featured project
insiderguard
Enterprise SOC platform built during internship at Ensign Infosecurity.
An enterprise-grade Security Operations Center (SOC) platform designed to detect, track, and investigate insider threats. The system features automated CSV-based alert ingestion with SHA-256 deduplication, intelligent incident correlation using time-window matching, and comprehensive analytics dashboards. Built with Next.js and NestJS, it includes JWT authentication with HTTP-only cookies, full audit trails for compliance, and MITRE ATT&CK framework integration for industry-standard threat classification.
technologies
- next.js
- nestjs
- typescript
- postgresql
- typeorm
- tailwind css
- docker
key highlights
- Automated CSV ingestion with SHA-256 duplicate detection
- Intelligent alert-to-incident correlation via time-window matching
- MITRE ATT&CK framework integration for threat classification
- Real-time analytics with Recharts visualizations
- JWT authentication with HTTP-only cookies and security headers
- Full audit trails for incident status changes and compliance