Sentinel-STIX is a professional-grade Cyber Threat Intelligence (CTI) tool designed to solve the industry's biggest pain point: Data Overload. It leverages the reasoning power of Google Gemini 3 Pro to transform messy, unstructured threat reports into structured, actionable STIX 2.1 intelligence.
"Developed an AI-powered parsing tool using Google Gemini 3 Pro to automatically extract and structure TTPs and IoCs from unstructured threat reports, reducing analysis time by 75%."
CTI analysts spend hours manually scouring blog posts, PDF reports, and dark web forums to identify Indicators of Compromise (IoCs) and adversary tactics. Sentinel-STIX automates this workflow by using advanced Large Language Model (LLM) reasoning to perform entity extraction with clinical precision.
- Structured Output Enforcement: Utilized Gemini's "JSON Mode" and rigorous system instructions to force non-deterministic AI into producing strict STIX 2.1 compliant schema.
- Intelligent Relationship Mapping: Automatically identifies and links relationships between Threat Actors, Malware, and targeted Victims.
- Real-time IoC Validation: Implemented a secondary validation layer using Regex to check the integrity of extracted IPs, Hashes, and Domains before they enter the intelligence cycle.
- Tactical Visualization: Engineered an interactive dashboard using Recharts to provide at-a-glance telemetry of a report's indicator mix.
- Engine: Google Gemini 3 Pro (Reasoning & Extraction)
- Framework: React 19 + TypeScript
- Styling: Tailwind CSS (Cyber-Grid Aesthetic)
- Icons: Lucide React
- Charts: Recharts
- Schema: STIX 2.1 (Structured Threat Information Expression)
- Deep Extraction: Pulls Threat Actors, Malware Families, Victims, and MITRE ATT&CK TTPs.
- IoC Parsing: Identifies IPv4 addresses, Domains, URLs, and multi-format File Hashes (MD5, SHA-1, SHA-256).
- Pattern Validation: Visually flags indicators that do not match standard technical patterns.
- STIX JSON Export: One-click export of the generated bundle for ingestion into TIPs (Threat Intel Platforms) like MISP or OpenCTI.
- Example Sandbox: Pre-loaded with a complex APT-41 campaign report for instant demonstration.
- Access the App: Visit the Live Demo.
- System Activation: This tool requires a Google Gemini API Key.
- Activation: Click the "API DISCONNECTED" status in the header.
- Link Account: Follow the secure handshake protocol to link your Google AI Studio project.
- Parse: Paste any raw text (e.g., a FireEye report or a Twitter threat thread) and hit "Extract Entities".
Cynthia Schomp
Senior Frontend Engineer & Security Enthusiast
I specialize in building high-fidelity interfaces that make complex data actionable. You can view my full portfolio and current CV at: 🌐 cynthiaschomp.com
This project is for portfolio demonstration purposes. STIX™ is a trademark of OASIS Open.