Skip to content

Ashlesh25-art/Sentinel-project

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
backend
backend
 
 
frontend
frontend
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

🛡️ Sentinel SOC: Real-Time SIEM & Threat Hunting Pipeline

A full-stack Security Information and Event Management (SIEM) system built to actively monitor system logs, detect brute-force attacks in real-time, and trigger automated alerts via Discord.

🚀 Overview

Sentinel SOC transforms a standard machine into an actively monitored environment. Instead of passively storing logs, this system utilizes a custom asynchronous Python threat-hunter to scan Windows Event Logs every 10 seconds. When malicious activity (such as Event ID 4625: Failed Logins) is detected, it acts as a SOAR (Security Orchestration, Automation, and Response) tool by instantly pinging administrators via Discord webhooks.

✨ Key Features

  • Real-Time Data Ingestion: Streams live OS-level data using Winlogbeat directly into a centralized database.
  • Automated Threat Hunting: A FastAPI background task continuously hunts for brute-force patterns and unauthorized access attempts.
  • Instant SOAR Alerting: Discord webhook integration ensures security administrators are notified immediately on their mobile devices.
  • Live Command Center: A React.js frontend dashboard to visualize the latest 50 security events as they happen.

🏗️ Architecture & Tech Stack

  1. The Spy (Data Collection): Winlogbeat silently monitors Windows Event Logs in the background.
  2. The Brain (Storage & Indexing): Elasticsearch securely stores and indexes thousands of logs for instant querying.
  3. The Intelligence (Backend API): Python 3, FastAPI, AsyncIO, Uvicorn handle the core logic and active threat hunting.
  4. The Command Center (Frontend): React.js (Vite) provides the live UI.
  5. The Response (Alerting): Discord API delivers the red-alert notifications.

🗺️ Future Enhancements (Roadmap)

  • Interactive Discord Bot: Allow admins to click a "Block IP" button in Discord that triggers a firewall rule via the Python backend.
  • Smart Alert Manager: Implement caching to group alerts and prevent "alert fatigue" during heavy automated attacks.
  • Sysmon Integration: Upgrade from standard Windows logs to Sysmon to detect advanced malware signatures and silent process injections.
  • Threat Intelligence (CTI): Integrate the VirusTotal API to automatically cross-reference attacking IP addresses with known global threat actors.

Built as a Capstone Engineering Project demonstrating full-stack development and cybersecurity operations.

About

A Real-Time Security Information and Event Management (SIEM) system with automated threat hunting and Discord alerting.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages