SnapTrace

SnapTrace identifies security threats from your system logs and guides remediation steps. Don't wonder if you've been hacked—know exactly what happened and how to fix it.

Comment

SnapTrace: AI-Powered Cybersecurity Threat Detection

Inspiration

Working in fintech, we've seen firsthand how vulnerable companies are to cyberattacks. The problem isn't just detecting threats—it's catching them before they do damage. Most security tools we tried were reactive rather than proactive, leaving us constantly one step behind attackers.

We built SnapTrace out of frustration with existing solutions. We wanted something lightweight that could integrate with our existing stack without requiring a complete infrastructure overhaul.

What It Does

SnapTrace monitors your system logs in real-time, using a custom-trained language model to identify potential security threats. It's designed to be plug-and-play:

  • It analyzes log patterns to flag unusual activity
  • Our cybersecurity-tuned LLM classifies traffic as normal, suspicious, or malicious
  • A Neo4j graph database visualizes attack patterns and relationships
  • RabbitMQ handles seamless log ingestion without bottlenecks

🛠️ How We Built It

SnapTrace consists of multiple microservices, each handling a critical part of the threat detection pipeline:

Log Ingestion & Streaming

  • Captures security logs from a python script using Pyshark .
  • Uses RabbitMQ to ensure scalable log processing.

AI-Based Threat Detection

  • Sends logs to a fine-tuned Mistral-8B LLM hosted via Flask & Ngrok.
  • Analyzes logs and classifies threats as normal, suspicious, or malicious.

Automated Incident Response

  • Applies security measures (e.g., blocking malicious IPs, notifying admins).
  • Uses rate-limiting to prevent excessive load on the system.

Graph-Based Threat Intelligence

  • Uses Neo4j to build a relationship graph of security incidents.
  • Helps teams visualize attack patterns and prevent future breaches.

Challenges We Faced

The biggest headache was getting our AI model deployed. We fine-tuned it using MLX on our M2 MacBooks, but then discovered we couldn't easily deploy to cloud services because of architecture differences between Apple Silicon and NVIDIA GPUs.

Processing logs at scale was another challenge. During testing, we quickly overloaded our development machines when simulating enterprise-level log volumes. We ended up implementing rate-limiting and batch processing to keep things manageable.

False positives were a constant concern and ensuring SnapTrace remained fully free & open-source. We spent days tuning our model to strike the right balance between catching legitimate threats without flooding security teams with false alarms.

What We're Proud Of

Looking back at the 48-hour sprint, we're pretty amazed we got a working end-to-end system. The integration between the LLM for analysis and Neo4j for visualization works better than we expected, and the whole pipeline maintains surprisingly low latency even under moderate load.

What We Learned

Quality data makes or breaks AI security tools. We initially tried using synthetic datasets, but the model performed poorly until we incorporated real-world security logs.

Neo4j proved incredibly powerful for security applications—the ability to visualize attack patterns as they emerge gives security teams a huge advantage.

Perhaps most importantly, we learned that scale introduces challenges you can't anticipate in development. Learned to build scalable security infrastructure with RabbitMQ and microservices.

What's Next for SnapTrace

We're focusing on three main improvements:

  1. Integrating with established threat intelligence feeds to cross-reference our detections against known attack patterns
  2. Improving our AI model with more diverse training data
  3. Expanding our log ingestion capabilities to support more sources out of the box

Eventually, we'd like to make SnapTrace enterprise-ready with customizable security policies and comprehensive audit logging.

Final Thoughts

SnapTrace started as a weekend project to solve our own security monitoring frustrations. It's grown into something we think could genuinely help companies stay ahead of cybersecurity threats in an increasingly dangerous digital landscape.

Built With

Share this project:

Updates