Real-time cyber intelligence, streamed and summarized.

Inspiration

Youtube Video to be updated prior to submission deadline......

My inspiration comes from my military cybersecurity background, where I experienced the vast number of intelligence sources and feeds available. I wanted to create a solution that distills that complexity into a fast, reliable reference point accessible to any user.

What it does

Here is a cleaned-up Devpost “How We Built It” section. I kept it concise, structured, and a bit more narrative (which judges tend to prefer) while still showing the architecture clearly.

Our system automatically collects cybersecurity intelligence from RSS feeds, analyzes the content using AI, and presents structured threat insights in a searchable dashboard.

Here’s a cleaner, more polished version tailored for a Devpost “How We Built It” section—tightened up, more professional, and easier for judges to scan:

How We Built It

Frontend Dashboard

We built a lightweight dashboard using React and Next.js, deployed on DigitalOcean App Platform.

The dashboard pulls processed threat intelligence from a PostgreSQL database and presents it through:

• Real-time threat cards
• Searchable threat feeds
• Filters by vendor, malware, CVE, and severity
• Timeline views for tracking emerging trends

This provides security analysts with a fast, intuitive interface to monitor evolving threats.

Backend Worker

We implemented a Python-based polling service that continuously monitors cybersecurity RSS feeds. At regular intervals, it:

1. Fetches RSS feeds from multiple security sources
2. Parses incoming entries
3. Deduplicates articles using GUIDs or normalized URLs
4. Sends new content to the AI processing layer

This worker can run on DigitalOcean App Platform or a lightweight Droplet, depending on scaling and scheduling needs.

AI Threat Extraction

To transform unstructured data into actionable intelligence, we used DigitalOcean Gradient AI.

Each article is processed with a structured prompt that extracts:

• Threat title
• Source and publication date
• Affected vendors or products
• CVE identifiers
• Malware or ransomware names
• Severity level
• Analyst-style summary
• Recommended defensive actions

This step converts raw RSS data into structured, queryable threat intelligence.

Storage

All processed data is stored in a managed PostgreSQL database on DigitalOcean.

We store both:

• Raw RSS entries
• AI-enriched threat intelligence

The dashboard queries this database to power search, filtering, and real-time updates.

Polling Architecture

We designed two flexible approaches for running the RSS polling system:

Option 1 — Serverless Functions (Recommended) Using scheduled functions with cron triggers (e.g., every 5–15 minutes), we enable continuous ingestion without managing infrastructure.

Best suited for:

• Stateless, lightweight jobs
• Simple deployment and scaling
• Frequent polling cycles

Option 2 — Persistent Python Worker (Droplet) A long-running service on a small Droplet allows for more control over execution.

Best suited for:

• Predictable scheduling
• Advanced retry logic and batching
• Continuous processing workloads

End-to-End Pipeline

Our system follows a fully automated pipeline:

RSS Feeds → Polling Worker → AI Extraction → PostgreSQL → Dashboard

This architecture continuously ingests cybersecurity data, extracts structured insights, and delivers them in real time—enabling faster threat awareness and response.

What we learned

—

What's next for Real-time cyber intelligence, streamed and summarized.

Clean this unfinished project up and enhance for shipping potential.

Built With

• nextjs
• python