All Projects

Security Incident Triage Dashboard

In Progress
  • FastAPI
  • React
  • TypeScript
  • SQLite
  • Python
Source Code

Overview

A full-stack web application that ingests JSON/CSV alert files, normalises them into a unified schema, correlates related alerts into incidents by entity overlap and time proximity, and assigns explainable priority scores. Analysts can triage incidents through a status workflow (New → Investigating → Contained → Closed) and export reports as Markdown.

Features

  • Drag-and-drop JSON/CSV alert ingestion with format normalisation
  • Automatic correlation of related alerts into incidents
  • Priority scoring (0–100) with full explainability
  • Analyst workflow with status tracking and high-priority queue
  • Dashboard with filters, incident details, and Markdown report export

Next Steps

  • Deploy live demo with demo credentials
  • Add real-time alert streaming support
  • Expand correlation engine with additional heuristics