AI-Powered Cyber Threat Detection with Multi-Source APIs

AI-powered threat detection notebook enriching IOCs via VirusTotal, AbuseIPDB, Shodan & HIBP, with AI risk scoring, dashboards, alerts, and CI/CD GitHub automation — a mini SOC for analysts & teams.

Comment

Inspiration

In today’s cyber landscape, threat data is scattered across multiple platforms — VirusTotal, AbuseIPDB, Shodan, HaveIBeenPwned — making manual analysis slow and inefficient. We wanted to empower security analysts, students, and teams with an AI-driven notebook that unifies intelligence, scores risks automatically, and visualizes real-time insights — turning Postman into a mini SOC.

What it does

Our notebook is an end-to-end cyber threat detection and enrichment engine that: ✅ Enriches IOCs (IPs, hashes, domains, emails) via VirusTotal, AbuseIPDB, Shodan, and HaveIBeenPwned APIs. ✅ Applies AI-based risk scoring to rank threats intelligently. ✅ Generates real-time dashboards, visual alerts, and anomaly trends. ✅ Sends conditional alerts for high-risk indicators. ✅ Integrates CI/CD and GitHub automation for continuous threat monitoring.

💥 Result: A single notebook that acts as a self-contained SOC — powerful, portable, and automated.

How we built it

🔹 Core Stack: Python, Jupyter Notebook, Pandas, Scikit-learn, Plotly, and Matplotlib. 🔹 APIs Used: VirusTotal, AbuseIPDB, Shodan, HaveIBeenPwned. 🔹 AI Layer: Weighted confidence scoring model combining multi-source API results with ML-based threat pattern analysis. 🔹 Automation: GitHub Actions + Postman collections for CI/CD, scheduled IOC checks, and result commits. 🔹 Visualization: Dynamic dashboards showing IOC heatmaps, source reliability scores, and threat distribution charts.

Challenges we ran into

⚠️ Handling rate limits and API authentication securely across multiple data sources. ⚙️ Building a unified schema for diverse JSON outputs from all APIs. 📊 Designing an explainable AI model that remains interpretable for analysts. 🔒 Integrating GitHub Actions without leaking secrets or tokens.

Accomplishments that we're proud of

🏁 Built a fully modular, plug-and-play SOC notebook — deployable anywhere. 🌐 Unified four leading threat intelligence APIs seamlessly. 🤖 Created an AI-powered risk scoring system that learns from IOC trends. 🚨 Added automated CI/CD pipelines for continuous cyber hygiene monitoring. 📈 Delivered interactive dashboards and alert visualizations in real time.

What we learned

💡 Real-world experience with multi-API orchestration and data enrichment pipelines. 💡 Building AI models for cyber risk scoring and prioritization. 💡 Implementing DevSecOps practices within security analytics workflows. 💡 Balancing automation with analyst control for trusted insights.

What’s next

🔸 Deploy as a Streamlit / FastAPI-based SOC web dashboard for enterprise use. 🔸 Integrate CVE, AlienVault OTX, and ThreatFox feeds for richer threat context. 🔸 Add LLM-powered threat summaries and natural-language queries. 🔸 Create a community-driven threat intelligence repository with GitHub automation.

Tagline

“From scattered APIs to unified intelligence — empowering analysts with AI, automation, and actionable insights.”

Keywords

CyberSecurity #ThreatIntelligence #AI #SOC #MachineLearning #VirusTotal #AbuseIPDB #Shodan #HaveIBeenPwned #GitHubActions #Postman #DataVisualization #CI/CD #Automation #Hackathon #CyberOps #Python #EthicalHacking

Built With

Share this project:

Updates