Building a Real-Time Cyber Threat Intelligence Platform with Python & Elastic Stack

In this video, I demonstrate my Cyber Threat Intelligence (CTI) Platform, a project designed to automate the lifecycle of threat data—from collection to real-time visualization and policy enforcement. This platform acts as a centralized hub for security analysts to monitor malicious activity and proactively block threats before they impact the network. Key Features: Automated Ingestion: Python-based collectors fetch live reputation data from external feeds (e.g., AlienVault). Database Management: Utilizes MongoDB for flexible, unstructured threat data storage and Elasticsearch for high-speed indexing. Real-Time SIEM Dashboard: A customized Kibana dashboard visualizing threat source distributions and risk score analysis. Risk Scoring Engine: A normalization script that assigns risk levels to indicators based on various security parameters. Policy Enforcement: An automated enforcement module that processes high-risk threats for proactive blocking. Technical Stack: Languages: Python (PyMongo, Elasticsearch-py) Databases: MongoDB, Elasticsearch Visualization: Kibana (Elastic SIEM) Environment: Oracle VM VirtualBox (Kali Linux / Ubuntu) IDE: Visual Studio Code Project Workflow: Collection: alienvault.py fetches raw threat feeds. Normalization: risk_score.py processes the data into a standard format. Ingestion: elastic_push.py sends validated indicators to the Elasticsearch SIEM engine. Visualization: Data is displayed in the Kibana Dashboard for real-time monitoring. Enforcement: policy_enforcer.py identifies high-risk IPs for mitigation. #CyberSecurity #ThreatIntelligence #Python #Elasticsearch #MongoDB #SIEM #Kibana #InfoSec #CyberProject #SOCAnalyst #Automation #ThreatHunting