ThreatCanvas is an advanced real-time log analysis and threat detection system powered by AI. It combines long-term memory capabilities with LLM reasoning to provide intelligent insights into your system's security landscape.
- Live Threat Detection: Continuous monitoring with AI-powered analysis
- Long-Term Memory: Maintains context of historical threats and patterns
- Batch Processing: Processes 30 logs at fixed intervals
- Intelligent Pattern Recognition: Uses LLM reasoning for advanced threat detection
- Suspicious IP Detection: Identifies and tracks potentially malicious IP addresses
- User Agent Analysis: Analyzes browser patterns and bot activities
- Response Anomaly Detection: Flags unusual response sizes and patterns
- Historical Pattern Matching: Correlates current activities with past incidents
- Interactive Chat Interface: Natural language queries for log analysis
- Dynamic Visualizations: Real-time charts and graphs
- Custom Analytics: Generate specific insights based on user queries
- Data Export: Export analysis results and visualizations
- Python 3.8+
- Azure OpenAI API key
- Mem0 API key for long-term memory storage
- AWS access key and secret access key for Anthropic Sonnet model from AWS Bedrock.
- Clone the repository:
git clone https://github.com/mukeshthawani/ThreatCanvas
cd ThreatCanvas- Install dependencies:
pip install -r requirements.txt- Configure environment variables:
cp .env.example .env
# Edit .env with your API keys- Start the application:
streamlit run app.py- Upload your log file (CSV format)
Dataset:
Access Log*: https://www.kaggle.com/datasets/eliasdabbas/web-server-access-logs
LogHub: https://github.com/logpai/loghub?tab=readme-ov-file
* Used in our case
- Navigate through different tabs:
- 🕒 Real-time Monitoring
- 📊 Periodic Summary
- 🔍 Log Query
- 📦 Data Center
ThreatCanvas is built with a modular architecture:
- Memory Module: Handles long-term storage and retrieval of threat patterns
- Processor: Manages real-time log processing and analysis
- Log Analyzer: Performs detailed analysis of log patterns
- Query Agent: Handles natural language processing for log queries
- Visualization Engine: Generates interactive charts and graphs
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.
- Azure OpenAI for LLM capabilities
- Langchain for Agentic workflow and prompt wrappers
- Mem0 for long-term memory storage
- Streamlit for the interactive interface
- AWS Bedrock for periodic summary