A streamed cyber threat monitoring and visualisation platform that aggregates malicious activity from open threat intelligence sources and renders it on an interactive 3D globe.
This project is built under Open Innovation – IT Services, focusing on security observability, threat intelligence aggregation, and real-time visual analytics.
- URLHause (abuse.ch)
- Updates every few minutes
- Includes malware tags & classfication
- SPAMHAUS
- ip-api
- Geo-location enrichment
- Local Caching of IPs
- Background polling daemon
- Event buffering using
deque - Geo-IP caching to minimize repeated lookups
{
"lat": 37.77,
"lng": -122.41,
"attack_format": "malware_download",
"severity": "high",
"source": "urlhaus",
"timestamp": 1700000000
}The following Mermaid diagram illustrates an overview of system architecture and data flow:
graph LR
%% --- Styles ---
classDef client fill:#e0f2fe,stroke:#0284c7,stroke-width:2px;
classDef server fill:#f0fdf4,stroke:#16a34a,stroke-width:2px;
classDef worker fill:#fff7ed,stroke:#ea580c,stroke-width:2px;
classDef ext fill:#f1f5f9,stroke:#64748b,stroke-width:1px,stroke-dasharray:5 5;
classDef storage fill:#fef08a,stroke:#eab308,stroke-width:2px;
%% ---------- Vertical lanes (anchors) ----------
ClientLane[" "]:::client
ServerLane[" "]:::server
ExternalLane[" "]:::ext
%% ---------- Client (TOP) ----------
subgraph Client_Side [Next.js Client]
direction TB
Globe["3D Globe Component<br>Visualization"]:::client
HUD["Dashboard & Stats<br>UI Layer"]:::client
AIModal["AI Report Modal"]:::client
end
%% ---------- Backend (MIDDLE / WIDE) ----------
subgraph Backend_Server [FastAPI Server Host]
direction LR
subgraph Daemon [Daemon Thread]
direction TB
Poller["Polling Worker"]:::worker
end
subgraph Routes [FastAPI Routes]
direction TB
RouteStream["GET /events/stream"]:::server
RouteStats["GET /summary"]:::server
RouteAI["GET /ai/analyze"]:::server
end
subgraph Memory [Shared Memory]
direction TB
EventDeque[("EVENTS Deque<br>Rolling Buffer")]:::storage
IPCache[("IP Cache<br>Dict")]:::storage
end
end
%% ---------- External (BOTTOM) ----------
subgraph External_World [External Data & AI Services]
direction TB
URLHaus["URLHaus API<br>Threat Feeds"]:::ext
IPAPI["IP-API.com<br>Geo-Location"]:::ext
Groq["Groq Cloud<br>GPT OSS Inference"]:::ext
end
%% ---------- Vertical positioning ----------
ClientLane --> Client_Side
Client_Side --> ServerLane
ServerLane --> Backend_Server
Backend_Server --> ExternalLane
ExternalLane --> External_World
%% ---------- Data Flow ----------
Globe --> RouteStream
HUD --> RouteStats
AIModal --> RouteAI
RouteStream --> EventDeque
RouteStats --> EventDeque
RouteAI --> EventDeque
Poller --> URLHaus
Poller --> IPAPI
Poller --> IPCache
Poller --> EventDeque
RouteAI --> Groq
Groq --> RouteAI
- Run the commands
cd $server
uv sync
uv run fastapi dev --port 5000- Run the commands
bun install
bun dev