PHOBOS-NET v1.2.0

[legato3]

PHOBOS-NET v1.2.0 — Public Release

This release marks the first public, production-ready version of PHOBOS-NET.

PHOBOS-NET is a read-only network observability platform designed to provide clear, truthful insight into network behavior without automation, enforcement, or alert noise.

⸻

Highlights

Clear Separation of Concepts
• System Health now reflects monitoring operability only
• Attacks, scans, and traffic anomalies no longer degrade health
• Clear distinction between:
• Health (is the monitoring stack working?)
• Alerts (actionable, persistent issues)
• Indicators (contextual signals)

Firewall Visibility (OPNsense)
• Dedicated parser for OPNsense filterlog
• Normalized firewall events (pass, block, reject)
• IPv4 and IPv6 support
• Optional secondary syslog stream (UDP 515) for non-filter events
• Firewall logs are observed, not interpreted

NetFlow Observation
• Flow-level visibility via nfdump
• Time-range aware queries (48h default)
• No deduplication, inference, or prioritization
• Flow counts remain factual and unaltered

SNMP Monitoring (Required)
• CPU, memory, and interface metrics
• Uses authoritative counters (ifTable / ifXTable)
• Explicit availability tracking
• Interface saturation hints without alert escalation

Alerts & Indicators
• Strict escalation logic (persistence required)
• Automatic resolution of stale alerts
• Indicators provide context without triggering alarms
• No alert storms on normal or hostile traffic

⸻

UI & UX Improvements
• Calm, truth-first dashboard design
• Explicit display of unavailable data (—)
• Reduced widget noise
• Improved mobile layout
• Sidebar and navigation refinements
• No dramatic state banners or misleading scores

⸻

Docker & Deployment
• Non-root container execution
• OCI-compliant Docker image
• Clear separation of static vs runtime data
• Environment-variable driven configuration
• Documented OPNsense setup (SNMP and Syslog)

Docker image:
legato3/phobos-net:1.2.0

⸻

Documentation & Open Source Readiness
• Public GitHub repository
• Aligned GitHub and Docker Hub READMEs
• CONTRIBUTING.md with clear contribution boundaries
• SECURITY.md for responsible disclosure
• OPNsense Quick Start and full configuration guide
• Release checklist included for maintainability

⸻

Design Philosophy (Unchanged)
• Observational, not reactive
• Truth over completeness
• Signals are not alerts
• Calm UX by default
• No automation, no enforcement

If data is unavailable, PHOBOS-NET shows UNKNOWN / — rather than guessing.

⸻

What’s Next (Intentionally Modest)
Future work will focus on:
• Correlation and timelines without escalation
• Historical context and trends
• UI clarity improvements
• Documentation refinements

No automatic response or blocking features are planned.

---

This discussion was created from the release PHOBOS-NET v1.2.0.