Security Analytics System (CyberSOC Dashboard)

---

🔹 Project Overview

The Security Analytics System is a mini SOC (Security Operations Center) style dashboard that demonstrates how cybersecurity systems monitor, analyze, and detect threats in real time.

It reads authentication logs, detects suspicious activity like brute-force attacks, performs risk scoring, tracks repeat offenders (threat intelligence), and even applies ML/Transformer-based anomaly detection to identify unusual patterns.

The system provides a professional, cyberpunk-themed dashboard to visualize all alerts and risk levels dynamically.

---

🔹 Key Features

• Log Parsing: Reads structured or unstructured authentication logs.
• Rule-Based Detection: Detects brute-force attacks and other suspicious behavior based on thresholds.
• Risk Scoring: Assigns severity to threats (HIGH / MEDIUM / LOW) for prioritization.
• Threat Intelligence: Tracks repeat offenders and counts how many times each IP triggered alerts.
• ML/Transformer Anomaly Detection: Flags unusual login patterns using embeddings and Isolation Forest.
• Live Dashboard: Interactive web interface using Flask and Bootstrap with auto-refresh.
• Cyberpunk UI: Dark theme, neon highlights, hover effects, professional look.

---

🔹 Tech Stack

• Backend: Python, Flask
• Machine Learning: Transformers (DistilBERT), scikit-learn (Isolation Forest)
• Frontend: HTML, CSS, Bootstrap 5, JavaScript
• Environment: Python virtual environment (venv)
• Optional: SQLite or JSON for persistence

---

🔹 System Architecture

          ┌─────────────────────┐
          │   sample_logs.log   │
          └─────────┬──────────┘
                    │
             ┌──────▼───────┐
             │ Log Parser    │
             └──────┬───────┘
                    │
      ┌─────────────▼─────────────┐
      │ Rule-Based Detection       │
      │ - Brute Force              │
      │ - Failed Login Threshold   │
      └─────────────┬─────────────┘
                    │
       ┌────────────▼─────────────┐
       │ Threat Intelligence      │
       │ - Track repeat offenders │
       └────────────┬────────────┘
                    │
       ┌────────────▼─────────────┐
       │ ML / Transformer Module  │
       │ - Anomaly Detection      │
       └────────────┬────────────┘
                    │
            ┌───────▼─────────┐
            │ Flask Dashboard │
            │ - Alerts Table  │
            │ - Risk Levels   │
            └─────────────────┘

---

## Installation
1. Clone repo:
```bash
    git clone https://github.com/yourusername/security-analytics-system.git
    cd security-analytics-system
2.Create & activate venv:
    python -m venv venv
    venv\Scripts\Activate
3.Install dependencies:
    pip install -r requirements.txt
4.Run Flask app:
    python app/main.py
5.Open browser: http://127.0.0.1:5000/

## 🔹 Usage

- Dashboard auto-refreshes every 5 seconds.  
- **Threat Types:** Brute Force, Anomalous Log Detected  
- **Risk Levels:** Displayed with neon badges  
  - HIGH → Red  
  - MEDIUM → Orange  
  - LOW → Green  
- **Threat Count:** Number of times an IP triggered alerts  
- **Note:** Demo uses sample IPs; system is fully scalable for thousands of logs.

## 🔹 Future Enhancements

- Real-time log streaming from servers or applications  
- Interactive charts to visualize threat trends over time  
- Database integration (SQLite/MySQL) for persistent threat tracking  
- Email or Slack notifications for HIGH-risk threats  
- Advanced ML models for predictive threat detection and anomaly scoring