XEngine

XEngine is an AI-driven security analysis tool designed to simulate, analyze, and explain security events in IT and OT environments. The project focuses on making SOC activity more understandable through event correlation, incident generation, and human-readable explanations.

---

Overview

XEngine currently operates as a simulation-based tool, generating synthetic logs and incidents to demonstrate how attacks and suspicious behavior occur in real environments. It is designed with SIEM integration in mind, allowing it to evolve into a real SOC assistant when connected to live data sources, with a core focus on reasoning about network activity and clearly explaining the meaning behind detected behaviors and incidents.

---

📂Repository Structure:

📂XEngine/
│   ├── 📂cli/
│   │   ├── __init__.py
│   │   └── main.py
│   │
│   ├── 📂core/
│   │   ├── __init__.py
│   │   ├── engine.py
│   │   ├── 📂correlation/
│   │   │   ├── __init__.py
│   │   │   └── correlator.py
│   │   │
│   │   ├── 📂explanation/
│   │   │   ├── __init__.py
│   │   │   └── generator.py
│   │   │
│   │   ├── 📂mitre/
│   │   │   ├── __init__.py
│   │   │   └── mapping.py
│   │   │
│   │   ├── 📂schema/
│   │   │   ├── __init__.py
│   │   │   ├── event.py
│   │   │   └── incident.py
│   │   │
│   │   └── 📂scoring/
│   │       ├── __init__.py
│   │       └── risk.py
│
│   ├── 📂plugins/
│   │   ├── __init__.py
│   │   │
│   │   ├── 📂eventSource/
│   │   │   ├── __init__.py
│   │   │   ├── base.py
│   │   │   ├── elk.py
│   │   │   └── json_file.py
│   │   │
│   │   └── 📂ticketSinks/
│   │       ├── __init__.py
│   │       ├── base.py
│   │       └── glpi.py
│
├── 📂data/
│   └── 📂sample_events/
│       └── auth_events.json
│
├── 📂docs/
│   ├── architecture.md
│   └── designDecisions.md
├── 📄README.md
├── 📄requirements.txt
├── 📄LICENSE
└── .gitignore

How It Works:

• Simulates: security events such as authentication failures and successful logins
• Correlates: related events into structured incidents
• Maps: activity to MITRE ATT&CK techniques
• Generates: explanations and response recommendations
• Outputs: incidents in a SOC-friendly format

SIEM Integration

Although XEngine currently uses simulated data, it is built to integrate with real SIEM platforms such as:

• Elasticsearch / ELK Stack
• Log management and ticketing systems (e.g., GLPI)

When connected to a SIEM, XEngine can analyze real-time logs, correlate live events, and function as an actual SOC analysis tool.

Project Status

• Simulation-based event generation
• Incident correlation and explanation
• SIEM integration, your desired SIEM (Plug and Play)
• Automation and response (planned)

Installation

1. Clone the repository

git clone https://github.com/xGhxstx/XEngine.git

2. Create a virtual environment (Optional)

cd XEngine
python -m venv venv
source venv/bin/activate

3. Install dependencies

pip install -r requirements.txt

---

🧩 Contributions:

• Contributions are welcome! If you have improvements or even bug fixes, feel free to open a pull request. Follow the steps below!

1. Fork the repo.
2. Create a feature branch:

git checkout -b feature/new-script

3. Commit your changes:

git commit -m "Add new feature or fix."

4. Push to your fork:

git push origin feature/new-script

5. Open a pull request.

---

📜 License:

• Released under the MIT License. Please feel free to use, modify, and distribute the scripts, provided you give the author proper credit.

---

⭐ Support the Project:

• If you've found XEngine useful, please ⭐ the repo — it helps a ton!