSWD: /usr/bin/lynis audit system +gbuser ALL=(ALL) NOPASSWD: /usr/bin/lynis audit system --quick +gbuser ALL=(ALL) NOPASSWD: /usr/bin/lynis audit system --quick --no-colors +gbuser ALL=(ALL) NOPASSWD: /usr/bin/lynis audit system --no-colors + +# RKHunter - rootkit detection +gbuser ALL=(ALL) NOPASSWD: /usr/bin/rkhunter --check --skip-keypress +gbuser ALL=(ALL) NOPASSWD: /usr/bin/rkhunter --check --skip-keypress --report-warnings-only +gbuser ALL=(ALL) NOPASSWD: /usr/bin/rkhunter --update + +# Chkrootkit - rootkit detection +gbuser ALL=(ALL) NOPASSWD: /usr/bin/chkrootkit +gbuser ALL=(ALL) NOPASSWD: /usr/bin/chkrootkit -q + +# Suricata - IDS/IPS service management +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl start suricata +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop suricata +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart suricata +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl enable suricata +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl disable suricata +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl is-active suricata +gbuser ALL=(ALL) NOPASSWD: /usr/bin/suricata-update + +# ClamAV - antivirus service management +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl start clamav-daemon +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop clamav-daemon +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart clamav-daemon +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl enable clamav-daemon +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl disable clamav-daemon +gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl is-active clamav-daemon +gbuser ALL=(ALL) NOPASSWD: /usr/bin/freshclam + +# LMD - Linux Malware Detect +gbuser ALL=(ALL) NOPASSWD: /usr/local/sbin/maldet -a /home +gbuser ALL=(ALL) NOPASSWD: /usr/local/sbin/maldet -a /var/www +gbuser ALL=(ALL) NOPASSWD: /usr/local/sbin/maldet -a /tmp +gbuser ALL=(ALL) NOPASSWD: /usr/local/sbin/maldet --update-sigs +gbuser ALL=(ALL) NOPASSWD: /usr/local/sbin/maldet --update-ver +``` + +### Security Considerations + +**Why exact commands instead of wildcards?** + +Using wildcards (e.g., `lynis *`) would allow: +- Arbitrary argument injection +- Potential abuse if botserver is compromised +- Unintended command execution + +Exact commands ensure only predefined operations are allowed. + +## Usage + +### Via UI + +Access the Security Protection panel: +1. Navigate to **Tools → Security** +2. Select the **Protection** tab +3. Each tool card shows: + - Installation status + - Version + - Last scan time + - Available actions + +**Available Actions:** +- **Run Scan** - Execute the tool's scan +- **Start/Stop** - Manage services (Suricata, ClamAV) +- **Update** - Update signatures/databases +- **View Report** - See latest scan results + +### Via API + +All endpoints are under `/api/v1/security/protection/` + +**Get Status of All Tools:** +```http +GET /api/v1/security/protection/status +``` + +**Get Specific Tool Status:** +```http +GET /api/v1/security/protection/lynis/status +``` + +**Run a Scan:** +```http +POST /api/v1/security/protection/lynis/run +``` + +**Start/Stop Services:** +```http +POST /api/v1/security/protection/suricata/start +POST /api/v1/security/protection/suricata/stop +``` + +**Update Definitions:** +```http +POST /api/v1/security/protection/clamav/update +``` + +**Get Scan Report:** +```http +GET /api/v1/security/protection/rkhunter/report +``` + +## Tool Details + +### Lynis + +Security auditing tool that performs comprehensive system hardening assessments. + +**Scan Types:** +- Quick audit (`lynis audit system --quick`) +- Full audit (`lynis audit system`) + +**Output:** +- Hardening index (0-100) +- Warnings count +- Suggestions count +- Detailed findings + +**Report Location:** `/var/log/lynis-report.dat` + +### RKHunter + +Rootkit Hunter scans for rootkits, backdoors, and local exploits. + +**Features:** +- Rootkit signature detection +- File property checks +- Hidden process detection +- Network port analysis + +**Commands Available:** +- Scan: `rkhunter --check --skip-keypress` +- Update: `rkhunter --update` + +**Report Location:** `/var/log/rkhunter.log` + +### Chkrootkit + +Lightweight rootkit detection tool. + +**Checks For:** +- Known rootkit signatures +- Suspicious file modifications +- Hidden processes +- Network interfaces in promiscuous mode + +**Commands Available:** +- Quick scan: `chkrootkit -q` +- Standard scan: `chkrootkit` + +### Suricata + +Network Intrusion Detection/Prevention System (IDS/IPS). + +**Features:** +- Real-time traffic analysis +- Signature-based detection +- Protocol anomaly detection +- Rule-based alerting + +**Service Management:** +- Start/Stop/Restart via systemctl +- Rule updates via `suricata-update` + +**Log Location:** `/var/log/suricata/eve.json` + +### ClamAV + +Open-source antivirus engine. + +**Features:** +- Virus signature scanning +- Malware detection +- Automatic signature updates + +**Service Management:** +- `clamav-daemon` - Background scanning service +- `freshclam` - Signature updates + +### LMD (Linux Malware Detect) + +Malware scanner designed for shared hosting environments. + +**Features:** +- PHP malware detection +- Backdoor/shell detection +- Quarantine functionality + +**Scan Paths Allowed:** +- `/home` +- `/var/www` +- `/tmp` + +**Commands Available:** +- Scan: `maldet -a ` +- Update signatures: `maldet --update-sigs` +- Update version: `maldet --update-ver` + +## Troubleshooting + +### Installation Fails + +**Symptom:** `apt-get install` errors + +**Solutions:** +1. Update package lists: `sudo apt-get update` +2. Check disk space: `df -h` +3. Verify internet connectivity +4. Check for conflicting packages + +### Permission Denied at Runtime + +**Symptom:** Security scans fail with permission errors + +**Solutions:** +1. Verify sudoers file exists: `ls -la /etc/sudoers.d/gb-protection` +2. Check sudoers syntax: `sudo visudo -c -f /etc/sudoers.d/gb-protection` +3. Verify file permissions: should be `0440` +4. Reinstall: `sudo botserver install protection` + +### Service Won't Start + +**Symptom:** Suricata or ClamAV fails to start + +**Solutions:** +1. Check service status: `systemctl status suricata` +2. View logs: `journalctl -u suricata` +3. Verify configuration files exist +4. Check for port conflicts + +### Outdated Signatures + +**Symptom:** Scans report "database outdated" + +**Solutions:** +1. Run update via UI or API +2. Manually update: + - ClamAV: `sudo freshclam` + - RKHunter: `sudo rkhunter --update` + - Suricata: `sudo suricata-update` + - LMD: `sudo maldet --update-sigs` + +## Uninstallation + +### Remove Sudoers Configuration + +```bash +sudo botserver remove protection +``` + +This removes the sudoers file but **does not uninstall packages**. + +### Full Removal (Manual) + +To completely remove protection tools: + +```bash +# Remove sudoers +sudo botserver remove protection + +# Remove packages +sudo apt-get remove --purge lynis rkhunter chkrootkit suricata clamav clamav-daemon + +# Remove LMD +sudo rm -rf /usr/local/maldetect +sudo rm /usr/local/sbin/maldet +``` + +## Best Practices + +1. **Schedule Regular Scans** - Use auto-scan features or cron jobs +2. **Keep Signatures Updated** - Enable auto-update for all tools +3. **Review Reports** - Don't just run scans; analyze the results +4. **Act on Findings** - High/Critical findings need immediate attention +5. **Monitor Suricata Alerts** - Network threats require quick response +6. **Backup Before Quarantine** - LMD quarantine moves files; ensure backups exist + +## Related Documentation + +- [RBAC & Security Design](./rbac-design.md) +- [SOC 2 Compliance](./soc2-compliance.md) +- [Security Matrix Reference](./security-matrix.md) \ No newline at end of file diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 6e301e1b..8ccc5304 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -73,6 +73,10 @@ - [Player - Media Viewer](./04-gbui/apps/player.md) - [Paper - AI Writing](./04-gbui/apps/paper.md) - [Research - AI Search](./04-gbui/apps/research.md) + - [CRM - Sales Pipeline](./04-gbui/apps/crm.md) + - [Billing - Invoices & Payments](./04-gbui/apps/billing.md) + - [Products - Catalog Management](./04-gbui/apps/products.md) + - [Tickets - Support Cases](./04-gbui/apps/tickets.md) - [Analytics - Dashboards](./04-gbui/apps/analytics.md) - [Dashboards - Custom BI](./04-gbui/apps/dashboards.md) - [Designer - Visual Builder](./04-gbui/apps/designer.md) @@ -343,6 +347,7 @@ - [Organization Multi-Tenancy](./23-security/organizations.md) - [Knowledge Base Permissions](./23-security/kb-permissions.md) - [Knowledge Base Security](./23-security/kb-security.md) + - [Protection Tools](./23-security/protection-tools.md) - [SOC 2 Compliance](./23-security/soc2-compliance.md) - [Security Matrix Reference](./23-security/security-matrix.md)