Skip to content

devbyjitendra/AI-Powered-SIEM

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

38 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ›‘οΈ AI-Powered SIEM Platform

A next-generation, premium Security Information and Event Management (SIEM) system built using FastAPI (Backend) and React (Frontend). This project features centralized logging, real-time threat detection, an automated event correlation engine, incident ticket escalation, and a security analyst chat assistant powered by Google Gemini AI.


πŸ“· Visual Demonstration

πŸ–₯️ Platform Showcase

SIEM Dashboard Overview

Security Alerts Triage

πŸŽ₯ Video Walkthrough

Watch the platform in action, featuring live threat simulation, real-time alert triage, and the AI Security Analyst assistant:

https://github.com/devbyjitendra/AI-Powered-SIEM/raw/main/frontend/assets/AI%20SIEM%20Tool.mp4


🌟 Key Features

  • ⚑ High-Performance API Gateway: Powered by FastAPI, offering standard RESTful endpoints for log ingestion, alert triage, incident case ticket management, and detection rule orchestration.
  • πŸ“‘ Real-Time WebSockets: Instantly stream correlated threat alerts to security analysts as soon as they are triggered.
  • 🧠 Gemini AI Security Analyst:
    • Automated Incident Playbooks: Generate localized investigation steps, mitigation strategies, and summaries for critical alerts.
    • Interactive Chat Assistant: Query the AI analyst directly from the dashboard to answer complex threat triage questions.
  • πŸ“Š Premium Interactive Dashboard:
    • Glassmorphism Theme: A sleek, dark-mode visual aesthetic built with harmonic HSL colors and Outfit/Inter typography.
    • Events Over Time Chart: Line graphs visualizing historical trends of raw security events vs. correlated high-priority alerts.
    • Geographical Threat Map: Leaflet-based world map plotting real-time threat sources and security alert hot spots.
    • Active KPI Counters: Track total ingested events, alerts, and cases with dynamic risk metrics.
  • 🧩 Automated Correlation Engine: Regex-based log parser executing rule matches (e.g. Auth Brute Force, SQL Injections, XSS Script Injections, Port Scanning) to automatically generate alerts.
  • βš™οΈ Local DB Backup & Size Pruning: Built-in automatic size pruning (retains latest 1,000 logs and 500 alerts) to ensure instant query performance (sub-100ms /stats latency) and prevent disk bloat.
  • πŸ€– Integrated Simulator Daemon: Simulates realistic enterprise environments, generating benign diurnal traffic patterns interweaved with SQL Injection, brute-force, or malware contact attacks.

πŸ“ Project Structure

AI-Powered-SIEM/
β”œβ”€β”€ backend/
β”‚   β”œβ”€β”€ app/
β”‚   β”‚   β”œβ”€β”€ api/v1/endpoints/  # APIs for logs, alerts, cases, and rules
β”‚   β”‚   β”œβ”€β”€ core/              # Config, DB connections, and logging
β”‚   β”‚   β”œβ”€β”€ models/            # SQLAlchemy schemas & Pydantic models
β”‚   β”‚   └── services/          # AI Analyst, Correlation Engine, WebSockets
β”‚   β”œβ”€β”€ requirements.txt       # Python backend dependencies
β”‚   └── Dockerfile             # Multi-stage production container setup
β”‚
β”œβ”€β”€ frontend/
β”‚   β”œβ”€β”€ src/
β”‚   β”‚   β”œβ”€β”€ components/        # React components (Map, Charts, Playbooks, Chat)
β”‚   β”‚   β”œβ”€β”€ services/          # API & WebSocket service configurations
β”‚   β”‚   β”œβ”€β”€ App.jsx            # Main app shell & global state orchestrator
β”‚   β”‚   └── index.css          # Central HSL variable styling system
β”‚   β”œβ”€β”€ vite.config.js         # Frontend asset bundler
β”‚   └── package.json           # Frontend packages & dev scripts
β”‚
β”œβ”€β”€ simulator_daemon.py        # Log generator script mimicking live attacks
β”œβ”€β”€ docker-compose.yml         # Container orchestration profile
β”œβ”€β”€ Readme.md                  # System documentation (This file)
└── siem_database.db           # Local database (when running SQLite)

πŸš€ Getting Started

1️⃣ Clone the Repository

git clone https://github.com/devbyjitendra/AI-Powered-SIEM.git
cd AI-Powered-SIEM

2️⃣ Configure Environment Variables (.env)

Create a .env file in the root workspace folder:

APP_NAME="AI-Powered SIEM"
DEBUG=True
GEMINI_API_KEY="YOUR_GOOGLE_GEMINI_API_KEY"
DATABASE_URL="sqlite:///./siem_database.db"
ALLOWED_ORIGINS="http://localhost:5173,http://127.0.0.1:5173"

3️⃣ Backend Setup (FastAPI)

  1. Create and activate a Python virtual environment:

    python -m venv venv
    # Windows:
    venv\Scripts\activate
    # Linux/macOS:
    source venv/bin/activate
  2. Install python dependencies:

    pip install -r backend/requirements.txt
  3. Run the development API server:

    cd backend
    uvicorn app.main:app --reload --host 127.0.0.1 --port 8000

    The backend API will start at: http://127.0.0.1:8000

    • Swagger Documentation: http://127.0.0.1:8000/docs
    • ReDoc Documentation: http://127.0.0.1:8000/redoc

4️⃣ Frontend Setup (Vite + React)

  1. Open a new terminal window in the frontend folder:

    cd frontend
  2. Install node dependencies:

    npm install
  3. Start the Vite React development server:

    npm run dev

    The web portal will open at: http://127.0.0.1:5173


5️⃣ Launch the Simulator Daemon

To feed live data into the platform, run the simulator from the root project directory:

python simulator_daemon.py --attack-ratio 1.0 --interval 2
  • --attack-ratio: Ratio of security logs that represent malicious attack events (0.0 to 1.0).
  • --interval: Speed of log ingestion in seconds.

🐳 Docker Deployment

To spin up the entire application stack in containerized mode (Frontend + Backend):

docker-compose up --build
  • Frontend Web App: http://localhost:80
  • Backend REST Gateway: http://localhost:8000

πŸ‘¨β€πŸ’» Author

Jitendra Kumar

  • Cybersecurity Specialist & Backend Engineer
  • Passionate about centralizing security architectures with state-of-the-art AI.

About

This AI-Powered SIEM is a next-gen security command center built with FastAPI and React. It features real-time log ingestion, an automated threat correlation engine, interactive geo-threat maps, and an integrated AI Security Analyst that streams playbooks and mitigates incidents instantly.

Topics

Resources

License

Code of conduct

Security policy

Stars

2 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors