Cyber Threat Intelligence Platform

This project is a full-stack CTI MVP built with a Python FastAPI backend and a React/Vite frontend. It aggregates cyber threat intelligence from multiple source types, enriches unstructured text with lightweight NLP-style extraction, and presents alerts, hunting leads, compliance mappings, and reporting in a single analyst dashboard.

Report Pack

• Final report draft: docs/FINAL_REPORT.md
• Software design diagrams: docs/DIAGRAMS.md
• Figma handoff and mockup guidance: docs/FIGMA_HANDOFF.md
• Viva prep notes: docs/VIVA_GUIDE.md
• Figma-ready mockups: docs/mockups/

Core Features

• Data collection from multiple source categories: news, social media, security reports, collaboration feeds, and threat feeds
• Data processing and analysis with rule-based enrichment for IOCs, tactics, industries, tags, severity, and confidence
• Threat intelligence feed API with filtering, search, and workflow status updates
• Alerting and notification views for high-risk threats
• Dashboard and reporting for severity trends, source coverage, executive summaries, and control mapping
• Threat hunting packages generated from observed tactics and indicators
• Collaboration and information-sharing support via shared-source ingestion and status tracking
• Integration guidance for SIEM, EDR, SOAR, email gateways, OT monitoring, and vulnerability scanners
• Compliance and regulation visibility through framework/control mappings

Project Structure

backend/
  app/
    database.py
    main.py
    models.py
    schemas.py
    seed_data.py
    services.py
  requirements.txt
frontend/
  src/
    App.jsx
    main.jsx
    styles.css
  index.html
  package.json
  vite.config.js

Backend Setup

cd /Users/newstart/Documents/CDUproject/backend
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
uvicorn app.main:app --reload

The API will start at http://127.0.0.1:8000. Seed data is loaded automatically on startup the first time the database is created.

Useful endpoints:

• GET /api/overview
• GET /api/threats
• POST /api/threats
• PATCH /api/threats/{id}/status
• GET /api/alerts
• GET /api/hunts
• GET /api/reports
• GET /api/compliance
• GET /api/integrations

Frontend Setup

cd /Users/newstart/Documents/CDUproject/frontend
npm install
npm run dev

The frontend runs on http://127.0.0.1:5173 and expects the backend at http://127.0.0.1:8000 by default.

If you need a different backend URL:

VITE_API_BASE_URL=http://127.0.0.1:8000 npm run dev

Testing

Backend smoke tests:

cd /Users/newstart/Documents/CDUproject/backend
source .venv/bin/activate
pip install -r requirements-dev.txt
pytest

Frontend production build:

cd /Users/newstart/Documents/CDUproject/frontend
npm install
npm run build

Example Threat Ingestion Payload

{
  "title": "New phishing campaign targets managed service providers",
  "source_name": "Analyst Submission",
  "source_type": "news",
  "url": "https://example.com/custom-threat",
  "content": "Researchers observed phishing lures collecting credentials and abusing trusted remote access workflows. Indicators include CVE-2025-2000 and domain secure-helpdesk-login.net.",
  "published_at": "2026-04-08T11:00:00Z",
  "region": "Australia"
}

Suggested Next Steps

• Replace demo seed sources with real connectors for RSS feeds, social APIs, and report ingestion pipelines
• Add authentication, role-based access control, and audit logging
• Introduce async task workers for large-scale enrichment and deduplication
• Swap the rule-based NLP layer for transformer pipelines or LLM-backed extraction as requirements mature