A production-ready Threat Intelligence Dashboard that bridges Threat Intelligence, SOC Operations, Detection Engineering, Adversary Analysis, and Customer Security Communication into a single workflow.
The project collects Indicators of Compromise (IOCs) from threat intelligence feeds, enriches them with contextual information, assigns confidence and priority scores, maps them to MITRE ATT&CK techniques, and presents the results through an analyst-friendly dashboard.
Security teams receive large amounts of threat intelligence every day, but raw indicators alone provide limited value. Analysts need context, prioritization, and actionable guidance to make informed decisions.
This project transforms raw threat intelligence into operational intelligence by:
- Collecting IOC data from AlienVault OTX
- Assigning confidence scores
- Prioritizing threats
- Mapping indicators to MITRE ATT&CK techniques
- Providing SOC action recommendations
- Generating an interactive HTML dashboard
- Exporting results to CSV for SIEM ingestion
- Fetches real-world IOCs from AlienVault OTX
- Supports common indicator types
- Uses current threat intelligence feeds
Each IOC receives a confidence score between 0 and 100 based on threat context and associated intelligence tags.
- Validates indicators using VirusTotal
- Provides additional detection information
- Helps analysts verify malicious activity
Indicators are categorized into:
- HIGH
- MEDIUM
- LOW
This allows SOC analysts to focus on the most critical threats first.
Maps threats to relevant ATT&CK techniques, including:
| Technique | Description |
|---|---|
| T1071 | Application Layer Protocol |
| T1486 | Data Encrypted for Impact |
| T1566 | Phishing |
Provides:
- IOC filtering
- Priority filtering
- Confidence filtering
- Threat statistics
- Visual confidence indicators
- MITRE ATT&CK mappings
- SOC recommendations
Exports analyzed IOC data into a timestamped CSV file:
iocs_YYYY-MM-DDTHH-MM-SS.csv
Example:
iocs_2026-05-30T08-01-34.csv
The CSV output can be used for:
- SIEM ingestion
- Threat hunting
- Security investigations
- Reporting
- IOC sharing
If API keys are unavailable, the project automatically falls back to sample data, allowing the dashboard to be demonstrated without external dependencies.
AlienVault OTX
│
▼
IOC Collection
│
▼
Threat Analysis Engine
├── Confidence Scoring
├── Priority Assignment
├── MITRE Mapping
└── SOC Action Suggestions
│
▼
VirusTotal Enrichment
│
▼
Dashboard Generator
│
▼
HTML Dashboard + CSV Export
ThreatLens/
├── fetch_ti.py
├── dashboard_template.html
├── requirements.txt
├── README.md
├── output/
│ ├── dashboard.html
│ └── iocs_YYYY-MM-DDTHH-MM-SS.csv
└── .gitignore
| File | Purpose |
|---|---|
| fetch_ti.py | Main threat intelligence collection and analysis script |
| dashboard_template.html | Jinja2 template used to generate the dashboard |
| requirements.txt | Python dependencies |
| output/dashboard.html | Generated dashboard |
| output/iocs_*.csv | Exported IOC dataset |
| README.md | Project documentation |
This project showcases capabilities across multiple cybersecurity disciplines.
| Domain | Demonstrated Capability |
|---|---|
| Threat Intelligence | IOC collection and enrichment |
| SOC Operations | Prioritization and analyst workflows |
| Detection Engineering | Confidence scoring and MITRE mapping |
| Adversary Analysis | Threat tag interpretation and TTP identification |
| Security Communication | Risk summaries and actionable recommendations |
| Security Automation | Automated reporting and dashboard generation |
- Python 3.7 or higher
- pip package manager
git clone https://github.com/YOUR_USERNAME/ThreatLens.git
cd ThreatLenspip install -r requirements.txtrequests
jinja2
Set your API key as an environment variable:
export OTX_API_KEY="your_api_key"export VT_API_KEY="your_api_key"If API keys are not provided, the application automatically uses sample data.
Run the main script:
python fetch_ti.pyRunning the script generates:
output/
├── dashboard.html
└── iocs_YYYY-MM-DDTHH-MM-SS.csv
Open the generated dashboard in your browser:
output/dashboard.html
The dashboard provides:
- IOC statistics
- Priority breakdown
- Confidence scores
- VirusTotal detections
- MITRE ATT&CK mappings
- SOC action recommendations
The generated CSV contains:
- IOC Value
- IOC Type
- Priority
- Confidence Score
- Threat Tags
- MITRE ATT&CK Mapping
- VirusTotal Results (if enabled)
- Recommended SOC Action
This file can be imported into SIEM platforms or used during threat hunting and incident response activities.
- Collect indicators from AlienVault OTX
- Analyze threat context
- Calculate confidence scores
- Assign threat priorities
- Enrich indicators with VirusTotal
- Map threats to MITRE ATT&CK
- Generate dashboard and CSV exports
- Share results with analysts or ingest into a SIEM
Potential enhancements include:
- Multiple threat intelligence feeds
- MISP integration
- STIX/TAXII support
- Splunk integration
- Elastic Security integration
- Threat actor attribution
- IOC trend visualization
- Automated IOC blocking workflows
- Sigma rule generation
This project demonstrates practical experience with:
- Threat Intelligence Operations
- IOC Enrichment
- MITRE ATT&CK Framework
- Detection Engineering Concepts
- SOC Analyst Workflows
- Security Reporting
- Security Automation
Alaka Parida
Built to demonstrate a multidisciplinary cybersecurity role combining:
- Threat Intelligence
- SOC Operations
- Detection Engineering
- Adversary Analysis
- Customer Security Communication
This project is intended for educational, research, and portfolio purposes.