Threat Detection Tool

A Python-based security utility for parsing logs and identifying threat patterns natively.

Threat Detection Tool Project

Project Overview

Wrote a proprietary python utility designed to sift through thousands of lines of log files swiftly. Focusing on scalability and accuracy, the tool flags specific Indicators of Compromise (IoCs) like unusual HTTP requests, repetitive failed SSH logins, and outbound connections to blacklisted IP addresses.

Key Features

  • Regex-based parsing engine extracting relevant IPs, user agents, and payload data.
  • Automated comparison of parsed IP addresses against public threat intelligence feeds (e.g., VirusTotal, AbuseIPDB).
  • Fast execution capability supporting parallel processing for huge `.log` files.
  • Generates concise HTML or PDF export reports outlining threat severity and frequency.
  • Configurable YAML rule sets allowing operators to define custom match logic on the fly.

Technologies Used

Python 3 Regex (re) Requests Library REST APIs Git
Back to Projects