Skip to content

Drechi3/SentinelIQ

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

10 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ›‘οΈ SentinelIQ β€” Autonomous SOC Intelligence Platform

Python FastAPI Docker MITRE ATT&CK

Overview

SentinelIQ is an autonomous Security Operations Center (SOC) intelligence platform that performs real-time threat detection, attack correlation, UEBA risk scoring, dynamic attack graph generation, and automated incident response.

The platform simulates core capabilities commonly found in enterprise security solutions such as Splunk, Microsoft Sentinel, CrowdStrike, and SentinelOne while remaining lightweight, transparent, and fully self-hosted.

SentinelIQ ingests security telemetry, enriches events through behavioral analytics, maps activity to MITRE ATT&CK techniques, builds evolving attack graphs, and triggers autonomous defensive actions.


πŸš€ Live Deployment

Public Deployment (Nosana Cloud)

https://4u8pgm9fagp9ah4al48agqdvwoxypvsvn9rutoeccsvn.node.k8s.prd.nos.ci/docs

The live deployment exposes an interactive Swagger UI where events can be submitted and attack graphs generated in real time.


πŸ”₯ Key Features

🧠 AI-Driven Threat Analysis

  • User & Entity Behavior Analytics (UEBA)
  • Risk-based scoring engine
  • Login anomaly detection
  • Failed authentication detection
  • Behavioral deviation analysis
  • Threat classification

πŸ•Έ Dynamic Attack Graph

  • Real-time node creation
  • User-to-IP relationship mapping
  • Weighted attack paths
  • Attack chain reconstruction
  • Graph summary analytics
  • Relationship tracking

⚑ Correlation Engine

  • Multi-event attack correlation
  • MITRE ATT&CK mapping
  • Brute force attack detection
  • Threat confidence scoring
  • Attack escalation analysis
  • Behavioral pattern recognition

🚨 Autonomous Response Engine

  • Automatic IP blocking simulation
  • User quarantine simulation
  • Escalation workflows
  • Incident memory tracking
  • Risk-based response actions

πŸ“Š SOC Dashboard

  • Real-time monitoring
  • Threat visualization
  • Live graph updates
  • Security event tracking
  • SOC-style operational interface

πŸ— Architecture

Security Events
       β”‚
       β–Ό
 FastAPI API Layer
       β”‚
       β–Ό
 UEBA Risk Engine
       β”‚
       β–Ό
 Correlation Engine
       β”‚
       β–Ό
 MITRE ATT&CK Mapping
       β”‚
       β–Ό
 Attack Graph Builder
       β”‚
       β–Ό
 Autonomous Response Engine
       β”‚
       β–Ό
 SOC Dashboard

πŸ§ͺ Example Event

{
  "user_id": "admin",
  "event_type": "LOGIN_FAILURE",
  "ip_address": "8.8.8.8"
}

Example Detection Result

{
  "risk": 65,
  "correlation": "CONFIRMED_ATTACK (T1110 - Brute Force)"
}

πŸ“Έ Screenshots

Live SOC Dashboard

Dashboard

Attack Graph Visualization

Graph

Threat Detection API

API


🐳 Docker Deployment

Build the image:

docker build -t sentineliq .

Run the container:

docker run -p 8000:8000 sentineliq

Open:

http://localhost:8000/docs

πŸ’» Local Installation

Clone repository:

git clone https://github.com/Drechi3/SentinelIQ.git
cd SentinelIQ

Install dependencies:

pip install -r requirements.txt

Run application:

python -m uvicorn main:app --reload

Open Swagger UI:

http://localhost:8000/docs

Example Detection Scenario

  1. User repeatedly fails authentication.
  2. Risk score increases.
  3. Correlation engine maps activity to MITRE ATT&CK T1110.
  4. Attack graph expands dynamically.
  5. Autonomous response engine reacts.
  6. Incident is stored for future analysis.

Project Structure

SentinelIQ/
β”‚
β”œβ”€β”€ agents/
β”œβ”€β”€ backend/
β”œβ”€β”€ frontend/
β”œβ”€β”€ threat_intel/
β”œβ”€β”€ alerts/
β”œβ”€β”€ storage/
β”œβ”€β”€ tests/
β”‚
β”œβ”€β”€ main.py
β”œβ”€β”€ attack_graph.py
β”œβ”€β”€ correlation_engine.py
β”œβ”€β”€ response_engine.py
β”œβ”€β”€ ai_risk_engine.py
β”œβ”€β”€ dashboard.html
β”œβ”€β”€ Dockerfile
β”œβ”€β”€ requirements.txt
β”‚
└── screenshots/

Roadmap

  • LLM-Powered SOC Analyst
  • AI Incident Summaries
  • Threat Intelligence Enrichment
  • Multi-Tenant Dashboard
  • Graph Database Integration
  • Vector Memory Search
  • Kubernetes Deployment
  • Cloud SIEM Integrations
  • Real-Time Threat Feeds

Technologies

  • Python 3.12
  • FastAPI
  • Docker
  • HTML/CSS/JavaScript
  • MITRE ATT&CK Framework
  • UEBA Analytics
  • Attack Graph Modeling
  • Nosana Cloud Deployment

Author

Igboanugo David Ugochukwu

Cybersecurity Researcher | Technical Writer | Security Engineer

GitHub: https://github.com/Drechi3

LinkedIn: https://www.linkedin.com/in/igboanugo-david-ugochukwu-73136220b


MIT License

About

Autonomous SOC Intelligence Engine with Real-Time Attack Graph

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors