SignalChain

Homepage
Data Analysis with CSV
visualization
live ingestion

Inspiration

Security Operations Center (SOC) analysts are currently drowning in noise. They receive thousands of disconnected log entries every day: a failed login here, a weird file download there; but identifying the actual attack story takes hours of manual correlation. This "alert fatigue" leads to burnout and missed threats.

We wanted to build a tool that doesn't just list alerts, but tells the story behind them. We were also inspired to make cybersecurity more inclusive. Most security tools are dense, visual-heavy dashboards that are difficult for analysts with visual impairments or motor disabilities to navigate. We believed that accessibility should be a core feature of cyber-defense, not an afterthought.

What it does

SignalChain is an autonomous triage engine that uses adaptive DBSCAN clustering to link thousands of raw security logs into unified "Attack Stories." Instead of hunting through fragmented data, analysts see prioritized chains of related events—complete with risk scores and AI-generated reasoning—to identify threats in seconds rather than hours.

How we built it

We built a FastAPI backend to handle high-speed data ingestion and a SQLite database for event persistence. The core triage engine utilizes Scikit-learn for spatial-temporal clustering. The frontend is a highly responsive React dashboard styled with Tailwind CSS, featuring accessible data visualizations and integrated Gemini for natural language investigation.

Challenges we ran into

We struggled with fine-tuning the clustering epsilon ; too high and it grouped unrelated events, too low and it failed to find patterns. Balancing real-time polling performance with browser security restrictions required significant refactoring.

Accomplishments that we're proud of

We successfully built a functional, live-streaming triage monitor that converts raw, messy JSON into high-fidelity narratives. We are especially proud of integrating Gemini to provide "human-in-the-loop" explainability, making complex security clusters understandable for analysts of all experience levels.

What we learned

We learned that unsupervised machine learning is incredibly powerful for cybersecurity but requires rigorous data normalization to be effective. We also gained a deeper understanding of accessible design, realizing that clear data hierarchy and screen-reader compatibility actually improve the UI for everyone, not just those with disabilities.

What's next for SignalChain

We plan to implement persistent user preferences via local storage and move to WebSockets for true sub-second latency. We also want to expand the AI's role to include automated "Playbook" generation, offering analysts a single-click button to remediate threats directly from the story view.