Advanced AI-Powered Cybersecurity Platform for Threat Detection & Analysis
π Quick Start β’ π Documentation β’ π οΈ Features β’ π€ Contributing
ForensIQ is a comprehensive, AI-enhanced cybersecurity platform that combines real-time log analysis, MITRE ATT&CK framework integration, and intelligent threat detection into a unified solution. Built for security professionals, incident responders, and SOC teams.
- π§ AI-Powered Analysis: Leverages AWS Bedrock Titan embeddings and Google Gemini for intelligent threat detection
- π― MITRE ATT&CK Integration: Automatic mapping of security events to MITRE ATT&CK techniques
- β‘ Real-time Monitoring: Live log extraction from Windows Event Logs with MongoDB storage
- π₯οΈ Modern Web Interface: Next.js-powered dashboard with interactive threat visualization
- π§ CLI Tools: Comprehensive command-line interface for automated operations
- π Advanced Analytics: Vector similarity search using ChromaDB for pattern recognition
ForensIQ consists of three main components:
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β π₯οΈ Client β β π Server β β π€ AI Agent β
β (Next.js) βββββΊβ (FastAPI) βββββΊβ (CLI Tool) β
β β β β β β
β β’ Dashboard β β β’ REST API β β β’ Log Monitor β
β β’ Threat Viz β β β’ MITRE Search β β β’ AI Analysis β
β β’ MITRE Search β β β’ ChromaDB RAG β β β’ MongoDB Sync β
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
- Real-time Log Monitoring: Continuous extraction from Windows Security/System Event Logs
- AI-Powered Classification: Automatic threat severity assessment using Gemini AI
- MITRE ATT&CK Mapping: Intelligent technique identification and categorization
- Vector Similarity Search: ChromaDB-powered pattern matching for anomaly detection
- Executive Summary: High-level threat landscape overview
- Timeline Visualization: Chronological incident tracking
- MITRE Framework Search: Interactive technique exploration
- Real-time Alerts: Live threat notification system
- One-time Authentication: Secure credential management with encryption
- Profile-based Monitoring: Customizable log source configurations
- Scheduled Analysis: Automated 5-minute interval processing
- Export Capabilities: JSON/CSV report generation
- Encrypted Storage: PBKDF2 + Fernet encryption for sensitive data
- MongoDB Integration: Scalable log storage and retrieval
- AWS Bedrock: Enterprise-grade AI/ML capabilities
- RESTful API: Easy integration with existing security tools
- Python 3.7+
- Node.js 18+
- MongoDB (local or cloud)
- AWS Account (for Bedrock access)
git clone https://github.com/Vaibhav2154/forensiq.git
cd forensiqcd aiagent
pip install -e .
# Register and authenticate
forensiq-cli auth register --username your_username --email your_email
forensiq-cli auth login --username your_username# Set up dynamic Windows Event Log monitoring
forensiq-cli profile setup-dynamic --sources security_events,system_events --interval 300
# Or file-based monitoring
forensiq-cli profile setup --log-path "C:\path\to\logs" --interval 300cd ../server
pip install -r requirements.txt
# Configure environment variables
cp .env.example .env
# Edit .env with your AWS credentials and MongoDB connection
# Start the server
python main.pycd ../client
npm install
npm run devcd ../aiagent
# Start real-time monitoring
forensiq-cli monitor --dynamic
# Or schedule automated analysis
forensiq-cli monitor --scheduleπ You're ready! Access the dashboard at http://localhost:3000
| Component | Description | Link |
|---|---|---|
| π€ AI Agent | CLI tool usage and automation | CLI User Guide |
| π Server API | Backend setup and deployment | Deployment Guide |
| π― MITRE Integration | ATT&CK framework usage | MongoDB Retrieval Guide |
| π Monitoring | Real-time log analysis | Dynamic Monitoring Guide |
forensiq/
βββ π€ aiagent/ # CLI tool and AI agent
β βββ cli_tool.py # Main CLI interface
β βββ ai_agent.py # AI analysis engine
β βββ mongodb_service.py # Database operations
βββ π server/ # FastAPI backend
β βββ main.py # API server
β βββ services/ # AI and database services
β βββ routers/ # API endpoints
βββ π₯οΈ client/ # Next.js frontend
β βββ app/ # App router pages
β βββ components/ # React components
β βββ hooks/ # Custom hooks
βββ π docs/ # Documentation
# Test AI Agent
cd aiagent
python test_complete_functionality.py
# Test MongoDB integration
python test_mongodb.py
# Test server endpoints
cd ../server
python test_aws_bedrock.py
python test_rag.pyEnable detailed logging:
# CLI with verbose output
forensiq-cli monitor --dynamic --verbose
# Server with debug mode
cd server
uvicorn main:app --reload --log-level debugWe welcome contributions! Please see our Contributing Guide for details.
- Additional Log Sources: Support for Linux/macOS logs
- Custom MITRE Techniques: User-defined detection rules
- ML Model Training: Enhanced threat classification
- API Integrations: SIEM platform connectors
- Performance Optimization: Large-scale log processing
Found a bug? Please open an issue with:
- Detailed description
- Steps to reproduce
- Expected vs actual behavior
- System environment details
- Multi-platform log support (Linux/macOS)
- Custom detection rule engine
- Advanced ML threat scoring
- SIEM integration APIs
- Distributed analysis cluster
- Real-time threat intelligence feeds
- Advanced visualization dashboard
- Enterprise SSO integration
This project is licensed under the MIT License - see the LICENSE file for details.
- MITRE Corporation for the ATT&CK framework
- AWS Bedrock for AI/ML capabilities
- Google Gemini for advanced language processing
- ChromaDB for vector similarity search
- FastAPI and Next.js communities
- π§ Email: vaibhavvaibhu2005@gmail.com
- π Issues: GitHub Issues
- π Wiki: Project Wiki
- π¬ Discussions: GitHub Discussions
β Star this repository if ForensIQ helps secure your environment!
