ThreatSight | Devpost

ThreatSight
Brain Dump
WireShark Logs
Raw Data
Vulnerability Data Chart

Project Inspiration & Impact

Honestly, we built this project because we like data. When you look at network traffic, it is just numbers — timestamps, IPs, ports, and protocols that do not seem to mean much at first — but behind those numbers is behavior.

Patterns. Anomalies. Signals.

We wanted to take raw data and turn it into something measurable and analyzable at a large scale. Instead of manually scrolling through data or Wireshark for hours trying to figure something out, we thought:

What if we could quantify everything?

Add AI on top to quickly track patterns. Visualize attacker behavior. Store everything in a database so we can run real queries against it rather than guess.

At its core, this was about turning chaotic network noise into understandable, searchable intelligence. But we also liked the idea of building an actual SOC from scratch because it provides structure to the data we transform, enabling others to visualize and interpret it easily. An SOC does much more than try to catch attackers; it is about creating a system that continually ingests data, organizes it, and strengthens a security team over time.

Learning Experience & Technology Stack

Beyond the technical outcome, this project became a significant learning experience for all of us. Some team members deepened their understanding of cybersecurity concepts, networking, and packet analysis, while others gained hands-on experience with databases, AI integration, and system architecture.

From a technology standpoint, this project combined a broad and modern stack. We used JavaScript with React and Tailwind CSS to build the frontend interface, deploying it through Vercel. On the backend, we leveraged Python for data ingestion and AI-driven traffic analysis, while structuring telemetry in JSON and storing it in MongoDB. We utilized Wireshark for packet inspection and parsing, OpenCanary for honeypot deployment, and ran our services within Docker containers on a Linux-based operating system. We also incorporated Bash scripting for automation tasks and integrated Gemini for AI-assisted analysis. Together, these technologies allowed us to build a scalable, cloud-hosted SOC platform that bridges networking, cybersecurity, AI, and full-stack development.

Team & Collaboration

What made the experience especially meaningful was our team dynamic. We came from varied backgrounds and levels of experience, but that became a strength rather than a limitation. Team members taught each other new concepts, shared skills across disciplines, and made meaningful contributions regardless of prior familiarity with the subject.

Conclusion

In the end, we did not just build a SOC.

We engineered a complete, cloud-hosted security platform.

By combining networking, AI-driven analysis, database architecture, live monitoring, and modern web development, we created a scalable system that reflects how contemporary security operations are built.