Welcome to the AI-Powered Threat Hunting and Vulnerability Assessment Dashboard. This application provides real-time threat detection, vulnerability scanning, and log analysis, aimed at enhancing the security and resilience of IT infrastructures.
- Upload Network Traffic Data: Analyze network traffic data for anomalies using Isolation Forest.
- Anomaly Detection: Automatically detect anomalies based on packet size and other metrics.
- Visualizations: Interactive visualizations to display detected anomalies in the network data.
- Statistics: Display anomaly counts and provide a detailed dataset for further analysis.
- Load Vulnerabilities: Upload a JSON file containing vulnerability details.
- Display Vulnerabilities: View critical information like ID, summary, publish date, and severity of each vulnerability.
- Log File Upload: Upload log files (TXT/CSV) for analysis.
- Basic Log Analysis: Check for failed login attempts and provide a quick summary.
- Word Cloud Visualization: Visualize the most frequent terms in the logs with a word cloud.
- Generate Log Data: Create an advanced log data CSV file for testing and further analysis.
To run this project locally, follow these steps:
- Python 3.7 or higher
pip(Python package installer)
-
Clone the Repository:
git clone https://github.com/yourusername/AI-Powered-Threat-Hunting-and-Vulnerability-Assessment-Dashboard.git cd AI-Powered-Threat-Hunting-and-Vulnerability-Assessment-Dashboard -
Install Dependencies:
- Install the required libraries using pip:
pip install -r requirements.txt
-
Run the Streamlit App:
- To start the dashboard, run the following command:
streamlit run app.py
-
Open the App:
- Once the app is running, open a web browser and navigate to the provided local URL (typically http://localhost:8501).
- Upload Network Traffic Data: Click on the file uploader to upload a CSV file containing network traffic data.
- View Anomalies: The app will automatically detect anomalies in the data using machine learning techniques and display results.
- Visualize Anomalies: Interactive charts will show anomalies based on packet size and other metrics.
- Upload Vulnerability Data: Upload a JSON file containing vulnerability details.
- View Vulnerabilities: The app will display a list of vulnerabilities with relevant details such as severity and publication date.
- Upload Log Files: Upload a TXT or CSV log file for analysis.
- Analyze Logs: The app will check for failed login attempts and display a word cloud for the most frequent terms.
- Generate Log Data: Use the "Generate Log Data CSV" button to create an advanced log dataset for testing purposes.
-
Here’s an example of the expected structure for the vulnerabilities.json file:
[ { "id": "CVE-2021-1234", "summary": "Critical vulnerability in the authentication system", "published_date": "2021-12-01", "severity": "High" }, { "id": "CVE-2022-5678", "summary": "Buffer overflow vulnerability in network service", "published_date": "2022-01-15", "severity": "Medium" } ]
- 🌊 Streamlit: A powerful and easy-to-use framework for building interactive web apps in Python.
- 🧠 Scikit-learn: Machine learning library used for anomaly detection with Isolation Forest.
- 🐼 Pandas & Numpy: Used for data manipulation and preprocessing.
- 📈 Seaborn & Matplotlib: Libraries for data visualization.
- 📝 WordCloud: For generating word clouds from log files.
- We welcome contributions! If you would like to improve or add new features to this project, please fork the repository and submit a pull request.



