dannychukss/CodeAlpha_XDR_AI_CyberDefenseSuite

# CodeAlpha_XDR_AI_CyberDefenseSuite ## AI-Powered SOC Monitoring & Threat Intelligence Platform CodeAlpha_XDR_AI_CyberDefenseSuite is an advanced cybersecurity monitoring platform designed to simulate real-world Security Operations Center (SOC) workflows. This project captures live network traffic, analyzes packets in real time, detects suspicious activities using Machine Learning, integrates VirusTotal threat intelligence, performs GeoIP tracking, and displays everything on a live Flask dashboard. # Features ## Real-Time Packet Sniffing * Captures live network traffic using Scapy * Detects source and destination IPs * Detects TCP, UDP, and ICMP protocols ## Machine Learning Threat Detection Classifies traffic into: * Normal Traffic * Suspicious / DDoS-like Traffic * Malware/Botnet-like Traffic ## VirusTotal Threat Intelligence * Checks IP reputation using VirusTotal API * Flags known malicious IP addresses ## GeoIP Tracking * Detects country of source IP addresses * Displays geographic threat information ## Real-Time SOC Dashboard * Built with Flask and Flask-SocketIO * Displays live packets and threats in browser * Updates in real time ## Email Alert System Automatically sends alerts when: * Suspicious traffic is detected * DDoS activity is detected * Malicious IPs are identified ## DDoS Detection Engine * Detects high packet bursts from source IPs * Flags potential DDoS attacks ## CSV Logging * Saves captured traffic into packets.csv * Useful for analysis and future ML training # Technologies Used * Python * Flask * Flask-SocketIO * Scapy * Pandas * Scikit-Learn * GeoIP2 * VirusTotal API * Joblib * CSV Logging # Project Structure CodeAlpha_XDR_AI_CyberDefenseSuite/ │ ├── app.py ├── sniffer.py ├── ml_model.py ├── vt_checker.py ├── email_alert.py ├── packets.csv ├── traffic_model.pkl ├── requirements.txt │ ├── geoip/ │ └── GeoLite2-City.mmdb │ ├── templates/ │ └── dashboard.html │ └── static/ └── style.css # Installation ## Clone Repository git clone https://github.com/yourusername/CodeAlpha_XDR_AI_CyberDefenseSuite.git cd CodeAlpha_XDR_AI_CyberDefenseSuite # Install Dependencies pip install -r requirements.txt # Run ML Training python ml_model.py # Start Application python app.py # Open Dashboard http://127.0.0.1:5000 # Requirements Install required packages: pip install flask flask-socketio scapy pandas matplotlib scikit-learn psutil colorama geoip2 requests joblib # Future Improvements * Advanced SOC analytics dashboard * Attack visualization graphs * Login authentication system * Threat history database * Dark web intelligence integration * SIEM-style reporting * Advanced anomaly detection # Disclaimer This project is developed strictly for educational and cybersecurity learning purposes only. # Author Developed as part of the CodeAlpha Cyber Security Internship Program.