D-Vision Threat Intelligence Platform

A comprehensive threat intelligence platform that integrates with AIL (Analysis Information Leak) framework to provide real-time security monitoring and alerting.

🌟 Features

🔍 Mock AIL Integration - Simulates real AIL framework with 7 threat intelligence feeds
🚀 Real-time Data Processing - Continuous threat intelligence ingestion and normalization
🗄️ Multi-Database Support - PostgreSQL for structured data, Elasticsearch for search, Redis for caching
📊 Monitoring & Observability - Prometheus metrics and Grafana dashboards
🌐 Network Accessible - All services exposed for remote access
🔌 REST APIs - Comprehensive APIs for data access and management
🐳 Docker Ready - Complete containerized deployment

🎯 Threat Intelligence Feeds

Feed Type	Description	Data Points
🔐 Credentials	Leaked credentials from breaches	Email, username, password hash, breach info
🦠 Malware	Malicious URLs and file hashes	URL, malware family, C2 servers, threat score
🎣 Phishing	Fraudulent websites and scams	URL, target brand, similarity score
🔓 CVE	Vulnerability mentions and exploits	CVE ID, CVSS score, exploit availability
💥 Breaches	Data breach reports	Company, records affected, data types
🕳️ Dark Web	Marketplace monitoring	Marketplace, mention type, pricing
📱 Social Media	Platform leak monitoring	Platform, channel, leak type

🚀 Quick Start

Prerequisites

Docker and Docker Compose
8GB+ RAM recommended
20GB+ disk space

1. Clone and Setup

git clone https://github.com/your-username/d-vision.git
cd d-vision
cp .env.example .env
# Edit .env file with your settings

2. Start the Platform

# Simple startup (recommended)
./start-simple.sh

# Or manual startup
docker-compose up -d

3. Verify Installation

# Check service status
docker-compose ps

# Test API endpoints
curl http://localhost:8247/health
curl http://localhost:8248/health

🌐 Service Endpoints

Core Services

Service	URL	Description
🔍 Mock AIL	`http://localhost:8247`	Threat intelligence data source
🔌 AIL Connector	`http://localhost:8248`	Data ingestion and normalization
📊 Grafana	`http://localhost:3002`	Monitoring dashboards
📈 Prometheus	`http://localhost:9091`	Metrics collection

Databases

Service	URL	Credentials
🐘 PostgreSQL	`localhost:5433`	`dvision/dvision`
📦 Redis	`localhost:6380`	No auth
🔍 Elasticsearch	`http://localhost:9201`	No auth

📊 API Usage Examples

Mock AIL API

# List available threat feeds
curl http://localhost:8247/feeds

# Get recent threat intelligence
curl http://localhost:8247/recent?limit=10

# Search for specific threats
curl "http://localhost:8247/search?query=malware&limit=5"

# Get specific feed data
curl http://localhost:8247/feeds/credentials?limit=5

# Get platform statistics
curl http://localhost:8247/stats

AIL Connector API

# Check connector health and dependencies
curl http://localhost:8248/health

# Get ingestion statistics
curl http://localhost:8248/stats

# Manually trigger data synchronization
curl -X POST http://localhost:8248/sync/all

🏗️ Architecture

graph TB
    A[Mock AIL Service] --> B[AIL Connector]
    B --> C[PostgreSQL]
    B --> D[Elasticsearch]
    B --> E[Redis]
    F[Prometheus] --> G[Grafana]
    B --> F
    A --> F
    
    subgraph "Data Layer"
        C
        D
        E
    end
    
    subgraph "API Layer"
        A
        B
    end
    
    subgraph "Monitoring"
        F
        G
    end

Component Overview

Mock AIL Service: Generates realistic threat intelligence data across 7 feed types
AIL Connector: Ingests, normalizes, and stores threat data
PostgreSQL: Primary database with custom threat intelligence schema
Elasticsearch: Full-text search and analytics engine
Redis: Caching and session management
Prometheus: Metrics collection and monitoring
Grafana: Visualization and alerting dashboards

🔧 Configuration

Environment Variables

# Database Configuration
DB_PASSWORD=secure_password
DATABASE_URL=postgresql://dvision:${DB_PASSWORD}@postgres:5432/dvision

# Redis Configuration
REDIS_URL=redis://redis:6379

# External Services
AIL_BASE_URL=http://mock-ail:8000
ELASTICSEARCH_URL=http://elasticsearch:9200

# Monitoring
GRAFANA_PASSWORD=admin

Network Configuration

For network access, all services bind to 0.0.0.0:

ports:
  - "0.0.0.0:8247:8000"  # Mock AIL
  - "0.0.0.0:8248:8001"  # AIL Connector
  # ... other services

📈 Monitoring & Observability

Grafana Dashboards

Access at http://localhost:3002 (admin/admin):

Service Health: Monitor all component status
Threat Intelligence: Visualize threat data trends
Performance Metrics: Track API response times and throughput
System Resources: Monitor CPU, memory, and disk usage

Prometheus Metrics

Available at http://localhost:9091:

Service health checks
API request/response metrics
Database connection pools
Data ingestion rates
Custom threat intelligence metrics

🛡️ Security Considerations

Development Setup

Services exposed on all interfaces (0.0.0.0)
Default credentials used
No authentication on most endpoints

Production Recommendations

Network Security:

# Configure firewall
sudo ufw allow from 192.168.0.0/24 to any port 8247:8248
sudo ufw allow from 192.168.0.0/24 to any port 3002

Authentication:
- Enable API key authentication
- Configure OAuth/OIDC for web interfaces
- Use strong database passwords
Encryption:
- Implement HTTPS with SSL certificates
- Encrypt database connections
- Secure inter-service communication

🔍 Data Schema

Threat Intelligence Record Structure

{
  "id": "uuid",
  "type": "credential_leak|malware_url|phishing_site|cve_mention|data_breach|dark_web_mention|social_media_leak",
  "source": "breach_db|threat_feed|dark_web|...",
  "severity": "low|medium|high|critical",
  "discovered_date": "2025-07-24T00:57:18.818919",
  "additional_data": {
    "threat_specific_fields": "..."
  }
}

Database Tables

threat_intelligence: Main threat data storage
monitoring_rules: User-defined monitoring configurations
alerts: Generated alerts from monitoring rules
data_sources: External source configurations

🐳 Docker Deployment

Services Overview

# Check running services
docker-compose ps

# View service logs
docker-compose logs -f [service-name]

# Scale specific services
docker-compose up -d --scale ail-connector=3

Health Checks

All services include health checks:

# Check individual service health
curl http://localhost:8247/health
curl http://localhost:8248/health

# Check database connectivity
docker-compose exec postgres pg_isready -U dvision

🆘 Troubleshooting

Common Issues

Service Won't Start:

# Check logs
docker-compose logs [service-name]

# Rebuild container
docker-compose build [service-name]
docker-compose up -d [service-name]

Port Conflicts:

# Check port usage
netstat -tlnp | grep [port]

# Modify ports in docker-compose.yml

Database Connection Issues:

# Test database connectivity
docker-compose exec postgres psql -U dvision -d dvision -c "SELECT 1"

# Reset database
docker-compose down -v
docker-compose up -d

Performance Issues

# Monitor resource usage
docker stats

# Check disk space
df -h

# Monitor service performance
curl http://localhost:9091/metrics

📚 API Documentation

Interactive Documentation

Mock AIL API: http://localhost:8247/docs
AIL Connector API: http://localhost:8248/docs

OpenAPI Specifications

Mock AIL: http://localhost:8247/openapi.json
AIL Connector: http://localhost:8248/openapi.json

🔄 Development

Project Structure

d-vision/
├── mock-ail-service/          # Mock AIL implementation
│   ├── app.py                 # FastAPI application
│   ├── Dockerfile            # Container definition
│   └── requirements.txt      # Python dependencies
├── services/
│   └── ail-connector/        # Data ingestion service
│       ├── app.py            # FastAPI application
│       ├── Dockerfile        # Container definition
│       └── requirements.txt  # Python dependencies
├── database/
│   └── init/                 # Database initialization
│       └── 01-init.sql       # Schema and initial data
├── monitoring/               # Monitoring configuration
│   └── prometheus.yml        # Prometheus config
├── docker-compose.yml        # Service orchestration
├── start-simple.sh          # Simple startup script
└── README.md                # This file

Running in Development Mode

# Start with live reload
docker-compose -f docker-compose.dev.yml up

# Run tests
docker-compose exec ail-connector python -m pytest

# Access container shells
docker-compose exec [service-name] bash

🤝 Contributing

Fork the repository
Create a feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add amazing feature')
Push to the branch (git push origin feature/amazing-feature)
Open a Pull Request

Development Guidelines

Follow PEP 8 for Python code
Add tests for new features
Update documentation for API changes
Use conventional commits

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

AIL Framework - Inspiration for threat intelligence processing
FastAPI - Modern web framework for APIs
Docker - Containerization platform
ELK Stack - Search and analytics

📞 Support

📧 Email: support@d-vision.security
🐛 Issues: GitHub Issues
📖 Documentation: Wiki
💬 Discussions: GitHub Discussions

Built with ❤️ for the cybersecurity community

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
database/init		database/init
mock-ail-service		mock-ail-service
monitoring		monitoring
services/ail-connector		services/ail-connector
.env.example		.env.example
.gitignore		.gitignore
README.md		README.md
docker-compose.yml		docker-compose.yml
documentation.txt		documentation.txt
start-simple.sh		start-simple.sh
start.sh		start.sh

alenperic/D-Vision-Threat-Intelligence

Folders and files

Latest commit

History

Repository files navigation