CSA 101

AI-powered threat input analyzer for detecting suspicious content instantly
Real-time threat dashboard displaying risk levels and recent analyses
Interactive threat hunting dashboard showing anomalies, timelines, and top IOCs
Automated high-risk alerts with email auto-response sent successfully
SOAR automation dashboard showing workflows and playbook execution status

Inspiration

Cybersecurity threats are increasing rapidly, especially phishing emails, malicious URLs, fake SMS messages, and shell-based attacks. Many individuals and small companies don’t have a dedicated SOC (Security Operations Center) or trained analysts. We wanted to build an AI assistant that behaves like a cybersecurity analyst — capable of analyzing suspicious content, detecting threats, extracting IOCs, triggering alerts, and even automating responses just like SOAR (Security Orchestration Automation & Response) systems.

What it does

Accepts multiple types of suspicious inputs: Emails (with headers) URLs / SMS messages Shell commands / logs File metadata (hash, filename) Extracted screenshot text

AI analyzes and returns (in seconds):

Risk level (Safe / Suspicious / High Risk) Confidence score IOC extraction (IPs, URLs, domains, hashes, file types…) Recommended action

Supports full SOC features:

Threat dashboard with risk score Threat hunting across historical data Automation rules & visual SOAR playbook builder External threat feed integration (VirusTotal, AbuseIPDB, MISP) Team collaboration, tags, comments, sharing Customizable dashboards with drag-and-drop widgets

Frontend: React + TailwindCSS shadcn/ui components @tanstack/react-query (data fetching) @hello-pangea/dnd (drag-and-drop dashboards/playbooks) Recharts + Framer Motion (visualizations & animations)

Backend (Base44) Entities: Analysis, Alert, AutomationRule, ThreatReport, ThreatCorrelation, Comment, DashboardConfig, Integration, Team AI analysis layer (LLM-based): Extracts IOCs, assigns risk levels & reasons Automation engine: Triggers rules → alerts / tags / playbook execution Integration layer: VirusTotal, AbuseIPDB, MISP, Webhooks

Built a working AI cybersecurity analyst

Created visual SOAR playbook builder (drag + drop)
Built threat hunting search + correlation engine
Designed a scalable backend entity model
Created UI that looks like a real SOC platform
Combined AI, automation, threat intel, dashboards & collaboration in one system

What we learned

How real SOC teams investigate phishing/malware Prompt engineering for cybersecurity AI analysis Designing database/entity models for security applications Working with drag-and-drop UI & dashboard components Difference between SIEM vs SOAR vs Threat Intel platforms Importance of collaboration & traceability in security tools

What’s next for CSA 101

Upcoming Features Planned: Incident / Case Management Audit logs (SOC compliance) “Dry Run Mode” for automation rules Live system monitoring agent for Linux endpoints Dataset to train a dedicated phishing detection model AI-driven campaign detection & timeline view Deploy as a SaaS platform with multi-tenancy

Long term vision: A full AI-powered SOC assistant — that investigates threats faster than humans.

Built With

base44
json
react
tailwindcss

Updates

Krishna Bose started this project — Nov 27, 2025 11:33 AM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.