Mini-SIEM is a lightweight Security Information and Event Management demo platform that combines:
- Threat Feed Aggregation (Week 9)
- Simple Intrusion Detection (Week 5)
- Interactive Web Dashboard
- Sample-mode pipeline orchestration
- Aggregates threat intelligence from multiple feeds
- Exports live malicious IPs to the IDS
- Detects malicious activity using blocked IPs, blacklisted ports, and live threat intel
- Stores alerts in structured JSON
- Displays a modern dashboard with charts and recent alerts
- Lets users add blocked IPs and sample log lines from the web UI
- Runs the full pipeline from a single button
- Supports live packet capture with real-time monitoring
- Displays live network traffic in dashboard (Live Capture Activity)
- Uses both local and API-based threat intelligence
- Captured packets are stored in: IDS/data/live_packets.json
- Dashboard shows:
- Real-time packet stream
- Source IP and Destination IP
- Protocol and service
- Detection is triggered when:
- IP matches blocked list
- IP matches live threat feed
- Port is blacklisted
- Packet logs are saved after capture ends
- Visit: https://otx.alienvault.com
- Create account → Settings → API Key
- Visit: https://www.abuseipdb.com
- Create account → API → Generate Key
ABUSEIPDB_API_KEY=your_key_here OTX_API_KEY=your_key_here
- Python 3.8 or higher
- Internet connection (for live API fetching)
git clone https://github.com/Gnx80s/Week_10_Project.git
cd Week_10_Project
pip install -r requirements.txtRun the main orchestration script from your terminal:
sudo python3 -m dashboard.appOpen: http://127.0.0.1:5000
- Open the dashboard
- Add blocked IPs if needed
- Add sample logs if needed
- Click Run Pipeline
- Start Live Capture to monitor real-time traffic
- Review:
- System Output
- Live Capture Activity
- Recent Alerts
Each line should be: source_ip,destination_ip,destination_port
Example: 45.33.32.156,192.168.1.15,23 198.51.100.23,192.168.1.8,4444
Week_10_Project/ ├── api/ │ └── index.py | ├── dashboard/ │ ├── __init__.py │ ├── app.py │ ├── data_loader.py │ ├── live_capture_manager.py │ ├── routes.py | | │ ├── templates/ │ │ └── index.html │ └── static/ │ ├── styles.css │ └── dashboard.js | ├── IDS/ │ ├── data/ │ │ ├── blocked_ips.txt │ │ └── sample_logs.txt | | │ ├── ids_core/ │ │ ├── alert_manager.py │ │ ├── config.py │ │ ├── detection_rules.py │ │ ├── init.py │ │ ├── packet_analyzer.py │ │ └── threat_intel.py | | │ ├── reports/ │ └── main.py | ├── ThreatFeedAggregator/ | ├── feeds/ │ | └── feodo_tracker.txt | | | ├── output/ | │ | ├── .env | ├── aggregator.py | ├── config.py | ├── fetch_feeds.py | ├── main.py | ├── normalize_data.py | ├── threat_scoring.py | ├── utils.py | └──visualise.py | ├── main.py ├── README.md └── requirements.txt
====================================================================== Mini-SIEM Orchestrator Starting ====================================================================== [1/2] Running Threat Feed Aggregator... [+] Fetching threat feeds... [✓] OTX feed fetched successfully [✓] AbuseIPDB feed fetched successfully [✓] Feodo fallback feed loaded [+] Normalizing data... [+] Enriching with threat scoring... [+] Deduplicating indicators... [+] Saving consolidated intelligence... [+] Updating historical dataset... [+] Generating reports... [+] Generating visualizations... [✓] Visualizations saved successfully [+] Exporting live threat feed for IDS... [✓] Consolidated IOC dataset generated [✓] Historical dataset updated [✓] Report generated successfully [✓] Live threat feed exported for IDS [✓] Threat Feed Aggregator completed successfully [2/2] Running Intrusion Detection System (IDS)... Simple Intrusion Detection System v1.3 ======================================================= [+] Loaded live threat intelligence [+] Initializing detection engine... [+] Running sample log analysis... [✓] Analysis completed successfully ## Session Summary Total alerts generated: 0 Reports and logs saved successfully [✓] IDS execution completed successfully ====================================================================== Mini-SIEM pipeline finished successfully ======================================================================
After execution, the system generates:
- Consolidated threat intelligence dataset
- Historical tracking dataset
- Analytical reports
- Visual threat charts
- IDS alert logs and summaries
Mini-SIEM is provided strictly for educational and defensive cybersecurity purposes. This project is intended to demonstrate threat intelligence aggregation, IDS-style detection, dashboarding, and security analysis workflows in a controlled and lawful environment.
You must not use this project to:
- perform unauthorized scanning or interception
- target systems you do not own or have explicit permission to test
- conduct malicious activity of any kind
- violate applicable laws, regulations, or organizational policies
Threat intelligence data may be incomplete, stale, or inaccurate. Alerts and detections generated by this system should not be treated as authoritative without validation. The author provides this project “as is” without warranties of any kind and assumes no liability for misuse, damage, or legal consequences resulting from its use. By using this project, you agree to use it responsibly, ethically, and only in authorized environments.