posted an update

Part 1 Complete:

  • Successfully implemented our security monitor, which was created using Pandas and Streamlit and offers crucial operational insight for our Zero Trust rules.

Key Features & Technical Details:

  • Architecture: Dashboard runs on Streamlit and uses Pandas to ingest and process data directly from the gateway’s live log.txt file.

Data Source:

  • Ensures constant, real-time reflection of the network's current security posture by parsing all gateway policy decisions.

Live Security Monitoring & Metrics: We provide instant validation of the security system through three dynamic metrics:

  • Allowed Requests (ALLOWED): Tracks successful, authorized traffic.

-Denied Attempts (DENIED_SPOOFING): The most important measure which counts attempts where an unauthorized device or role violates the Zero Trust access policy.

  • Suspicious Events (SUSPICIOUS): Tracks activity that falls outside of expected behavioral patterns.

Operational Intelligence (Color Coding): The Live Security Logs table uses conditional coloring for immediate visual alerts:

  • Red (CRITICAL): Denied Spoofing attempts, confirming policies are actively defending against unauthorized access.

  • Yellow (WARNING): alerts about unusual activity or possible exploitation.

  • Green (NORMAL): Confirms authorized access and successful transactions.

Policy Validation and Testing: A core feature demonstrating instant testing and validating policy effectiveness

"BIG RED BUTTON":

  • Triggers the attack_simulator.py script, which sends malicious and spoofed requests to the gateway.

Purpose:

  • We can quickly verify that all Zero Trust rule updates are appropriately enforcing the DENIED_SPOOFING state and verify system resilience under malicious load.

Project Impact:

  • The dashboard is the operational centerpiece of our Zero Trust model

  • The dashboard provides transparency and accountability by verifying that the security framework works in a real world scenario.

  • Provides quick visual identification and context for important security events, which significantly speeds up incident response times.

Log in or sign up for Devpost to join the conversation.