ThreatLens AI
AI-style log investigation assistant — parses Linux auth, nginx access, and Docker container logs, highlights suspicious IPs, exposed secrets, and produces a structured incident summary.
Ingests common log formats and produces an investigation-style report. Parses auth.log, nginx access logs, and Docker container logs, correlates suspicious IPs, flags accidentally logged secrets, and assembles a Markdown incident report ready for analyst review. (Python — see also RustThreatLensAI for the faster CLI variant.)
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- AttackReplay StudioSecurity project· Demo ready
Visual incident replay dashboard — turns safe sample logs into an attack timeline, attack path view, GeoIP map, and incident summary.
- SSH Brute-Force DetectorSecurity project· Demo ready
Linux auth log detector for repeated SSH failed-login attacks — scores brute-force activity per source IP and emits actionable alerts.
- Web Attack DetectionSecurity project· Demo ready
Web log detection lab — flags SQL injection, XSS, suspicious user agents, scanner activity, and risk-scored request summaries from nginx access logs.
- AutoPatch AISecurity project· Demo ready
Dependency vulnerability scanner and upgrade planner — scans package.json, requirements.txt, and Dockerfile base images, flags risky pins, produces PR-preview output.
- Beaconing Traffic DetectorSecurity project· Demo ready
Detects periodic outbound callback (C2 beacon) behavior from timestamped network logs by scoring inter-arrival timing consistency per source/destination pair.
Want a heads-up when ThreatLens AI releases?