Atropos
The Cutter of the Thread
Atropos is an automated remediation service. When Lachesis detects entropy above threshold, Atropos executes the "cut" - isolate, pause, or revert the offending node. It supports Docker, VirtualBox, and SSH-based actions with policy-driven escalation.
In Greek mythology, Atropos cut the thread of life, ending mortal existence. This Atropos cuts network tunnels and reverts snapshots.
Installation
go mod tidy
go buildUsage
# Start with default policy
./atropos
# Custom policy file
./atropos -policy /etc/atropos/policy.yaml
# Custom history directory
./atropos -history-dir /var/lib/atropos/history
# With HMAC secret (recommended)
ATROPOS_HMAC_SECRET=your-secret ./atroposDefault port is :8443
Key Features
Core Remediation
Execute cuts based on entropy thresholds with strategy escalation on failure.
History & Logging
Persistent cut history with gzip compression and configurable retention.
Trend Analysis
Success rates, MTTR calculation, problematic node identification.
Web Dashboard
Real-time stats, node metrics, dry-run testing interface.
Time Windows
Restrict cuts to specific hours (e.g., business hours only).
Notifications
Email and webhook alerts on cut execution.
Webhook Integration
Lachesis sends entropy alerts to Atropos via signed webhooks:
PAYLOAD='{"node":"athena","entropy":0.87}'
SIG=$(echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "your-secret" | cut -d' ' -f2)
curl -X POST http://localhost:8443/api/v1/cut \
-H "Content-Type: application/json" \
-H "X-Lachesis-Signature: sha256=$SIG" \
-d "$PAYLOAD"API Endpoints
| Endpoint | Description |
|---|---|
POST /api/v1/cut | Execute cut (requires HMAC) |
POST /api/v1/cut/dryrun | Simulate cut |
GET /api/v1/cuts/history | List all cuts |
GET /api/v1/stats | Global statistics |
GET /api/v1/trends | Trend analysis |
GET /api/v1/export/report.html | HTML report |
GET / | Web dashboard |
Clotho Correlation
Import Clotho audit reports to correlate failures with remediation:
# Import audit report
curl -X POST http://localhost:8443/api/v1/correlation/import \
-H "Content-Type: application/json" \
-d @clotho_audit_report.json
# Get correlations
curl http://localhost:8443/api/v1/correlation/athena?hours=24Response includes effectiveness percentage, resolved findings, and controls triggering most cuts.