Merge pull request #134 from wrhalpin/claude/create-gnat-admin-guide-BOSrp

Add GitHub Pages site and logo kit under site/

Author: wrhalpin

site/assets/css/style.css

@@ -0,0 +1,131 @@
+*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+
+:root {
+  --navy: #0F2044;
+  --navy2: #162952;
+  --steel: #1E4D8C;
+  --teal: #0891B2;
+  --mint: #A5F3FC;
+  --white: #FFFFFF;
+  --offwhite: #E8EFF8;
+  --muted: #94A3B8;
+  --charcoal: #1E293B;
+  --green: #10B981;
+  --amber: #F59E0B;
+  --red: #E63946;
+}
+
+html { scroll-behavior: smooth; }
+
+body {
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
+  background: var(--navy);
+  color: var(--offwhite);
+  line-height: 1.6;
+}
+
+a { color: var(--teal); text-decoration: none; }
+a:hover { color: var(--mint); }
+
+.container { max-width: 1100px; margin: 0 auto; padding: 0 24px; }
+
+/* ── Nav ─────────────────────────────────────── */
+nav {
+  position: sticky; top: 0; z-index: 100;
+  background: rgba(15, 32, 68, 0.95);
+  backdrop-filter: blur(12px);
+  border-bottom: 1px solid rgba(91, 147, 217, 0.15);
+  padding: 12px 0;
+}
+nav .container { display: flex; align-items: center; justify-content: space-between; }
+nav .brand { display: flex; align-items: center; gap: 10px; font-weight: 700; font-size: 18px; color: var(--white); }
+nav .brand img { height: 36px; border-radius: 6px; }
+nav ul { list-style: none; display: flex; gap: 24px; }
+nav ul a { color: var(--muted); font-size: 14px; font-weight: 500; }
+nav ul a:hover { color: var(--white); }
+
+/* ── Hero ────────────────────────────────────── */
+.hero {
+  text-align: center;
+  padding: 80px 0 60px;
+  background: linear-gradient(180deg, var(--navy) 0%, var(--navy2) 100%);
+}
+.hero img { width: 220px; margin-bottom: 24px; border-radius: 16px; }
+.hero h1 { font-size: 48px; color: var(--white); margin-bottom: 8px; }
+.hero .tagline { font-size: 20px; color: var(--mint); font-style: italic; margin-bottom: 12px; }
+.hero .subtitle { font-size: 15px; color: var(--muted); margin-bottom: 32px; }
+.hero .badges { display: flex; gap: 12px; justify-content: center; flex-wrap: wrap; }
+.badge {
+  display: inline-block; padding: 6px 16px; border-radius: 20px; font-size: 13px; font-weight: 600;
+  background: var(--navy2); border: 1px solid rgba(91, 147, 217, 0.3);
+}
+.badge.teal { border-color: var(--teal); color: var(--teal); }
+.badge.green { border-color: var(--green); color: var(--green); }
+.badge.amber { border-color: var(--amber); color: var(--amber); }
+
+/* ── Sections ────────────────────────────────── */
+section { padding: 64px 0; }
+section:nth-child(even) { background: var(--navy2); }
+section h2 { font-size: 28px; color: var(--white); margin-bottom: 32px; text-align: center; }
+
+/* ── Stats bar ───────────────────────────────── */
+.stats {
+  display: grid; grid-template-columns: repeat(auto-fit, minmax(160px, 1fr));
+  gap: 16px; padding: 40px 0;
+}
+.stat {
+  text-align: center; padding: 24px 16px;
+  background: var(--navy2); border-radius: 12px;
+  border: 1px solid rgba(91, 147, 217, 0.15);
+}
+.stat .number { font-size: 36px; font-weight: 800; color: var(--teal); }
+.stat .label { font-size: 12px; color: var(--muted); text-transform: uppercase; letter-spacing: 1px; margin-top: 4px; }
+
+/* ── Feature cards ───────────────────────────── */
+.features {
+  display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
+  gap: 20px;
+}
+.card {
+  background: var(--navy); border-radius: 12px; padding: 28px;
+  border: 1px solid rgba(91, 147, 217, 0.12);
+  transition: border-color 0.2s;
+}
+.card:hover { border-color: var(--teal); }
+.card h3 { font-size: 17px; color: var(--white); margin-bottom: 8px; }
+.card p { font-size: 14px; color: var(--muted); }
+
+/* ── Install ─────────────────────────────────── */
+.install-block {
+  background: var(--charcoal); border-radius: 10px; padding: 20px 24px;
+  font-family: "SF Mono", "Fira Code", "Consolas", monospace; font-size: 14px;
+  color: var(--mint); overflow-x: auto; margin-top: 16px; max-width: 600px;
+  margin-left: auto; margin-right: auto;
+}
+
+/* ── Platform grid ───────────────────────────── */
+.platforms {
+  display: grid; grid-template-columns: repeat(auto-fill, minmax(200px, 1fr));
+  gap: 8px;
+}
+.platforms span {
+  font-size: 13px; color: var(--muted); padding: 8px 12px;
+  background: var(--navy); border-radius: 6px;
+  border: 1px solid rgba(91, 147, 217, 0.08);
+}
+
+/* ── Footer ──────────────────────────────────── */
+footer {
+  padding: 40px 0; text-align: center;
+  border-top: 1px solid rgba(91, 147, 217, 0.15);
+  font-size: 13px; color: var(--muted);
+}
+footer a { color: var(--teal); }
+
+/* ── Responsive ──────────────────────────────── */
+@media (max-width: 640px) {
+  .hero h1 { font-size: 32px; }
+  .hero img { width: 160px; }
+  nav ul { gap: 12px; }
+  .stats { grid-template-columns: repeat(2, 1fr); }
+}

site/assets/images/apple-touch-icon.png

@@ -0,0 +1,161 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>GNAT — Python Cyber Threat Intel Made Simple</title>
+  <meta name="description" content="GNAT (GNAT's Not A TIP) — A production-ready Python library for unified cyber threat intelligence across 159 platforms with STIX 2.1 ORM, AI agents, and detection rule translation.">
+  <meta property="og:title" content="GNAT — Python Cyber Threat Intel Made Simple">
+  <meta property="og:description" content="One library. Every platform. Total control. 159 connectors, STIX 2.1 ORM, AI agents, HuntGNAT detection rules, campaign tracking, and telemetry ingestion.">
+  <meta property="og:image" content="assets/images/og-image.png">
+  <meta property="og:type" content="website">
+  <link rel="icon" href="assets/images/favicon.ico">
+  <link rel="apple-touch-icon" href="assets/images/apple-touch-icon.png">
+  <link rel="stylesheet" href="assets/css/style.css">
+</head>
+<body>
+
+<!-- Nav -->
+<nav>
+  <div class="container">
+    <a href="#" class="brand">
+      <img src="assets/images/gnat-logo-64.png" alt="GNAT Logo">
+      GNAT
+    </a>
+    <ul>
+      <li><a href="#features">Features</a></li>
+      <li><a href="#platforms">Platforms</a></li>
+      <li><a href="#install">Install</a></li>
+      <li><a href="https://github.com/wrhalpin/gnat">GitHub</a></li>
+    </ul>
+  </div>
+</nav>
+
+<!-- Hero -->
+<section class="hero">
+  <div class="container">
+    <img src="assets/images/gnat-logo-full.png" alt="GNAT Mascot">
+    <h1>GNAT</h1>
+    <p class="tagline">One library. Every platform. Total control.</p>
+    <p class="subtitle">Python Cyber Threat Intel Made Simple</p>
+    <div class="badges">
+      <span class="badge teal">159 Connectors</span>
+      <span class="badge green">5,100+ Tests</span>
+      <span class="badge teal">STIX 2.1</span>
+      <span class="badge amber">Python 3.9+</span>
+      <span class="badge teal">Apache 2.0</span>
+    </div>
+  </div>
+</section>
+
+<!-- Stats -->
+<section>
+  <div class="container">
+    <div class="stats">
+      <div class="stat"><div class="number">159</div><div class="label">Platform Connectors</div></div>
+      <div class="stat"><div class="number">5,100+</div><div class="label">Unit Tests</div></div>
+      <div class="stat"><div class="number">55</div><div class="label">Architecture Decision Records</div></div>
+      <div class="stat"><div class="number">15</div><div class="label">Ingest Readers</div></div>
+      <div class="stat"><div class="number">26</div><div class="label">Rule Engine Helpers</div></div>
+      <div class="stat"><div class="number">4</div><div class="label">Detection Rule Translators</div></div>
+    </div>
+  </div>
+</section>
+
+<!-- Features -->
+<section id="features">
+  <div class="container">
+    <h2>Key Capabilities</h2>
+    <div class="features">
+      <div class="card">
+        <h3>159 Platform Connectors</h3>
+        <p>Uniform CRUD + bidirectional STIX 2.1 translation. ThreatQ, CrowdStrike, Splunk, Sentinel, MISP, VirusTotal, Mandiant, and 152 more.</p>
+      </div>
+      <div class="card">
+        <h3>STIX 2.1 ORM</h3>
+        <p>Property-bag ORM for Indicators, ThreatActors, Malware, Vulnerabilities, Campaigns, AttackPatterns, Relationships, and Observables.</p>
+      </div>
+      <div class="card">
+        <h3>HuntGNAT Detection Rules</h3>
+        <p>Translate STIX patterns to Sigma, YARA, Suricata, and Snort rules. Hunt packages, ATT&amp;CK coverage matrix, deployment drift detection.</p>
+      </div>
+      <div class="card">
+        <h3>Attribution &amp; Campaigns</h3>
+        <p>Diamond Model, kill-chain progression, competing hypotheses with Admiralty Scale scoring, actor profiles, cluster-to-campaign promotion.</p>
+      </div>
+      <div class="card">
+        <h3>Analysis Rule Engine</h3>
+        <p>Hy/Lisp declarative rules for automated hypothesis evaluation. 26 helpers, audit trail, AI-60 confidence ceiling, priority first-match.</p>
+      </div>
+      <div class="card">
+        <h3>Telemetry Ingestion</h3>
+        <p>Kafka consumer for honeypot, netflow, IDS, and DNS sensor data. Redis dedup, automatic campaign linking, severity gating.</p>
+      </div>
+      <div class="card">
+        <h3>AI Agents</h3>
+        <p>Unified LLMClient (Claude, OpenAI, Grok, Gemini). ResearchAgent, ParsingAgent, quality and security sub-agents.</p>
+      </div>
+      <div class="card">
+        <h3>Investigation Builder</h3>
+        <p>Five-step cross-platform evidence graph: seed &rarr; expand &rarr; normalise &rarr; correlate &rarr; materialise. Infrastructure role classification.</p>
+      </div>
+      <div class="card">
+        <h3>Reports &amp; Dissemination</h3>
+        <p>PDF, DOCX, HTML, Markdown. TAXII 2.1 server, webhook fan-out with HMAC signing, STIX bundle export.</p>
+      </div>
+    </div>
+  </div>
+</section>
+
+<!-- Platforms -->
+<section id="platforms">
+  <div class="container">
+    <h2>159 Supported Platforms</h2>
+    <div class="platforms">
+      <span>ThreatQ</span><span>CrowdStrike</span><span>Splunk</span><span>Sentinel</span>
+      <span>VirusTotal</span><span>Mandiant</span><span>MISP</span><span>OpenCTI</span>
+      <span>Elastic SIEM</span><span>QRadar</span><span>Cortex XDR</span><span>SentinelOne</span>
+      <span>Palo Alto XSOAR</span><span>Wiz</span><span>Orca Security</span><span>Okta</span>
+      <span>Entra ID</span><span>CrowdStrike</span><span>Recorded Future</span><span>AlienVault OTX</span>
+      <span>Shodan</span><span>GreyNoise</span><span>Censys</span><span>Joe Sandbox</span>
+      <span>ANY.RUN</span><span>Hybrid Analysis</span><span>Cuckoo / CAPEv2</span><span>VMRay</span>
+      <span>Darktrace</span><span>Vectra AI</span><span>ExtraHop</span><span>Carbon Black</span>
+      <span>Proofpoint TAP</span><span>Mimecast</span><span>Abnormal Security</span><span>IRONSCALES</span>
+      <span>ServiceNow</span><span>Jira</span><span>TheHive</span><span>Velociraptor</span>
+      <span>HackerOne</span><span>Bugcrowd</span><span>AbuseIPDB</span><span>MITRE ATT&amp;CK</span>
+      <span>CISA KEV</span><span>Dataminr</span><span>Flashpoint</span><span>Intel 471</span>
+      <span>+ 111 more...</span>
+    </div>
+  </div>
+</section>
+
+<!-- Install -->
+<section id="install">
+  <div class="container">
+    <h2>Get Started</h2>
+    <div class="install-block">
+      <div>pip install gnat</div>
+      <div style="color: var(--muted); margin-top: 12px;"># Optional extras</div>
+      <div>pip install "gnat[telemetry]"&nbsp;&nbsp;&nbsp;# Kafka + Redis</div>
+      <div>pip install "gnat[rules]"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# Hy rule engine</div>
+      <div>pip install "gnat[analysis]"&nbsp;&nbsp;&nbsp;&nbsp;# Campaign tracking</div>
+      <div>pip install "gnat[serve]"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# Web dashboard</div>
+      <div>pip install "gnat[all]"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# Everything</div>
+    </div>
+  </div>
+</section>
+
+<!-- Footer -->
+<footer>
+  <div class="container">
+    <p>GNAT &mdash; GNAT's Not A TIP &mdash; Version 1.5.0</p>
+    <p style="margin-top: 8px;">
+      <a href="https://github.com/wrhalpin/gnat">GitHub</a> &middot;
+      Apache License 2.0 &middot;
+      Python 3.9 &ndash; 3.13
+    </p>
+  </div>
+</footer>
+
+</body>
+</html>