Skip to content
@Cyberfortress-Labs

Cyberfortress Labs

Cyberfortress is a security-focused research and engineering space dedicated to building modern SOC, SIEM, and XDR capabilities.
README.md

Cyberfortress Labs

Building Intelligent Security Operations Through Research and Innovation

A security research organization advancing SOC ecosystems through the integration of SIEM, SOAR, and XDR technologies with intelligent analysis and automation.

🔬 Research Focus

We develop intelligent Security Operations Center (SOC) architectures that enhance cyber threat detection and response capabilities through:

SIEM Integration

  • Centralized log collection & normalization
  • Real-time correlation & alerting
  • Multi-layer security monitoring

SOAR Automation

  • Incident orchestration & case management
  • Response playbook automation
  • Analyst workload optimization

SmartXDR Intelligence

  • AI-assisted threat analysis
  • False positive reduction
  • Priority-based alert enrichment

🎯 Research Objectives

  • Intelligent SOC Design — Integrating SIEM, SOAR, and Open XDR concepts into a cohesive ecosystem
  • Alert Optimization — Reducing false positives through AI-assisted filtering and prioritization
  • Automated Response — Improving MTTD and MTTR via orchestrated security workflows
  • Detection Coverage — Evaluating effectiveness using MITRE ATT&CK framework mapping

🧪 Laboratory Environment

Our controlled experimental infrastructure simulates real-world attack scenarios to validate detection and response capabilities:

  • Network Layer — Firewall, IDS/IPS, Network Security Monitoring (NSM)
  • Endpoint Layer — Host-based detection agents and EDR tools
  • Analysis Layer — Centralized SIEM, threat intelligence platforms, case management
  • Attack Simulation — Brute-force, SQL injection, malware, web exploits

📦 Research Areas

Security Domain Focus Areas
Detection Engineering MITRE ATT&CK coverage, signature development, behavioral analysis
Threat Intelligence IOC integration, threat hunting, intelligence sharing platforms
Automation & Orchestration SOAR playbooks, API integration, incident workflows
XDR Research Open XDR architecture, cross-layer correlation, unified visibility
AI-Assisted Analysis Alert prioritization, anomaly detection, intelligent enrichment

⚠️ Scope & Limitations

This is an academic research initiative focused on proof-of-concept implementation and experimental validation in simulated environments. The system leverages existing open-source security tools and external AI services without proprietary ML model training. Large-scale enterprise deployment is outside the current research scope.

📍 Affiliated Institution

University of Information Technology (UIT)
Vietnam National University HCMC (VNU-HCM)

🔗 Connect With Us

🌐 cyberfortress-labs.github.io | ✉️ thienlai159@gmail.com

Pinned Loading

  1. Cyberfortress-SmartXDR-Core Cyberfortress-SmartXDR-Core Public

    CyberFortress-SmartXDR-Core provides the central AI-driven intelligence layer for the CyberFortress Intelligent SOC Ecosystem. It delivers alert triage, IOC enrichment, MITRE mapping, and automated…

    Python 1

  2. Cyberfortress-Intelligent-SOC-Ecosystem Cyberfortress-Intelligent-SOC-Ecosystem Public

    An Intelligent SOC Ecosystem that integrates SIEM, SOAR, and SmartXDR to enhance monitoring, detection, and response to cyber attacks. SmartXDR combines OpenXDR tools (Wazuh, Suricata, Zeek, pfSens…

    1

  3. Cyberfortress-n8n-Automation Cyberfortress-n8n-Automation Public

    This repository contains the automation infrastructure for Cyberfortress, utilizing n8n to orchestrate security workflows, generate reports, and integrate with platforms like Wazuh, SmartXDR, and T…

    JavaScript 1

  4. Cyberfortress-ML-Logs-Classification Cyberfortress-ML-Logs-Classification Public

    A machine-learning–powered log classification system designed to normalize multi-source security logs (Suricata, Zeek, pfSense, ModSecurity, Apache, Nginx, MySQL, Windows, Wazuh, etc.) and predict …

    Python 1

  5. Cyberfortress-IRIS-SmartXDR-Module Cyberfortress-IRIS-SmartXDR-Module Public

    iris-smartxdr-module is a IRIS pipeline/processor module created with https://github.com/dfir-iris/iris-skeleton-module

    Python 1

  6. Cyberfortress-Wazuh-Defend Cyberfortress-Wazuh-Defend Public

    A collection of Python utilities and build artifacts used to package and sign small Windows helper applications for interacting with Wazuh and endpoint workflows. This repository contains tools for…

    Python 1

Repositories

Showing 10 of 15 repositories
View all repositories

Top languages

Loading…

Most used topics

Loading…