Core AI Engine: Created natural language processing model to ingest and analyze Mitre ATT&CK framework data, threat intelligence feeds, and system logs. Logging Integrations: Built integrations to intake common logging formats (Syslog, CEF, JSON, etc.) from SIEMs, EDRs, firewalls. Normalized and fed into AI engine. User Interface: Developed a graphical interface for security analysts to view and interact with AI output. Surface recommendations, risks, correlations in intuitive formats like timelines and relationship graphs. Reporting: Used Python libraries like Matplotlib and Seaborn to generate statistical visualizations of network/system activity, detections, risks over custom time ranges. Deployment Options: Containerized components for flexible cloud deployment.
Jan 01, 2023 - Mar 31, 2024