-
-
Notifications
You must be signed in to change notification settings - Fork 148
SIEM Dashboard
CarterPerez-dev edited this page Feb 11, 2026
·
1 revision
Full-stack Security Information and Event Management platform with real-time log correlation, alerting, and attack playbooks.
A SIEM platform that ingests log events from multiple sources, normalizes them into a common schema, classifies severity using pattern matching, and runs a real-time correlation engine to generate alerts. Includes a React dashboard for monitoring, investigation, and attack scenario playback using MITRE ATT&CK techniques.
Status: Complete | Difficulty: Intermediate
| Technology | Version | Purpose |
|---|---|---|
| Flask | - | Web framework (app factory pattern) |
| MongoDB | - | Log and alert persistence |
| Redis Streams | - | Real-time event delivery |
| MongoEngine | - | MongoDB ODM |
| Pydantic | - | Request/response validation |
| JWT + Argon2id | - | Authentication |
| Technology | Version | Purpose |
|---|---|---|
| React | - | UI framework |
| TypeScript | - | Type safety |
| Zustand | - | Client state management |
| TanStack Query | v5 | Server state management |
| visx | - | Chart visualization |
| SSE | - | Real-time streaming |
- Docker Compose (dev + prod configs)
- Nginx reverse proxy (SSE-aware)
- Gunicorn WSGI server
- Multi-source ingestion (firewall, IDS, auth, endpoint, DNS, proxy)
- Common schema normalization
- Regex-based severity classification
- Event pivot API for investigation workflows
- Sliding window rule evaluation
- Threshold counting (e.g., 20 failed logins in 5 minutes)
- Ordered sequence detection (brute force β successful login)
- Distinct-value aggregation
- Rule testing against historical data
- Full lifecycle: detection β acknowledgment β investigation β resolution
- False positive classification
- Severity-based prioritization
- YAML-based scenario definitions
- MITRE ATT&CK technique mapping
- Brute force (T1110.001), DNS tunneling (T1048.003), and more
- Threaded scenario execution
- Server-Sent Events for live updates
- Protocol distribution charts
- Severity breakdown timelines
- Top source analysis
- MongoDB aggregation pipelines
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend (React + TS) β
β Zustand stores | TanStack Query | SSE streaming β
βββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββ
β Nginx (SSE-aware proxy) β
βββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββ
β Backend (Flask) β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Engine β β
β β normalizer.py | severity.py | correlation.py β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Scenarios β β
β β playbook.py (YAML parser) | runner.py (thread) β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Routes / Controllers / Schemas β β
β β ~30 endpoints under /v1/ β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
ββββββββββ¬βββββββββββββββββββ¬ββββββββββββββββββββββββββββββ
β β
βΌ βΌ
βββββββββββββββ βββββββββββββββ
β MongoDB β β Redis β
β Logs/Alertsβ β Streams β
β Rules/Usersβ β + Consumer β
βββββββββββββββ β Groups β
βββββββββββββββ
cd PROJECTS/intermediate/siem-dashboard
# Start development environment
docker compose -f dev.compose.yml up --build
# Access at http://localhost:8431
# API at http://localhost:8431/api/v1/
# Create admin account
docker exec -it siem-backend-dev flask admin create \
--username admin --email admin@example.com
# Ingest a test event
curl -X POST http://localhost:8431/api/v1/logs/ingest \
-H "Content-Type: application/json" \
-d '{"source_type":"auth","event_type":"login_failure","source_ip":"10.0.0.1","username":"root"}'siem-dashboard/
βββ backend/
β βββ app/
β β βββ __init__.py # Flask app factory
β β βββ config.py # Pydantic settings (60+ values)
β β βββ core/ # Auth, streaming, errors, decorators
β β βββ engine/ # Normalizer, severity, correlation
β β βββ models/ # MongoEngine documents
β β βββ routes/ # Flask blueprints
β β βββ controllers/ # Business logic
β β βββ schemas/ # Pydantic validation
β β βββ scenarios/ # Attack playbooks (YAML)
β βββ pyproject.toml
βββ frontend/
β βββ src/
β β βββ api/ # TanStack Query hooks + Zod types
β β βββ core/ # Shell, routing, stores, charts
β β βββ routes/ # Page components (lazy loaded)
β βββ package.json
βββ conf/ # Docker + Nginx configs
βββ compose.yml # Production
βββ dev.compose.yml # Development
# Backend
make backend-lint
make backend-test
# Frontend
make frontend-lint
make frontend-build
# Both
make lint
make testΒ©AngelaMos | CertGames.com | CarterPerez-dev | 2026