Art3mis Soc Ai
AI-assisted Security Operations Center platform built with FastAPI, SvelteKit, Docker, SQLite, and local LLM-powered incident analysis.
ART3MIS SOC AI
AI-assisted Security Operations Center platform built with FastAPI, SvelteKit, Docker, SQLite, and local LLM-ready incident analysis.
Overview
ART3MIS SOC AI is a full-stack cybersecurity analysis platform designed to simulate real-world SOC workflows.
The platform allows analysts to:
- Upload or paste security logs
- Detect suspicious activity
- Assign severity levels
- Generate AI-assisted incident summaries
- Track security reports
- Visualize threat analytics
- Review incident history
This project was built as a portfolio and learning platform focused on:
- Cybersecurity
- AI-assisted analysis
- SOC workflows
- Full-stack development
- Dockerized deployment
Features
Authentication
- JWT-based authentication
- Protected dashboard routes
- Secure API access
Security Log Analysis
- Log upload support
- Raw text analysis
- Detection engine for suspicious events
- Severity classification:
- Critical
- High
- Medium
- Low
AI-Assisted Incident Summaries
ART3MIS generates SOC-style summaries including:
- Threat level
- Confidence score
- Attack narrative
- Severity breakdown
- Recommended actions
Dashboard Analytics
- Threat severity charts
- Suspicious event tracking
- Top source IP detection
- Report history
Report Management
- Persistent SQLite storage
- View individual reports
- Delete reports
- Delete all reports
Modern SOC Interface
- Responsive UI
- Animated AI loading overlays
- Sidebar navigation
- Cybersecurity-inspired design language
Tech Stack
Frontend
- SvelteKit
- TailwindCSS
- Chart.js
Backend
- FastAPI
- Python
Database
- SQLite
Infrastructure
- Docker
- Docker Compose
AI
- Local LLM-ready architecture
- Ollama integration support
Screenshots
Dashboard
Upload Analyzer
Login Screen
Project Structure
art3mis-soc-ai/
│
├── backend/
│ ├── app/
│ │ ├── analyzer.py
│ │ ├── auth.py
│ │ ├── database.py
│ │ ├── main.py
│ │ ├── parser.py
│ │ ├── schemas.py
│ │ └── ai_summary.py
│ │
│ ├── sample_logs/
│ ├── requirements.txt
│ └── Dockerfile
│
├── frontend/
│ ├── src/
│ │ ├── lib/
│ │ ├── routes/
│ │ └── components/
│ │
│ ├── package.json
│ └── Dockerfile
│
├── docs/
├── docker-compose.yml
└── README.md
Getting Started
Clone Repository
git clone https://github.com/erniesmith82/ART3MIS-SOC-AI.git
cd ART3MIS-SOC-AI
Run With Docker
Start Application
docker compose up --build
Frontend:
http://localhost:3000
Backend API:
http://127.0.0.1:8000
Health Endpoint:
http://127.0.0.1:8000/health
Demo Credentials
Username: parzival
Password: Password123!
Example Security Events
ART3MIS can detect indicators such as:
- Brute force attacks
- Failed authentication attempts
- SQL injection attempts
- Path traversal attempts
- Privilege escalation
- Suspicious outbound traffic
- Port scanning activity
- Token abuse
- DNS beaconing behavior
Roadmap
Planned Features
- Threat intelligence enrichment
- VirusTotal / AbuseIPDB integration
- MITRE ATT&CK mapping
- Real-time log streaming
- PDF incident exports
- Analyst case notes
- AI model selection
- Live SOC monitoring
Development Goals
This project was created to strengthen skills in:
- Cybersecurity workflows
- AI-assisted security tooling
- Python backend development
- Frontend engineering
- Docker infrastructure
- Authentication systems
- REST API architecture
Author
Ernesto Smith
Miami, Florida
Cybersecurity & AI Development Student
GitHub: https://github.com/erniesmith82
License
This project is for educational and portfolio purposes.
