Skip to content

MegaZegan/TraceLens

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
.venv
.venv
 
 
samples
samples
 
 
src
src
 
 
tests
tests
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

TraceLens

TraceLens is a defensive cybersecurity CLI that turns mixed CSV/JSONL logs into a ranked triage summary.

It is intentionally safe: it does not scan networks, attack targets, validate credentials, or contact external services. It only analyzes local telemetry.

What It Detects

  • Repeated failed authentication from the same IP.
  • Successful login after a burst of failures.
  • Denied firewall bursts against many destination ports.
  • DNS requests for suspicious-looking domains.
  • Large outbound transfers to uncommon destinations.

Demo

python -m venv .venv
.\.venv\Scripts\Activate.ps1
pip install -e . pytest
tracelens scan samples
pytest

Why This Exists

SOC work is often about turning noisy events into useful questions. TraceLens shows that flow:

  1. normalize events,
  2. group related activity,
  3. score risk,
  4. explain the evidence,
  5. recommend the next analyst action.

Example Output

[HIGH] Login success after failures
user=alice src_ip=203.0.113.66 risk=82
Five failures followed by a successful login.

About

Defensive log triage CLI for suspicious authentication, firewall, DNS, and outbound traffic patterns.

Topics

python cli log-analysis cybersecurity soc network-security blue-team detection-engine

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages