Xhicko-Coud/acadthreat

``` # AcadThreat AcadThreat is a web-based Cyber Threat Intelligence dashboard designed for real-time monitoring, analysis, and visualization of cyber threats within academic network environments. The system helps security administrators collect threat intelligence, ingest network/security logs, detect suspicious activities, prioritize threats using severity scoring, and visualize security events through an interactive dashboard. --- ## 项目标题 **Web-Based Cyber Threat Intelligence Dashboard for Real-Time Monitoring of Academic Network Threats** --- ## 概述 Academic institutions operate open and highly connected digital environments used by students, staff, researchers, and external users. This openness increases exposure to cybersecurity threats such as phishing, brute-force attacks, malware, ransomware, suspicious login behavior, and malicious network traffic. AcadThreat provides a centralized monitoring platform that combines internal log analysis with external cyber threat intelligence indicators to improve threat visibility and decision-making. This project is built as an MVP for academic research and demonstration purposes. --- ## 核心特性 - Secure admin login - Protected dashboard access - Threat intelligence indicator management - Log ingestion and normalization - Threat correlation with known indicators of compromise - Rule-based anomaly detection - Threat severity scoring - Threat event management - Real-time dashboard overview - Threat trend visualization - Recent security activity feed - Simulated security logs for testing and demonstration --- ## 系统模块 ### 1. Platform Foundation & App Shell Provides the base application structure, admin layout, login route, global providers, navigation shell, and Convex connection. ### 2. Authentication & Access Control Handles secure admin login, session management, trusted internal user registration, and role-based access control. ### 3. Threat Intelligence Feed Sources Stores and manages threat intelligence sources such as AbuseIPDB, AlienVault OTX, URLHaus, PhishTank, and manual indicators. ### 4. Threat Indicator Repository Stores known malicious IP addresses, domains, URLs, and file hashes for later correlation with security logs. ### 5. Secure Log Ingestion Receives authentication logs, firewall logs, and web server logs through controlled ingestion endpoints. ### 6. Log Normalization Converts raw logs from different sources into a consistent event format for analysis. ### 7. Threat Correlation Engine Matches normalized events against known threat indicators to detect malicious activity. ### 8. Anomaly Detection Engine Detects suspicious activity patterns such as repeated failed logins, brute-force attempts, blocked traffic spikes, and suspicious web requests. ### 9. Severity Scoring Engine Assigns risk scores and severity levels to detected threats. ### 10. Threat Management Dashboard Displays detected threats, severity levels, statuses, related indicators, and investigation details. ### 11. Analytics & Visualization Provides charts, summaries, and trends for threat monitoring and decision support. ### 12. Simulation & Demo Data Generates sample logs and threat scenarios for development, testing, and academic demonstration. --- ## Tech Stack - **Frontend:** Next.js, React, TypeScript - **Styling:** Tailwind CSS - **UI Components:** Shadcn UI - **Backend/Data Layer:** Convex - **Authentication:** Better Auth with Convex integration - **Charts:** Recharts - **Icons:** Lucide React - **Deployment:** Vercel --- ## Planned Architecture ```txt Security Logs / Threat Feeds ↓ Log Ingestion ↓ Raw Log Storage ↓ Normalization ↓ Correlation + Anomaly Detection ↓ Severity Scoring ↓ Threat Events ↓ Dashboard Visualization ``` ## 安装 克隆仓库： ``` git clone https://github.com/YOUR_USERNAME/acadthreat.git ``` 进入项目文件夹： ``` cd acadthreat ``` 安装依赖： ``` npm install ``` 启动开发服务器： ``` npm run dev ``` 启动 Convex 开发服务器： ``` npx convex dev ``` ## 环境变量 在项目根目录创建 `.env.local` 文件。 ``` NEXT_PUBLIC_CONVEX_URL= BETTER_AUTH_SECRET= BETTER_AUTH_URL=http://localhost:3000 ``` 请勿将真实的密钥提交到 GitHub。 ## 开发命令 运行本地开发服务器： ``` npm run dev ``` 运行 TypeScript 检查： ``` npx tsc --noEmit ``` 运行 lint 检查： ``` npm run lint ``` 创建生产构建： ``` npm run build ``` ## 项目结构 ``` src/ app/ login/ (protected)/ admin/ dashboard/ components/ layout/ shared/ ui/ config/ lib/ convex/ schema.ts health.ts ``` ## 安全说明 本项目遵循安全第一的设计方法。 关键规则： * 不开放公开的用户注册 * 用户由受信任的管理员在内部创建 * 受保护的页面需要进行身份验证 * 敏感数据不得暴露给前端 * 绝不显示原始 token 和密钥 * 必须通过 Convex 函数强制执行后端授权 * 绝不提交环境密钥 ## MVP 范围 MVP 侧重于验证核心研究目标： * 收集和处理网络安全日志 * 管理威胁情报指标 * 检测可疑活动 * 对威胁严重程度进行评分 * 通过仪表板展示安全事件 * 使用模拟的学术网络日志演示监控功能 MVP 旨在替代完整的企业级 SIEM 系统。 ## 未来改进 * 与威胁情报 API 的实时集成 * 更高级的异常检测 * 基于机器学习的威胁预测 * 多机构支持 * 高级报告和导出工具 * 电子邮件/短信告警通知 * 事件响应工作流 * 审计日志仪表板 * 用户活动监控 ## 学术用途 本项目为一个学术网络安全系统提供研究和实现支持，该系统专注于改善大学和学术网络环境中的威胁监控。 它演示了如何将网络威胁情报、日志分析、异常检测、严重程度评分和仪表板可视化结合到一个统一的监控平台中。 ## 许可证 本项目仅供学术和教育用途。 ``` ```

标签：Convex, DNS 反向解析, HTTP/HTTPS抓包, IoC, IP 地址批量处理, MVP, RBAC, 严重性评分, 勒索软件防护, 基于规则的检测, 基于角色的访问控制, 失陷指标, 威胁分析, 威胁情报, 威胁评分, 学术网络, 安全事件管理, 安全仪表盘, 安全运营, 开发者工具, 异常检测, 态势感知, 恶意流量分析, 扫描框架, 日志摄取, 暴力破解防护, 校园网络安全, 登录安全, 网络安全, 自动化侦查工具, 自动化攻击, 身份与访问控制, 钓鱼攻击检测, 隐私保护