From Components to Platform: Ensuring Resilmesh Works End-to-End

Modern cybersecurity systems are increasingly designed as modular ecosystems rather than monolithic tools. Detection engines, intelligence services, data aggregation layers, and mitigation mechanisms coexist within the same environment. However, their real value only emerges when they operate as a coordinated and validated platform.

Resilmesh adopts a structured, plane-based architecture to organize its cybersecurity capabilities. Each plane has a defined role, but the strength of the system lies in how these layers interact, exchange information, and support coherent end-to-end workflows, from data collection to automated mitigation.

Transforming architectural design into reliable operational behavior is therefore a key step in evolving from a collection of components to a fully integrated cybersecurity platform.

A Plane-Based Architecture with Complementary Responsibilities

Resilmesh is organized into four primary planes, each contributing to cyber situational awareness and operational resilience.

Aggregation and Collaboration Plane

This plane acts as the system’s data pre-processing and interoperability backbone. Components such as Vector, NATS, SLP Enrichment and the MISP Client enable:

  • Telemetry collection and transformation
  • Message brokering across distributed components
  • Indicator enrichment and normalization
  • Secure intelligence exchange

By ensuring that heterogeneous data sources are aggregated, normalized and forwarded correctly, this plane enables reliable upstream analysis.

However, connectivity alone is not sufficient. The integrity, consistency and timing of inter-component exchanges must be validated to ensure that downstream processes receive structured and actionable information.

Threat Awareness Plane

The Threat Awareness Plane focuses on real-time monitoring, anomaly detection and intelligence correlation. It incorporates components such as:

  • Wazuh (SIEM capabilities)
  • AI Correlation (AIC)
  • AI-Based Detector (AIBD)
  • Federated Learning Anomaly Detector (FLAD)
  • Robust Cyber Threat Intelligence (RCTI) including IoB and MISP Server
  • Threat Hunting and Forensics (THF)

This plane transforms processed telemetry into security-relevant insights. Detection outputs are propagated through structured channels so they can be contextualized and acted upon.

For the platform to function end-to-end, outputs generated here must remain consistent with the data models and expectations of the upper planes. Validation ensures that alerts are not only generated, but correctly interpreted and consumed by the rest of the system.

Situation Assessment Plane

Detection alone does not provide situational awareness. The Situation Assessment Plane evaluates risks in context, correlating asset information, service dependencies and network status.

It includes components such as:

  • CASM (Cyber Asset Attack Surface Management)
  • CSA (Critical Service Awareness)
  • ISIM (Infrastructure and Service Information Model)
  • NSE (Network Status Evaluation)
  • NDR (Network Detection and Response)
  • SACD (Situation and Network Awareness Consolidated Dashboard)

This plane consolidates technical findings into systemic understanding. It enables visualization of infrastructure relationships, risk aggregation and projection, and contextual interpretation of security events.

The quality of this contextual layer depends directly on the reliability of upstream data flows. Any inconsistency in aggregation or detection may propagate into incomplete situational views. Ensuring consistency across planes is therefore critical to maintaining coherent awareness.

Security Operations Plane

The Security Operations Plane closes the loop by orchestrating mitigation and response. It includes:

  • Mitigation Manager (MM)
  • Playbooks Tool (PT)
  • Workflow Orchestrator (WO)

This plane translates detection and assessment outputs into structured Courses of Action. Based on situational data, mitigation workflows can be selected and executed through predefined playbooks and orchestration mechanisms.

The integration between detection, assessment and mitigation is essential. Alerts must be correctly contextualized before triggering response workflows. Likewise, mitigation outcomes must feed back into the system to preserve situational consistency.

This closed feedback loop transforms Resilmesh from a monitoring solution into a coordinated security platform.

Ensuring Inter-Plane Interaction Works in Practice

While the architectural separation of planes provides clarity and scalability, operational effectiveness depends on validated inter-plane interaction.

End-to-end behavior requires:

  • Reliable propagation of telemetry and alerts.
  • Consistent data models between enrichment, detection and assessment.
  • Verified dependencies between detection outputs and mitigation workflows.
  • Predictable behavior under realistic operational constraints.

System-level validation focuses on confirming that the full chain, from aggregation to automated response, behaves coherently. Rather than validating components in isolation, the emphasis is on ensuring that information flows remain intact and meaningful across the entire architecture.

Deployment Automation as an Enabler of Platform Integrity

Beyond architectural interaction, operational readiness also depends on reproducible and reliable deployment.

Resilmesh introduces structured deployment automation mechanisms, including:

  • Plane-based modular repository organization.
  • Cascading Docker Compose execution.
  • Environment-specific deployment profiles (Domain, IT Domain, IoT Domain).
  • Centralized orchestration scripts.
  • Infrastructure-as-Code provisioning through Terraform for cloud environments.

This approach significantly reduces manual configuration effort and deployment time, while improving repeatability and minimizing human error. Automation plays a critical role in ensuring that the platform behaves consistently across environments. By aligning repository structure with the architectural planes and enabling controlled, environment-aware deployments, Resilmesh strengthens both integration coherence and operational stability.

Zero-touch provisioning and scripted configuration further reduce the probability of misconfiguration, supporting reliable end-to-end functionality.

From Architecture to Operational Confidence

Resilmesh demonstrates how a modular, plane-based cybersecurity architecture can evolve into a unified and deployable platform. Its value lies not only in advanced detection, intelligence or visualization capabilities, but in:

  • Coordinated inter-plane interaction
  • Structured validation of data flows
  • Automated and reproducible deployment
  • Integration of detection, assessment and mitigation into a continuous loop

By ensuring that components operate coherently across aggregation, threat awareness, situational assessment and security operations, Resilmesh moves beyond isolated innovation and toward practical, operational cyber situational awareness.

The transformation from components to platform is achieved not merely through architectural design, but through validated interaction, controlled orchestration and automation-driven consistency.

download the article below:

The Consortium

Coordinator: Technological University of the Shannon: Midlands Midwest (IE)

Partners: GMV Innovating Solutions (ES), Masaryk University (CZ), Silent Push Limited (IE), F6S Network Ireland Limited (IE), Joanneum Research (AT), University of Murcia  (ES), Jamk University of Applied Sciences (FI), Alias Robotics (ES), ALWA (IT),  Regional Government Of Murcia (ES), Center for Security Studies (EL), Montimage Eurl (FR), Royal Holloway, University of London (UK)

Resilmesh
Powered by  GDPR Cookie Compliance
Privacy Overview

TERMS OF USE - COOKIES POLICY - DATA PROTECTION POLICY

TERMS OF USE

The RESILMESH project website https://ResilMeshproject.eu/ is owned by the RESILMESH Consortium and managed by the Center for Security Studies (KEMEA), as a Consortium member.

RESILMESH is a research project that has received funding from the EU-funded HORIZON project under grant agreement no. 101119681. The project started on 1 October 2023 and is scheduled to end on 30 September 2026. The RESILMESH consortium consists of 11 leading partners in the area of cybersecurity defence and AI (7 academic institutions and 4 industrial partners) and 3 critical infrastructure operators.. The present website is part of the dissemination and communication activities undertaken by the RESILMESH consortium with the aim to successfully communicate its research outputs on a rather innovative topic to a wider public and facilitate the creation of synergies with interested stakeholders.

This website can provide all (hereafter referred to as ‘users’/‘visitors’) with information, participation, content delivery, or content collection services regarding the project RESILMESH, under the terms of use included in this document.

The website is the sole responsibility of the Parties of the Consortium and cannot be considered to reflect the views of the European Commission. The use/visit of this website and/or its services is provided under the unconditional acceptance of the terms of use described herein. Navigating through this website, staying on this website, creating links to it (URL) or to its files/services, and archiving/bookmarking it, constitute acceptance of its terms of use.

The use of the website must be conducted solely under legitimate purposes and in a manner that does not restrict or impede its use by third parties. The user/visitor of this website is obligated to use it in accordance with the law and the present terms of use. The user/visitor of the website shall not commit any acts or omissions that may cause damage or malfunction and may adversely affect or endanger the provision of services provided through the website to citizens.

The content of the website, including (indicatively and not exhaustively) texts, graphics, images, videos, sounds, services, etc. (hereafter referred to as ‘Content’) is legally protected under the applicable Intellectual Property Rights legal framework and we reserve all rights of use and ownership of the Content, all copies created based on it, as well as all intellectual property rights and all other property rights pertaining to it.

We make reasonable efforts to ensure that the information and content that appears on the website is as accurate, true and up-to-date as possible. It also provides the content (e.g., information, names, photographs, pictures, images, data, etc.) and the services made available through the website ‘AS IS’. Under no circumstances, can we be held liable for any legal claims, civil or criminal, or damages of any kind (direct loss, special damage, or indirect loss) to the user/visitor of this website.

The website may contain links to third-party websites for the sole purpose of providing information to the user/visitor. The referral to links belonging to third-party websites does not constitute an endorsement of their views and actions or the acceptance of the content they express, publish or post. Third-parties – owners of the websites/responsible under the law – are solely responsible for the content of their websites or for any damage that may result from their use when the user / visitor of the Website gains access to them.

We make all efforts to ensure the proper function of our network but we do not guarantee that our server operations will be uninterrupted or error-free, free from viruses, malicious software or other similar elements.

The terms and conditions of use of this website, as well as any amendment thereof, are governed by and supplemented by the applicable national and European law and the applicable international treaties. Any provision of these terms which is found to be against the above legal framework or is rendered invalid ceases to be valid and enforceable and shall be withdrawn from the present terms, without in any way undermining the validity of the remaining terms.

The terms and conditions of use of this website constitute the overall agreement between the Consortium and the users/visitors of its webpages and services and bind solely them. No modification of the terms of use is taken into account and is part of this agreement, unless it is expressed in writing and is incorporated in the present Terms of Use. Unless otherwise stated on this website, the above terms of use are immediately applicable in their entirety. We unilaterally reserve the right to modify, add, alter the content or services of the Website and its terms of use, whenever it deems necessary, without prior notice, through this website, always within the legal framework in force.

You may access the website https://ResilMeshproject.eu/ without having to disclose any data about your person. Nevertheless, the installed browser on your device sends automatically information to the server of the RESILMESH website, including information about your browser type and version, as well as the date and time of access, so as to establish a connection and permit your access to the website.

COOKIES POLICY

We use cookies and analytics services to maintain and monitor the performance of the RESILMESH website and to optimize our services, as well as to receive aggregate data that we can use in our dissemination reports for the European Commission.

Cookies are data files that are transferred from a web server to the Website visitor’s computer, in order to keep statistics and to provide the best experience to the visitor – strictly necessary and functional cookies. Cookies are an industry standard used by most websites to facilitate the user’s repeated access to a website and its use through the personalisation of the service provided as they can store the personal choices of the user. Cookies are not harmful to the user’s computer system or its files, and apart from the user himself/herself/themselves, only the website from which a particular cookie has been transferred to his or her or their computer can read, modify it or delete it.

If the user/visitor does not wish his or her or their information to be collected through cookies, he or she can use the “reject” option on banner. It should be noted, however, that discarding cookies may result in making it more difficult or impossible to use certain parts of the Website, and/or that there is a change in its intended appearance and operation, as a permanent connection will be required. At all events, the user/visitor can manage the collection of any cookies through the website’s settings.

We shall contain such data in hardcopy and electronic files and/or databases in full compliance with data protection legislation, including security and confidentiality requirements based on the principles of good practice, proportionality and transparency regarding processing.

The RESILMESH website will use the Matomo for WordPress plugin. Matomo is an open-source web analytics platform. A web analytics platform is used by KEMEA (the website owner), in order to measure, collect, analyse and report visitor’s data for dissemination and reporting of the project purposes. For more information, we advise you to visit: https://matomo.org/ . Matomo settings are customized, so that the visitor’s IP address is anonymized.User ID tracking and content tracking are disabled. We have also disabled first -party analytics cookies and all third-party cookies . Essential non-analytics cookies may be created, for which you will be asked to consent. You may choose to prevent this website from aggregating and analysing the actions you take here. For that reason, you will be asked whether you opt-in or out of tracking.

Please, note that you will be asked to consent on the use and storage of cookies and/or trackers.

DATA PROTECTION POLICY

The present data protection policy clarifies in a layered manner the processing of personal information of visitors of the RESILMESH project website. The data processing on the RESILMESH website is pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation), Greek Law 4624/2019 on the protection of personal data and any other applicable law.

  1. Data Controller

The Data Controller is the Center for Security Studies (KEMEA) with offices in Athens, at P. Kanellopoulou str., 4, 10177 Greece. The Data Controller can be contacted by writing to the address above or by sending an e-mail message to kemea@kemea.gr , or by calling at Telephone: +30 2107710805 or sending a Fax at Fax number:  +30 211 100 4499.

  1. Data Protection Officer (DPO)

KEMEA’s Data Protection Officer may be reached at dpo@kemea-research.gr in case you have any question about the processing of your data when using the RESILMESH website or you wish to exercise any of your rights as a data subject.

  1. Types of personal of personal data to be processed:
  • When visiting the RESILMESH website

The IT systems and applications designated for the operation of this Website detect, during the course of their ordinary operation, certain data – the transmission of which is implicit in the use of Internet communication protocols – not associated with directly identifiable users.

The data collected may include cookies, IP addresses of computers used by users connecting to the site, the URI – Uniform Resource Identifier – addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (completed successfully, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

  • When filing a question/request via our contact form

Other personal data collected are those provided by the user/visitor when corresponding with the e-mail addresses indicated on our website or when filling our online contact form or registering on the website (providing e.g., name, surname, username, password, e-mail address, institution/body etc.).

The sending of personal, non-mandatory data also by email on an optional, explicit and voluntary basis to the addresses indicated on this website means that the address of the sender is then acquired, this being necessary in order to respond to the request, together with any other personal data included in the message.

  1. Purposes of processing

The personal data of the user/visitor are processed for the following purposes:

  • communication for responding to any requests/questions submitted by the user/visitor,
  • security and proper functioning of the RESILMESH website,
  • dissemination of the RESILMESH project and its results, invitation to other relevant activities
  • compliance with legal or administrative obligations.
  1. Legal basis

The data processing takes place according to Article 6(1)(a) GDPR, your informed consent. You may withdraw your consent at any time with future effect, by sending an informal email to dpo@kemea-research.gr. We may also process personal data based on Article6(1)(c) GDPR, when the processing is necessary for our compliance with a legal obligation.

  1. Data recipients

Data recipients of:

  • Information that the Consortium is obligated or entitled by law, contract, judgement and regulatory decision to notify may be: public and independent administrative authorities, judicial authorities and public officials.
  • All the information necessary for the achievement of each specific purpose: the Administration and the relevant services of KEMEA and the RESILMESH

KEMEA and the RESILMESH Consortium shall not disclose, assign, exchange, grant or otherwise dispose, without the consent of the user/visitor, to third parties, natural or legal persons, personal data other than the cases mentioned above within the scope of national laws provisions and the General Data Protection Regulation.

  1. Data transfer

No transfer to non- EU countries/ international organizations is foreseen.

  1. Rights of the data subject

You have the following rights:

  • pursuant to Article 7(3) GDPR, you have the right to withdraw your consent at any time and without any consequences for you. This means that in future we may no longer continue to process the data if the processing is based on this consent;
  • pursuant to Article 13 ,14 and  15 GDPR, you have the right to obtain information about whether your personal data are processed by us and where that is the case, access to those personal data. In particular, you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information : the purpose of processing, the categories of the personal data, the categories of recipients, to whom your data has been or is disclosed to, the storage period planned, the existence of a right to request from the controller rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint and the source of your data if it has not been collected by us. Pursuant to Article 12 GDPR, we must provide any communication relating to the processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
  • pursuant to Article 15 GDPR, and in case your personal data are processed by us, you have the right to access those personal data.
  • pursuant to Article 16 GDPR, you have the right to obtain the rectification of inaccurate personal data without undue delay or the completion of your personal data stored with us;
  • pursuant to Article 17 GDPR, you have the right to obtain the erasure of your personal data stored with us without undue delay, unless processing is necessary to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or to establish, exercise or defend legal claims;
  • pursuant to Article 18 GDPR, you have the right to request the restriction of the processing of your personal data under the conditions set by the applicable laws;
  • pursuant to Article 20 GDPR, you have the right to receive your personal data, in a structured, commonly used and machine-readable format or to obtain the transmission to another data controller (right to data portability);
  • pursuant to Article 77 GDPR, to lodge a complaint with a national supervisory authority. You can contact the supervisory authority of your habitual residence or workplace or our company headquarters. In the latter case, you can file a complaint with the Hellenic Data Protection Authority (gr)

If you wish to exercise any of your rights, you may contact us via e-mail at dpo@kemea-research.gr.

  1. Data retention

Your personal data is retained only for as long as it is necessary to fulfill the purposes described above, and they will be retained until 02 February 2031 (22/02/2031) as a maximum, unless a longer retention period is required by legal obligations or regulations.

  • Data security

Your personal data are processed by electronic means in compliance with the provisions of Article 32 of GDPR 2016/679, national law and in compliance with the principles of data’s confidentiality, integrity, and availability. Your personal data are transferred in an encoded manner using the widely used and secure TLS (Transport Layer Security) encryption standard. You will recognize a secure TLS connection by the additional “s” after “http” (i.e., https://..) in the address bar of your browser or from the lock icon. Moreover, we use suitable technical and organizational measures, which are being continuously enhanced, to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties.

  1. Amendments to this Data Protection Policy

This data protection policy is effective as of April 2023.

We keep our Data Protection Policy under regular review to make sure it is up to date and precise. Thus, it may become necessary to change it due to the potential addition of new features to the RESILMESH website or due to further legal requirements. You can have access to the latest data protection information on the RESILMESH website here.