Skip to content

shri30a/SentinelAI

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

SentinelAI — AI-Powered Cybersecurity Incident Response Platform

A full-stack AI cybersecurity application that analyzes uploaded security artifacts, classifies threats, maps attacks to the MITRE ATT&CK framework, extracts Indicators of Compromise (IOCs), and generates professional incident response recommendations.


Overview

SentinelAI is a modern cybersecurity investigation platform designed to simulate the workflow of a Security Operations Center (SOC) analyst.

Users can upload security evidence—including phishing emails, log files, PDF reports, and other supported artifacts—and receive an AI-generated investigation containing:

  • Threat severity classification
  • Confidence score
  • MITRE ATT&CK technique mapping
  • Executive investigation summary
  • Automatically extracted Indicators of Compromise (IOCs)
  • Prioritized incident response recommendations
  • Downloadable PDF incident report

The application combines a modern React frontend with a FastAPI backend and Google's Gemini AI to create a realistic end-to-end cybersecurity investigation workflow.


Features

AI Security Analysis

  • AI-powered investigation using Google Gemini
  • Intelligent fallback rule engine when AI is unavailable
  • Dynamic analysis based on uploaded content
  • Automatic PDF text extraction
  • Real-time upload processing

Threat Intelligence

  • Threat severity classification (Low / Medium / High)
  • Confidence scoring
  • MITRE ATT&CK technique mapping
  • Automatic IOC extraction
    • Domains
    • URLs
    • IP addresses
    • Email addresses

Incident Response

  • Executive investigation summaries
  • Prioritized P1–P4 response actions
  • Security analyst recommendations
  • Downloadable PDF incident reports

Modern User Experience

  • Responsive React dashboard
  • Drag-and-drop file uploads
  • Upload progress animation
  • Typewriter AI response animation
  • Interactive investigation cards
  • Dark SOC-inspired interface
  • Animated UI powered by Framer Motion

Screenshots

Add screenshots after publishing the repository.

Suggested screenshots:

assets/dashboard.png
assets/upload.png
assets/phishing-analysis.png
assets/report-download.png

Tech Stack

Frontend

  • React
  • TypeScript
  • Vite
  • Tailwind CSS
  • shadcn/ui
  • Framer Motion
  • Lucide React
  • Axios

Backend

  • Python
  • FastAPI
  • Google Gemini API
  • PyMuPDF
  • ReportLab
  • Pydantic
  • Uvicorn

Project Structure

SentinelAI
│
├── backend
│   ├── app
│   │   └── main.py
│   ├── requirements.txt
│   └── .env
│
├── frontend
│   ├── src
│   │   ├── components
│   │   ├── hooks
│   │   ├── lib
│   │   ├── pages
│   │   ├── services
│   │   └── types
│   └── package.json
│
└── README.md

Installation

Clone the Repository

git clone https://github.com/YOUR_USERNAME/SentinelAI.git
cd SentinelAI

Backend Setup

cd backend

python -m venv venv

# Windows
venv\Scripts\activate

pip install -r requirements.txt

Create a .env file inside the backend directory:

GEMINI_API_KEY=YOUR_API_KEY

Run the backend:

python -m fastapi dev app/main.py

Frontend Setup

cd frontend

npm install

npm run dev

Open:

http://localhost:5173

Example Workflow

  1. Upload a phishing email, log file, or PDF.
  2. SentinelAI extracts readable text from the uploaded document.
  3. Google Gemini analyzes the evidence.
  4. The application:
    • Classifies the threat
    • Maps MITRE ATT&CK techniques
    • Extracts Indicators of Compromise
    • Generates an executive investigation summary
    • Produces prioritized response recommendations
  5. Download the generated incident report as a PDF.

Example Output

Threat Level:
High

Confidence:
94%

MITRE ATT&CK:
T1566 – Phishing

Indicators of Compromise:
• suspicious-login.com
• support@security-alert.com
• 185.199.xxx.xxx

Recommended Actions:
P1 • Block malicious domain
P2 • Reset affected credentials
P3 • Review authentication logs
P4 • Verify MFA enforcement

Future Improvements

  • Batch file investigations
  • VirusTotal integration
  • AbuseIPDB enrichment
  • CVE lookup
  • Threat intelligence feeds
  • YARA rule matching
  • Threat timeline visualization
  • Investigation history
  • User authentication
  • Cloud deployment

What I Learned

Building SentinelAI strengthened my experience with:

  • Full-stack software engineering
  • React and TypeScript
  • FastAPI REST API development
  • AI integration using Google Gemini
  • PDF parsing and document processing
  • Cybersecurity investigation workflows
  • MITRE ATT&CK framework
  • Modern UI/UX development
  • Asynchronous backend programming
  • End-to-end application architecture

Disclaimer

SentinelAI is an educational portfolio project created to demonstrate AI-assisted cybersecurity workflows. It is intended for demonstration purposes only and should not be used as a replacement for enterprise security monitoring or incident response platforms.


Author

Shrihan Anikapati

Electrical & Computer Engineering Honors
Mathematics Major
The University of Texas at Austin

GitHub: https://github.com/shri30a

LinkedIn: https://linkedin.com/in/www.linkedin.com/in/shrihan-anikapati


License

This project is licensed under the MIT License.

About

AI-powered cybersecurity incident response platform built with React, FastAPI, Gemini, and MITRE ATT&CK mapping.

Topics

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors