The Security Analytics System is a mini SOC (Security Operations Center) style dashboard that demonstrates how cybersecurity systems monitor, analyze, and detect threats in real time.
It reads authentication logs, detects suspicious activity like brute-force attacks, performs risk scoring, tracks repeat offenders (threat intelligence), and even applies ML/Transformer-based anomaly detection to identify unusual patterns.
The system provides a professional, cyberpunk-themed dashboard to visualize all alerts and risk levels dynamically.
- Log Parsing: Reads structured or unstructured authentication logs.
- Rule-Based Detection: Detects brute-force attacks and other suspicious behavior based on thresholds.
- Risk Scoring: Assigns severity to threats (HIGH / MEDIUM / LOW) for prioritization.
- Threat Intelligence: Tracks repeat offenders and counts how many times each IP triggered alerts.
- ML/Transformer Anomaly Detection: Flags unusual login patterns using embeddings and Isolation Forest.
- Live Dashboard: Interactive web interface using Flask and Bootstrap with auto-refresh.
- Cyberpunk UI: Dark theme, neon highlights, hover effects, professional look.
- Backend: Python, Flask
- Machine Learning: Transformers (DistilBERT), scikit-learn (Isolation Forest)
- Frontend: HTML, CSS, Bootstrap 5, JavaScript
- Environment: Python virtual environment (
venv) - Optional: SQLite or JSON for persistence
┌─────────────────────┐
│ sample_logs.log │
└─────────┬──────────┘
│
┌──────▼───────┐
│ Log Parser │
└──────┬───────┘
│
┌─────────────▼─────────────┐
│ Rule-Based Detection │
│ - Brute Force │
│ - Failed Login Threshold │
└─────────────┬─────────────┘
│
┌────────────▼─────────────┐
│ Threat Intelligence │
│ - Track repeat offenders │
└────────────┬────────────┘
│
┌────────────▼─────────────┐
│ ML / Transformer Module │
│ - Anomaly Detection │
└────────────┬────────────┘
│
┌───────▼─────────┐
│ Flask Dashboard │
│ - Alerts Table │
│ - Risk Levels │
└─────────────────┘
---
## Installation
1. Clone repo:
```bash
git clone https://github.com/yourusername/security-analytics-system.git
cd security-analytics-system
2.Create & activate venv:
python -m venv venv
venv\Scripts\Activate
3.Install dependencies:
pip install -r requirements.txt
4.Run Flask app:
python app/main.py
5.Open browser: http://127.0.0.1:5000/
## 🔹 Usage
- Dashboard auto-refreshes every 5 seconds.
- **Threat Types:** Brute Force, Anomalous Log Detected
- **Risk Levels:** Displayed with neon badges
- HIGH → Red
- MEDIUM → Orange
- LOW → Green
- **Threat Count:** Number of times an IP triggered alerts
- **Note:** Demo uses sample IPs; system is fully scalable for thousands of logs.
## 🔹 Future Enhancements
- Real-time log streaming from servers or applications
- Interactive charts to visualize threat trends over time
- Database integration (SQLite/MySQL) for persistent threat tracking
- Email or Slack notifications for HIGH-risk threats
- Advanced ML models for predictive threat detection and anomaly scoring