A full-stack AI cybersecurity application that analyzes uploaded security artifacts, classifies threats, maps attacks to the MITRE ATT&CK framework, extracts Indicators of Compromise (IOCs), and generates professional incident response recommendations.
SentinelAI is a modern cybersecurity investigation platform designed to simulate the workflow of a Security Operations Center (SOC) analyst.
Users can upload security evidence—including phishing emails, log files, PDF reports, and other supported artifacts—and receive an AI-generated investigation containing:
- Threat severity classification
- Confidence score
- MITRE ATT&CK technique mapping
- Executive investigation summary
- Automatically extracted Indicators of Compromise (IOCs)
- Prioritized incident response recommendations
- Downloadable PDF incident report
The application combines a modern React frontend with a FastAPI backend and Google's Gemini AI to create a realistic end-to-end cybersecurity investigation workflow.
- AI-powered investigation using Google Gemini
- Intelligent fallback rule engine when AI is unavailable
- Dynamic analysis based on uploaded content
- Automatic PDF text extraction
- Real-time upload processing
- Threat severity classification (Low / Medium / High)
- Confidence scoring
- MITRE ATT&CK technique mapping
- Automatic IOC extraction
- Domains
- URLs
- IP addresses
- Email addresses
- Executive investigation summaries
- Prioritized P1–P4 response actions
- Security analyst recommendations
- Downloadable PDF incident reports
- Responsive React dashboard
- Drag-and-drop file uploads
- Upload progress animation
- Typewriter AI response animation
- Interactive investigation cards
- Dark SOC-inspired interface
- Animated UI powered by Framer Motion
Add screenshots after publishing the repository.
Suggested screenshots:
assets/dashboard.png
assets/upload.png
assets/phishing-analysis.png
assets/report-download.png
- React
- TypeScript
- Vite
- Tailwind CSS
- shadcn/ui
- Framer Motion
- Lucide React
- Axios
- Python
- FastAPI
- Google Gemini API
- PyMuPDF
- ReportLab
- Pydantic
- Uvicorn
SentinelAI
│
├── backend
│ ├── app
│ │ └── main.py
│ ├── requirements.txt
│ └── .env
│
├── frontend
│ ├── src
│ │ ├── components
│ │ ├── hooks
│ │ ├── lib
│ │ ├── pages
│ │ ├── services
│ │ └── types
│ └── package.json
│
└── README.md
git clone https://github.com/YOUR_USERNAME/SentinelAI.git
cd SentinelAIcd backend
python -m venv venv
# Windows
venv\Scripts\activate
pip install -r requirements.txtCreate a .env file inside the backend directory:
GEMINI_API_KEY=YOUR_API_KEYRun the backend:
python -m fastapi dev app/main.pycd frontend
npm install
npm run devOpen:
http://localhost:5173
- Upload a phishing email, log file, or PDF.
- SentinelAI extracts readable text from the uploaded document.
- Google Gemini analyzes the evidence.
- The application:
- Classifies the threat
- Maps MITRE ATT&CK techniques
- Extracts Indicators of Compromise
- Generates an executive investigation summary
- Produces prioritized response recommendations
- Download the generated incident report as a PDF.
Threat Level:
High
Confidence:
94%
MITRE ATT&CK:
T1566 – Phishing
Indicators of Compromise:
• suspicious-login.com
• support@security-alert.com
• 185.199.xxx.xxx
Recommended Actions:
P1 • Block malicious domain
P2 • Reset affected credentials
P3 • Review authentication logs
P4 • Verify MFA enforcement
- Batch file investigations
- VirusTotal integration
- AbuseIPDB enrichment
- CVE lookup
- Threat intelligence feeds
- YARA rule matching
- Threat timeline visualization
- Investigation history
- User authentication
- Cloud deployment
Building SentinelAI strengthened my experience with:
- Full-stack software engineering
- React and TypeScript
- FastAPI REST API development
- AI integration using Google Gemini
- PDF parsing and document processing
- Cybersecurity investigation workflows
- MITRE ATT&CK framework
- Modern UI/UX development
- Asynchronous backend programming
- End-to-end application architecture
SentinelAI is an educational portfolio project created to demonstrate AI-assisted cybersecurity workflows. It is intended for demonstration purposes only and should not be used as a replacement for enterprise security monitoring or incident response platforms.
Shrihan Anikapati
Electrical & Computer Engineering Honors
Mathematics Major
The University of Texas at Austin
GitHub: https://github.com/shri30a
LinkedIn: https://linkedin.com/in/www.linkedin.com/in/shrihan-anikapati
This project is licensed under the MIT License.