Documentation / FAQ
Source-backed map of what is implemented today.
Website statements are tied to repository evidence in runtime, license factory, and packager projects.
Inspected Repositories
Inputs used for website alignment
NOXA runtime
../Noxa
Noxa-License-Factory
../Noxa-License-Factory
Noxa-Packager
../Noxa-Packager
Quick Audit
Gap analysis summary
This audit drives the current website structure and message boundaries.
Real product capabilities in repositories
Incident operations runtime for on-prem and offline-capable environments with SOC/CSIRT workflow controls.
Structured cyber domain coverage: incidents, assets, findings, evidence, remediation, timelines, and MITRE-aware workflows.
Runtime keeps strict verify-only trust behavior for licenses and signed bundles.
Runtime enforces license and product conformity locally (verify-only model).
Deployment paths are implemented for Compose, Kubernetes manifests, and Helm.
Runtime exposes admin diagnostics and audit endpoints for licensing and production guard checks.
Real trust and commercialization assets
License Factory issues detached signed artifacts: license.json + license.sig.
Packager produces customer bundles with signed product-manifest, signed bundle-manifest, checksums, and signed archive.
Inter-project contract and compatibility matrix are documented across repositories.
Support eligibility is tied to official signed artifacts and runtime conformity.
Legacy token paths are still supported for migration but are not the production target.
What the website needed to add or clarify
Shift wording from generic ticketing-first language to incident-centric cyber operations language.
Explain timeline, correlation, deduplication, and remediation workflows as first-class capabilities.
Keep implementation honesty with explicit implemented/partially in place/planned markers.
Preserve explicit split between runtime verification, factory signing, and packager signing.
Expose support posture limits (official artifacts required) without over-claiming.
Treat website as a mirror of repository truth, never as a parallel source of product reality.
Topic Navigation
Cross-links for deployment, operations, trust, and capacity
Deployment
Dedicated server, DNS/FQDN, reverse proxy, TLS, variants.
Deployment Profiles
Demo, single server, standard, hardened, air-gapped, AI-enabled.
System Requirements
Minimum/recommended/optimal, with and without local AI.
Performance & Capacity
Measured signals, validation scenarios, capacity planning philosophy.
Trust / Product Chain
Verify-only runtime, signed licenses, signed bundles/manifests, support conditions.
Operations
Deploy, backup, restore, upgrade, rollback, observability, exploitation.
Integrators
Role, installation, first-line support, trust-chain continuity.
Evidence Map
Repository references used by this website
Runtime
../Noxa/README.md
../Noxa/docs/product/product-vision.md
../Noxa/docs/product/editions-and-modules.md
../Noxa/docs/product/support-eligibility.md
../Noxa/docs/architecture/architecture-overview.md
../Noxa/docs/architecture/offline-operation.md
../Noxa/docs/architecture/licensing-and-bundle-verification.md
../Noxa/docs/data-model/incident-model.md
../Noxa/docs/data-model/data-normalization.md
../Noxa/docs/connectors/siem-connectors.md
../Noxa/docs/security/rbac-and-sensitive-data.md
../Noxa/docs/operations/mitre-integration.md
License Factory
../Noxa-License-Factory/README.md
../Noxa-License-Factory/docs/product/license-model.md
../Noxa-License-Factory/docs/product/edition-and-module-encoding.md
../Noxa-License-Factory/docs/architecture/offline-license-lifecycle.md
../Noxa-License-Factory/docs/architecture/runtime-compatibility-rules.md
../Noxa-License-Factory/docs/security/key-management-boundaries.md
../Noxa-License-Factory/docs/schemas/license-payload-schema.md
Packager
../Noxa-Packager/README.md
../Noxa-Packager/docs/product/official-bundle-generation.md
../Noxa-Packager/docs/product/edition-aware-packaging.md
../Noxa-Packager/docs/architecture/offline-delivery-model.md
../Noxa-Packager/docs/architecture/package-compatibility-rules.md
../Noxa-Packager/docs/schemas/bundle-manifest.md
../Noxa-Packager/docs/governance/external-ui-packaging-rules.md
Confirmed
Confirmed in code and docs
Official edition and module matrix is implemented and validated across runtime and packager.
Signed license, signed product-manifest, signed bundle-manifest, and signed archive workflows are implemented end-to-end.
Runtime includes diagnostics and production-guard checks for trust-state visibility.
Deployment and operations runbooks exist for Compose, Kubernetes, and Helm paths.
Integrator installation and exploitation guides are already available in runtime documentation.
Observability baseline is implemented with /metrics and structured JSON logs.
In Progress
Intentionally non-final topics
Public pricing and packaging catalog are not yet fixed as website constants.
Commercial support offers and legal terms are not exposed as public automation.
Public partner portal, public docs portal, and newsroom workflows are pending.
Public benchmark publication is not released yet; current website uses validation methodology wording.
Air-gapped profile hardening kits are handled as integrator projects, not a one-click public package.
Implemented vs Planned
Major topics status map
Each topic below distinguishes what is already implemented, what is partial, and what is planned.
Incident-centric operations model
Partially in placeImplemented: Cross-repo canonical docs now define incident-first positioning with explicit cyber data model terminology.
Partially in place: Runtime and website still include historical ticket-centric wording in some legacy surfaces.
Planned: Complete incident-first terminology convergence across remaining legacy docs and UI language.
Source: ../Noxa/docs/product/product-vision.md
Runtime trust enforcement (verify-only)
ImplementedImplemented: Runtime verifies signed license/manifests and enforces strict production guardrails.
Partially in place: Legacy token compatibility remains for migration windows.
Planned: Continue migration toward signed file-only target profiles.
Source: ../Noxa/docs/architecture/licensing-and-bundle-verification.md
Signed product trust chain (Factory + Packager)
ImplementedImplemented: Factory and Packager generate signed license, product-manifest, bundle-manifest, and archive artifacts.
Partially in place: Key rotation and governance still require operational discipline per environment.
Planned: Broader publication of partner-facing trust-chain tooling.
Source: ../Noxa-License-Factory/docs/architecture/runtime-compatibility-rules.md
Connector normalization and correlation depth
Partially in placeImplemented: Canonical connector and correlation architecture is documented with SIEM-above positioning.
Partially in place: Uniform depth across all connector families and explainable scoring branches is still maturing.
Planned: Expand packaged connector adapters and correlation explainability outputs.
Source: ../Noxa/docs/connectors/correlation-and-deduplication.md
Deployment topologies and operations
ImplementedImplemented: Compose/Kubernetes/Helm deployment plus backup/restore/upgrade/rollback runbooks are documented.
Partially in place: DNS/FQDN and reverse-proxy topology are integrator-defined per customer.
Planned: Additional profile-specific hardening templates can be published over time.
Source: ../Noxa/docs/deployment/deployment-profiles.md
Performance and capacity publication
Partially in placeImplemented: Observability metrics and baseline performance scenario scaffolds are available.
Partially in place: No public benchmark report with guaranteed throughput/latency figures yet, and CI trend automation is incomplete.
Planned: Publish validated scenario-based benchmark packs with persistent regression thresholds.
Source: ../Noxa/docs/performance-test-plan.md
Integrator program visibility
Partially in placeImplemented: Integrator installation/exploitation runbooks are present in runtime docs.
Partially in place: Public partner portal and packaged integrator program assets are not yet live.
Planned: Publish partner-facing assets when governance and support offers are finalized.
Source: ../Noxa/docs/governance/ecosystem-consistency-report.md
FAQ
Frequent questions
Does NOXA require an online license server in production?
No. Runtime verification is local and file-based with public keys and signed artifacts.
Which deployment models are implemented now?
Compose, Kubernetes manifests, and Helm are documented with unified install commands.
Does NOXA define DNS/FQDN and reverse-proxy policy itself?
Integrators define DNS, FQDN, static IP strategy, and reverse proxy policy for each client environment while keeping NOXA trust controls intact.
Are system sizing values benchmarked public numbers?
No. Sizing values are planning baselines for architecture workshops and must be validated in customer pre-production tests.
How are editions enforced?
Access checks require both runtime image edition and license entitlement alignment.
What does Packager deliver to integrators?
Signed manifests, signed archive, checksums, installation assets, and deployment-context support metadata.
What is still migration-only?
Legacy token and compatibility paths remain for migration, while signed file artifacts stay the production target (reevaluation before 2026-12-31).
Are public NOXA performance benchmarks available today?
As of 2026-04-04, repositories expose metrics and E2E trust-chain tests but do not publish a public throughput/latency benchmark report.