Skip to content

An artificial intelligence (AI) proof of concept (POC) to consume large amounts of Threat Intelligence, parse indicators within a given network environment and produce machine learning (ML) correlation events for a security operations centre (SOC) to analyse.

License

Notifications You must be signed in to change notification settings

BurnyMack/DeepWatch-AI

Repository files navigation

About

This project is a POC to create a central database that takes big data from several open source threat-intelligence systems, combine this data with homegrown threat intelligence and analyse them using AI to % match against a list of indicators observed from within a given environment. The system must then return an approximate match to a user that feeds an ML engine by rating the match accordingly.

Purpose

To provide cybersecurity teams the ability to create possible detections in the gaps of their security tool suite that are not able to be integrated, connecting these ecosystems and providing a threat intelligence capability to security systems that hold vast amounts of valuable datapoints that are unused.

Components

The system from a high level perspective is divided into the following components:

  • collectors- numerous crawlers of data feeds to consume data.
  • normaliser - normalisers ingest data from bots in real time and parse them into a SCHEMA.
  • analysers - consumes normalised data andcorrelates events and indicators using AI.
  • workers - shift data through workflows, read and write from databases, maintain and update the system.

Tech Stack

The systems tech stack likely changes as the POC progresses and capabilities and features are updated.

MongoDB

Compute (Digital Ocean Droplet)

DataFrames (NumPy, Pandas,)

Artificial Intelligence & ML (PyTorch)

Design

image

About

An artificial intelligence (AI) proof of concept (POC) to consume large amounts of Threat Intelligence, parse indicators within a given network environment and produce machine learning (ML) correlation events for a security operations centre (SOC) to analyse.

Topics

Resources

License

Stars

Watchers

Forks

Languages