Skip to content

Vaibhav2154/LogIQ

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

LogIQ 🛡️

LogIQ Banner

Advanced AI-Powered Cybersecurity Platform for Threat Detection & Analysis

MIT License Python Next.js MITRE ATT&CK FastAPI

🚀 Quick Start📖 Documentation🛠️ Features🤝 Contributing


🎯 Overview

LogIQ is a comprehensive, AI-enhanced cybersecurity platform that combines real-time log analysis, MITRE ATT&CK framework integration, and intelligent threat detection into a unified solution. Built for security professionals, incident responders, and SOC teams.

🌟 Why LogIQ?

  • 🧠 AI-Powered Analysis: Leverages AWS Bedrock Titan embeddings and Google Gemini for intelligent threat detection
  • 🎯 MITRE ATT&CK Integration: Automatic mapping of security events to MITRE ATT&CK techniques
  • ⚡ Real-time Monitoring: Live log extraction from Windows Event Logs with MongoDB storage
  • 🖥️ Modern Web Interface: Next.js-powered dashboard with interactive threat visualization
  • 🔧 CLI Tools: Comprehensive command-line interface for automated operations
  • 📊 Advanced Analytics: Vector similarity search using ChromaDB for pattern recognition

🏗️ Architecture

LogIQ consists of three main components:

┌─────────────────┐    ┌──────────────────┐    ┌─────────────────┐
│   🖥️ Client     │    │   🚀 Server      │    │  🤖 AI Agent   │
│   (Next.js)     │◄──►│   (FastAPI)      │◄──►│   (CLI Tool)    │
│                 │    │                  │    │                 │
│ • Dashboard     │    │ • REST API       │    │ • Log Monitor   │
│ • Threat Viz    │    │ • MITRE Search   │    │ • AI Analysis   │
│ • MITRE Search  │    │ • ChromaDB RAG   │    │ • MongoDB Sync  │
└─────────────────┘    └──────────────────┘    └─────────────────┘

✨ Features

🔍 Threat Detection & Analysis

  • Real-time Log Monitoring: Continuous extraction from Windows Security/System Event Logs
  • AI-Powered Classification: Automatic threat severity assessment using Gemini AI
  • MITRE ATT&CK Mapping: Intelligent technique identification and categorization
  • Vector Similarity Search: ChromaDB-powered pattern matching for anomaly detection

📊 Interactive Dashboard

  • Executive Summary: High-level threat landscape overview
  • Timeline Visualization: Chronological incident tracking
  • MITRE Framework Search: Interactive technique exploration
  • Real-time Alerts: Live threat notification system

🛠️ CLI & Automation

  • One-time Authentication: Secure credential management with encryption
  • Profile-based Monitoring: Customizable log source configurations
  • Scheduled Analysis: Automated 5-minute interval processing
  • Export Capabilities: JSON/CSV report generation

🔐 Security & Integration

  • Encrypted Storage: PBKDF2 + Fernet encryption for sensitive data
  • MongoDB Integration: Scalable log storage and retrieval
  • AWS Bedrock: Enterprise-grade AI/ML capabilities
  • RESTful API: Easy integration with existing security tools

🚀 Quick Start

Prerequisites

  • Python 3.7+
  • Node.js 18+
  • MongoDB (local or cloud)
  • AWS Account (for Bedrock access)

1️⃣ Clone the Repository

git clone https://github.com/Vaibhav2154/LogIQ.git
cd LogIQ

2️⃣ Install LogIQ CLI

pip install logiq-cli

3️⃣ Authenticate and Configure

# Register and authenticate
logiq auth register --username your_username --email your_email
logiq auth login --username your_username

# Setup monitoring profile
logiq profile setup --log-path "C:\path\to\logs" --interval 300

# Or setup dynamic Windows Event Log monitoring
logiq profile setup-dynamic --sources security_events,system_events --interval 300

4️⃣ Start the Backend Server

cd server
pip install -r requirements.txt

# Configure environment variables
cp .env.example .env
# Edit .env with your AWS credentials and MongoDB connection

# Start the server
python main.py

5️⃣ Launch the Web Dashboard

cd ../client
npm install
npm run dev

6️⃣ Begin Monitoring

# Start real-time monitoring (status will update on dashboard)
logiq monitor --start

# Or start dynamic monitoring with real-time status updates
logiq monitor --dynamic --interval 300

🎉 You're ready! Access the dashboard at http://localhost:3000

📖 Documentation

Component Description Link
🤖 AI Agent CLI tool usage and automation CLI User Guide
🚀 Server API Backend setup and deployment Deployment Guide
🎯 MITRE Integration ATT&CK framework usage MongoDB Retrieval Guide
📊 Monitoring Real-time log analysis Dynamic Monitoring Guide

🛠️ Development

Project Structure

forensiq/
├── 🤖 aiagent/          # CLI tool and AI agent
│   ├── cli_tool.py      # Main CLI interface
│   ├── ai_agent.py      # AI analysis engine
│   └── mongodb_service.py # Database operations
├── 🚀 server/           # FastAPI backend
│   ├── main.py          # API server
│   ├── services/        # AI and database services
│   └── routers/         # API endpoints
├── 🖥️ client/           # Next.js frontend
│   ├── app/             # App router pages
│   ├── components/      # React components
│   └── hooks/           # Custom hooks
└── 📄 docs/             # Documentation

🐛 Debug Mode

Enable detailed logging:

# CLI with verbose output
logiq monitor --dynamic --verbose

# Server with debug mode
cd server
uvicorn main:app --reload --log-level debug

🤝 Contributing

We welcome contributions! Please see our Contributing Guide for details.

🎯 Areas We Need Help

  • Additional Log Sources: Support for Linux/macOS logs
  • Custom MITRE Techniques: User-defined detection rules
  • ML Model Training: Enhanced threat classification
  • API Integrations: SIEM platform connectors
  • Performance Optimization: Large-scale log processing

🐛 Reporting Issues

Found a bug? Please open an issue with:

  • Detailed description
  • Steps to reproduce
  • Expected vs actual behavior
  • System environment details

📊 Roadmap

🎯 Version 1.1 (Q4 2025)

  • Multi-platform log support (Linux/macOS)
  • Custom detection rule engine
  • Advanced ML threat scoring
  • SIEM integration APIs

🚀 Version 2.0 (Q1 2026)

  • Distributed analysis cluster
  • Real-time threat intelligence feeds
  • Advanced visualization dashboard
  • Enterprise SSO integration

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

  • MITRE Corporation for the ATT&CK framework
  • AWS Bedrock for AI/ML capabilities
  • Google Gemini for advanced language processing
  • ChromaDB for vector similarity search
  • FastAPI and Next.js communities

🔗 Links


⭐ Star this repository if LogIQ helps secure your environment!

GitHub stars GitHub forks

About

No description, website, or topics provided.

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors