Skip to content

ninadgowdru/DarkGuard_SOC_Simulator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
core
core
 
 
gui
gui
 
 
logs
logs
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 
simulate_threats.py
simulate_threats.py
 
 

Repository files navigation

DarkGuard

DarkGuard is an advanced AI-powered Security Operations Center (SOC) simulator designed to provide real-time network threat detection, analysis, and visualization. It combines multiple cybersecurity modules such as AI-driven threat classification, network traffic monitoring, automated alerting, and integration-ready threat intelligence feeds into a unified, extensible platform.

Table of Contents

Project Overview

DarkGuard is designed to simulate a real-world SOC environment with powerful detection capabilities using AI and rule-based engines. It processes live or simulated network data, flags suspicious activities, categorizes threats by severity, and presents actionable insights through an intuitive dashboard. The project is ideal for cybersecurity professionals, enthusiasts, and students looking to understand SOC operations or showcase advanced security skills.

Features

  • AI-Powered Threat Classification:
    Machine learning models classify alerts by severity (benign, suspicious, malicious).

  • Real-Time Log Ingestion:
    Supports live network logs ingestion from multiple sources (e.g., Suricata, syslog).

  • Automated Threat Intelligence Feed Parsing:
    Integrates MITRE ATT&CK and CVE databases for enriched threat context.

  • Multi-Module SOC Simulation:
    Includes network traffic analysis, anomaly detection, and endpoint monitoring modules.

  • Interactive Dashboard:
    Real-time event visualization with filters, color-coded threat levels, and detailed alert views.

  • Automated Alerts & Notifications:
    Supports email and Telegram alerts for high-severity incidents.

  • Dockerized Deployment:
    Easy setup and deployment with Docker containers for all components.

Architecture

+-------------------------+        +------------------------+
|  Network Log Sources     | -----> |  Log Parser & Normalizer| 
| (Suricata, Syslog, PCAP)|        +------------------------+
+-------------------------+                   |
                                              v
                                  +---------------------------+
                                  | AI Threat Classification   |
                                  +---------------------------+
                                              |
                                              v
                                  +---------------------------+
                                  | Central Event Log Storage  |
                                  +---------------------------+
                                              |
                                              v
                                  +---------------------------+
                                  | Real-Time Dashboard UI     |
                                  +---------------------------+

Installation & Setup
Prerequisites

    Python 3.8+

    Docker & Docker Compose (optional, for containerized deployment)

    Git

Clone the Repository

git clone https://github.com/yourusername/DarkGuard.git
cd DarkGuard

Install Python Dependencies

pip install -r requirements.txt

Configure Environment Variables

Create a .env file to configure optional settings like email/Telegram alerts, log paths, etc. See .env.example for reference.
Run Threat Simulation and Dashboard

    Start log simulation:

python simulate_threats.py

    Start the DarkGuard dashboard:

python main.py

Docker Deployment (Optional)

Build and run using Docker Compose:

docker-compose up --build

Usage

    The dashboard opens in your default browser at http://localhost:8501.

    View real-time threat events with color-coded severity.

    Use filters to focus on specific modules, severity levels, or IP addresses.

    Configure alerting rules in the config/alerts.yaml file.

    Integrate additional data feeds by adding parsers in the parsers/ directory.

Modules
Module	Description
AI Classifier	Classifies threat events using ML models
Network Traffic Analyzer	Parses network packets and flags anomalies
Threat Intelligence Parser	Parses MITRE ATT&CK and CVE feeds
Alert Manager	Sends automated notifications via Email/Telegram
Dashboard UI	Streamlit-based real-time visualization
Log Collector	Aggregates logs from various sources
Extensibility

DarkGuard is modular and designed for easy integration:

    Add new parsers for different log formats in the parsers/ folder.

    Extend the AI models with your own training data in the models/ directory.

    Customize the dashboard UI components located in gui/.

    Add new alerting channels or workflows in the alerts/ module.

Contributing

Contributions are welcome! Please follow these steps:

    Fork the repository.

    Create your feature branch (git checkout -b feature/YourFeature).

    Commit your changes (git commit -m 'Add new feature').

    Push to your branch (git push origin feature/YourFeature).

    Open a Pull Request describing your changes.

Please ensure your code adheres to PEP 8 standards and includes tests where applicable.
License

This project is licensed under the MIT License. See the LICENSE file for details.
Contact

Project maintained by [ Ninad Gowda ] - [[email protected]]
GitHub: https://github.com/ninadgowdru

Thank you for using DarkGuard! Protecting networks, empowering defenders.
## License
MIT License

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages