SecureCore Defense System (SCDS) is a backend-driven cybersecurity incident management platform designed to model, track, and analyze security events within an organizational infrastructure. The system focuses on structuring relationships between incidents, affected users, associated devices, and applied security tools.
This project demonstrates practical database design, RESTful API architecture, and modular backend development using Node.js and MySQL.
The primary goals of this system are:
- To design a normalized relational database for cybersecurity incident tracking
- To model real-world relationships between entities such as users, devices, and tools
- To implement a modular REST API for data access and manipulation
- To simulate an incident response workflow from detection to resolution
The system follows a layered architecture:
- Presentation Layer: (optional) client or API consumer
- Application Layer: Express.js controllers and routes
- Data Layer: MySQL relational database
- User Management
- Incident Management
- Device Tracking
- Security Tool Analysis
The database design is based on an Entity-Relationship model with the following key entities:
Security_IncidentUserDeviceSecurity_Tool
- One device can be associated with multiple incidents (one-to-many)
- One incident can affect multiple users (many-to-many)
- One incident can involve multiple tools (many-to-many)
Junction tables are used to resolve many-to-many relationships:
Incident_UserIncident_Tool
The schema is normalized up to Third Normal Form (3NF):
- Each table contains atomic values (1NF)
- Non-key attributes depend fully on the primary key (2NF)
- No transitive dependencies (3NF)
CREATE TABLE Security_Incident (
incident_id INT AUTO_INCREMENT PRIMARY KEY,
incident_name VARCHAR(255),
incident_type VARCHAR(100),
severity_level VARCHAR(50),
start_time DATETIME,
end_time DATETIME,
status VARCHAR(50),
device_id INT
);src/
├── config/ # Database configuration
├── models/ # Data access layer
├── controllers/ # Business logic
├── routes/ # API endpoints
├── app.js # Express app setup
└── server.js # Entry pointThe system follows a modular separation of concerns:
- Models handle database queries
- Controllers process requests and responses
- Routes define API endpoints
The API follows REST principles.
GET /api/incidents
POST /api/incidents
GET /api/incidents/:id
PUT /api/incidents/:id
DELETE /api/incidents/:id
GET /api/incidents/:id/users
GET /api/incidents/:id/tools
The system models a simplified incident response lifecycle:
- Incident detection
- Association with affected users
- Identification of impacted device
- Application of security tools
- Monitoring and analysis
- Resolution and closure
This workflow aligns with standard incident response practices in cybersecurity.
git clone https://github.com/manucian-official/securecore-defense-system.git
cd securecore-defense-systemnpm installCREATE DATABASE scds;Import schema:
mysql -u root -p scds < database/schema.sqlCreate .env file:
PORT=3000
DB_HOST=localhost
DB_USER=root
DB_PASS=
DB_NAME=scds
npm run devPOST /api/incidents
{
"incident_name": "DDoS Attack",
"incident_type": "DDoS",
"severity_level": "Critical",
"device_id": 2
}- Clear separation of concerns
- Scalable relational schema
- Extendable modular architecture
- No authentication or authorization layer
- No real-time monitoring capability
- Limited analytics support
- Integration of authentication (JWT)
- Real-time event monitoring (WebSocket)
- Analytical dashboard for incident metrics
- AI-based anomaly detection
SecureCore Defense System provides a structured and extensible foundation for managing cybersecurity incidents. The system highlights the importance of proper data modeling, modular backend design, and alignment with real-world workflows.
It can be extended into a full-scale enterprise security platform with additional layers such as authentication, monitoring, and visualization.