builtbysardor/sentinel-soc

[](https://sentinel-soc-tau.vercel.app) ## 📸 Dashboard Preview ## ⚡ Key Features | Feature | Description | |---------|-------------| | 🕵️ **Intelligent Threat Detection** | SSH Brute-force · SQL Injection · Port Scanning · Privilege Escalation · DDoS | | 📡 **Reactive WebSocket Stream** | Instant log delivery with automatic reconnection logic | | 📊 **Advanced Analytics** | Attack type distribution charts + 12-minute activity heatmaps | | 🚫 **Auto-Blocking** | IPs scoring 85+ are automatically blacklisted | | 🎨 **Cyberpunk UI** | Dark glassmorphism interface with smooth micro-animations | | 📑 **JSON Export** | Export live log data for forensic analysis | | 🔁 **Auto-Reconnect** | WebSocket client auto-reconnects on disconnect | | 📋 **Threat Modal** | Deep-dive analysis panel for any suspicious event | ## 🛠️ Tech Stack | Component | Technology | Purpose | |-----------|-----------|---------| | **Backend** | FastAPI (Python) | High-concurrency API & detection logic | | **Real-time** | WebSockets | Low-latency bi-directional streaming | | **Frontend** | Vanilla JS / CSS3 | Modern UI without framework overhead | | **Detection** | Pattern Matching | Heuristic threat identification | | **Analytics** | Map-Reduce | Real-time statistical aggregation | ## 🛡️ Security Logic Threats are scored using a weighted mechanism: Score Range │ Classification │ Action ─────────────┼────────────────────────┼────────────────────── 0 – 30 │ Normal Traffic │ ✅ Log as INFO 40 – 70 │ Suspicious Activity │ ⚠️ Log as WARNING 80 – 100 │ High-Confidence Attack│ 🚨 CRITICAL + Auto-block (85+) **Detected Attack Types:** - 🔐 **SSH Brute-force** — multiple failed auth attempts from same IP - 💉 **SQL Injection** — malicious query patterns in request payloads - 🔍 **Port Scanning** — sequential port probe detection - ⬆️ **Privilege Escalation** — unauthorized sudo/root access attempts - 💥 **DDoS** — abnormal request rate from single source ## 🚀 Quick Start ### 1. Clone & Setup git clone https://github.com/builtbysardor/sentinellog-real-time-threat-detection.git cd sentinellog-real-time-threat-detection ### 2. Install Dependencies python3 -m venv venv source venv/bin/activate # Linux/macOS # venv\Scripts\activate # Windows pip install -r requirements.txt ### 3. Launch python3 main.py ## 📡 API Reference ### WebSocket | Endpoint | Description | |----------|-------------| | `WS /ws/logs` | Real-time bi-directional threat log stream | ### REST Endpoints | Method | Endpoint | Description | |--------|----------|-------------| | `GET` | `/api/logs` | Fetch most recent 200 security events | | `GET` | `/api/stats` | Global system telemetry snapshot | | `POST` | `/api/block/{ip}` | Manually blacklist a source IP | | `GET` | `/api/blocked` | List all currently blacklisted IPs | ## 📁 Project Structure sentinellog-real-time-threat-detection/ ├── main.py # 🚀 FastAPI app entry point ├── detector.py # 🔍 Threat pattern matching engine ├── websocket_manager.py # 📡 WebSocket connection manager ├── requirements.txt # 📦 Python dependencies ├── frontend/ │ ├── index.html # Dashboard UI │ ├── style.css # Cyberpunk glassmorphism theme │ └── app.js # WebSocket client & charts ├── screenshots/ │ ├── demo_video.webp # Live demo recording │ └── dashboard_main.png # Dashboard screenshot └── README.md ## 🔮 Roadmap - [ ] 🗄️ **Persistent storage** — SQLite/PostgreSQL event history - [ ] 📧 **Email alerts** — SMTP notifications for critical threats - [ ] 💬 **Telegram bot** — instant mobile threat notifications - [ ] 🌍 **GeoIP mapping** — visualize threat origins on world map - [ ] 🐳 **Docker support** — one-command containerized deployment - [ ] 📊 **ML detection** — scikit-learn anomaly detection model - [ ] 🔐 **Auth layer** — password-protected dashboard access - [ ] 📄 **PDF reports** — automated daily/weekly threat summaries ## 📄 License MIT License — see [LICENSE](LICENSE) for details.