featured project
insiderguard
Enterprise SOC platform built during internship at Ensign Infosecurity.
An enterprise-grade Security Operations Center (SOC) platform designed to detect, track, and investigate insider threats. The system features automated CSV-based alert ingestion with SHA-256 deduplication, intelligent incident correlation using time-window matching, and comprehensive analytics dashboards. Built with Next.js and NestJS, it includes JWT authentication with HTTP-only cookies, full audit trails for compliance, and MITRE ATT&CK framework integration for industry-standard threat classification.
technologies
next.js / nestjs / typescript / postgresql / typeorm / tailwind css / docker
key highlights
- Automated CSV ingestion with SHA-256 duplicate detection
- Intelligent alert-to-incident correlation via time-window matching
- MITRE ATT&CK framework integration for threat classification
- Real-time analytics with Recharts visualizations
- JWT authentication with HTTP-only cookies and security headers
- Full audit trails for incident status changes and compliance