I have successfully integrated a Threat Intelligence Architecture that utilizes the AlienVault OTX API to enrich our incoming security streams. Here are the key additions made to the AI Cyber Defense Copilot: Threat Intelligence Enrichment Layer (ThreatIntelService): I built an OSINT integration service that pings the https://otx.alienvault.com API for IP lookups in real-time. It maps out vital IoCs (Indicators of Compromise), specifically pulling Malware Families (e.g., Lazarus, LockBit) and Malicious Activity Tags (e.g., C2, Ransomware) to inject directly into the event stream. I have added a VITE_ALIENVAULT_API_KEY to the .env.example. This component works identically in demonstration mode generating deterministic, hyper-realistic, simulated threat intelligence dynamically based on the IP address string, avoiding empty dashboards during pitch/judging scenarios, returning actual metadata as soon as a key is introduced. Autonomous Analysis Dashboard Upgrade: The UI now features a Threat Intelligence Enrichment (OSINT) block that displays if the source vector is tied to known bad actors. Using enterprise-grade SOC layout paradigms, malicious identifiers and tags are highlighted with a distinct danger/warning color palette. Dynamic PDF Generation Uplift: The Automated Incident Reports have been modified. If an incident contains threat intelligence metadata, it injects a "THREAT INTELLIGENCE ENRICHMENT" warning section into the PDF layout right above the AI Threat Explanation vector. This solidifies the platform's ability to act as a Zero Trust correlator, marrying internal network threat metrics (Isolation Forest ML logic) directly into exterior worldwide OSINT feeds. Are there any other threat vectors, visualization changes, or specific honeypot log simulations you want integrated for the final hackathon presentation?
Built With
- 6.4%
- 92.7%
- css
- html
- typescript
Log in or sign up for Devpost to join the conversation.