Proof pack

How to validate this portfolio (fast)

The point is that you can verify the claims with commands. This is what “auditable” looks like when nobody is hand-waving.

All counts on this page are Verified (reproducible today). "Total library" numbers are not shown.

Repo
raylee-ops/HawkinsOperations
Counts (source of truth)
PROOF_PACK/VERIFIED_COUNTS.md (generated by CI)
90-second validation path (Windows PowerShell)
  1. Clone the repo.
  2. Run scripts/verify/verify-counts.ps1 to reproduce the inventory counts.
  3. Optionally run the Wazuh bundle script and confirm output size/content.
Clone + verify counts (PowerShell)
git clone https://github.com/raylee-ops/HawkinsOperations
cd HawkinsOperations

# Reproduce inventory counts locally
pwsh -NoProfile -File .\scripts\verify\verify-counts.ps1
Build Wazuh bundle (optional)
# Produces local_rules.xml for deployment testing
pwsh -File .\scripts\build-wazuh-bundle.ps1
What those verified numbers should be (reproducible today)
  • 105 Sigma rules
  • 29 Wazuh rule blocks (25 XML files)
  • 8 Splunk SPL queries
  • 10 IR playbooks

These totals are documented in the repo’s release notes and verification artifacts.

Why crawlers used to show “0” (and why they don’t now)

The old build relied on client-side JS counters. If JS didn’t run (bots, locked-down browsers), the page rendered zeros. This site now renders numbers as plain HTML and only uses JS for optional UX (modals/copy buttons).