AttackReplay Studio
Visual incident replay dashboard — turns safe sample logs into an attack timeline, attack path view, GeoIP map, and incident summary.
Ingests Linux auth and nginx access logs, builds a chronological timeline, groups events into attack paths per source IP, scores risk, applies MITRE-style tactic labels, and emits JSON + Markdown reports for triage. CLI now; FastAPI + React dashboard scaffolded under apps/ for future work.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- ThreatLens AISecurity project· Demo ready
AI-style log investigation assistant — parses Linux auth, nginx access, and Docker container logs, highlights suspicious IPs, exposed secrets, and produces a structured incident summary.
- AutoPatch AISecurity project· Demo ready
Dependency vulnerability scanner and upgrade planner — scans package.json, requirements.txt, and Dockerfile base images, flags risky pins, produces PR-preview output.
- Beaconing Traffic DetectorSecurity project· Demo ready
Detects periodic outbound callback (C2 beacon) behavior from timestamped network logs by scoring inter-arrival timing consistency per source/destination pair.
- CSP GuardianSecurity project· Demo ready
Website security header and iframe policy analyzer — inspects CSP, X-Frame-Options, cookies, CORS, and HSTS to flag clickjacking, XSS, and framing risks.
- Custom IDS ScriptSecurity project· Demo ready
Lightweight rule-based Linux intrusion detection — evaluates YAML rules against auth.log, syslog, and shell history to emit terminal, Markdown, and JSON alerts.
Want a heads-up when AttackReplay Studio releases?