Key Features • Architecture • Quick Start • Detection Engine • Tech Stack

• Real-Time Log Ingestion: High-throughput event ingestion from multiple sources (Server, API, Docker).
• Active Threat Detection Engine: Automatically identify malicious patterns including Brute Force attacks, API Abuse, and Suspicious File Uploads.
• WebSocket Streaming: Live alerts and anomalous traffic visualization pushed to the dashbaord instantly.
• Dockerized Infrastructure: Complete environment orchestrated using docker-compose.
• Premium Security Dashboard: Analytics mapping traffic anomalies visually and tracking security health over time.

Traffic Sources (Users / APIs)
  │
  ▼
Log Collector (Node.js API)
  │   └── Winston Logger
  ▼
Detection Engine  ──────▶ Trigger Rules
  │                          │
  ▼                          ▼
MongoDB ◀────────────────  WebSocket (Socket.io)
  │                          │
  ▼                          ▼
[======= React + Vite Security Dashboard =======]

You will need Docker and Docker Compose installed on your system.

Clone the repository and spin up the complete environment using Docker:

git clone https://github.com/your-username/cloud-sec-monitoring.git
cd cloud-sec-monitoring

# Start the cluster in detached mode
docker-compose up -d --build

The dashboard will be available at http://localhost:3000

To see the platform actively detect threats, run the included attack simulation script:

# Simulates Brute Force, API Abuse, and Malicious Uploads
./test-attack.sh

The core brain of the platform checks incoming events against active rules:

1. Brute Force Defense: Triggers when login_failed exceeds 5 attempts within a 60-second sliding window for a single IP.
2. API Abuse: Detects over 50 requests from a single IP address in one minute.
3. Suspicious Files: Checks file_upload events for executable extensions (.sh, .exe, .bat).

Built by NIKHIL CHAVAN as a demonstration of Cloud Architecture and Security Operations (SecOps) engineering.