Unified Threat Intelligence Dashboard

One IOC. Multiple Sources. Faster Decisions.

Project Details

Understanding the Unified Threat Intelligence Dashboard

This page provides comprehensive documentation about UTID, a professional SOC-focused web application that demonstrates real-world threat intelligence workflows. Whether you're a hiring manager, SOC analyst, or fellow developer, this guide will help you understand the project's purpose, capabilities, and technical implementation.

🎯What is the Unified Threat Intelligence Dashboard?

The Unified Threat Intelligence Dashboard (UTID) is a professional, SOC-focused web application that streamlines the process of enriching Indicators of Compromise (IOCs) by aggregating intelligence from multiple OSINT sources into a single, unified interface.

Built with modern web technologies, UTID demonstrates real-world SOC analyst workflows and showcases how threat intelligence platforms can improve operational efficiency in Security Operations Centers.

🚨Why SOC Analysts Need This Tool

❌ The Problem

  • SOC analysts waste 5-10 minutes per IOC investigation
  • Manually switching between 8+ different OSINT websites
  • Copying/pasting the same IOC repeatedly
  • Context switching reduces focus and increases errors
  • No centralized view of all intelligence sources

✅ The Solution

  • Investigate IOCs in under 30 seconds
  • Query all OSINT sources from one interface
  • Enter IOC once, analyze everywhere
  • Maintain focus with unified dashboard
  • Side-by-side comparison of all results

🔍Supported IOC Types

🌐

IP Addresses

IPv4 addresses for malicious server identification

Example: 8.8.8.8
🔗

URLs

Full web addresses for phishing and malware sites

Example: https://malicious-site.com
🌍

Domains

Domain names used in cyber attacks

Example: evil-domain.xyz
📄

File Hashes

MD5, SHA1, SHA256 hashes for malware identification

Example: 5d41402abc4b2a76...

How This Improves SOC Triage Speed

1

Traditional Workflow

Open VirusTotal → paste IOC → wait → Open AbuseIPDB → paste again → wait → Open Talos → repeat... 10+ minutes per IOC

2

UTID Workflow

Paste IOC once → Click "Analyze" → View all sources simultaneously → Make decision. Under 30 seconds!

95%Time Reduction
8+OSINT Sources
1Unified Interface

⚠️Current Limitations

🎓 Educational Proof of Concept

This project is built for educational and portfolio purposes to demonstrate SOC analyst workflows and full-stack development skills. It showcases how threat intelligence platforms can improve operational efficiency in Security Operations Centers.

  • No API Integration: Uses iframe embedding instead of direct API calls
  • Platform Restrictions: Some OSINT platforms restrict iframe embedding
  • No Data Aggregation: Results aren't parsed or aggregated automatically
  • Manual Analysis: Analysts must review each source manually
  • No Automated Scoring: No threat score calculation or verdicts

🚀Future Enhancements

With proper API access and backend infrastructure, this platform could evolve into a production-grade SOC tool with the following capabilities:

🔌 API-Based Enrichment

Direct API integration with VirusTotal, AlienVault OTX, and other platforms for automated data retrieval and parsing.

🤖 SOAR Integration

Connect with Security Orchestration platforms like Splunk SOAR, Cortex XSOAR for automated playbook execution.

📊 SIEM Integration

Push enriched intelligence back to SIEM platforms (Splunk, QRadar, Sentinel) for correlation and alerting.

🎯 Automated Scoring

Machine learning-based threat scoring combining verdicts from all sources into a single confidence score.

📝 Case Management

Built-in incident tracking with investigation notes, timeline tracking, and analyst collaboration features.

📈 Historical Analytics

Track IOC trends, repeated indicators, and campaign correlation across time for threat hunting.

💻Technology Stack

Frontend: React 18 with Next.js 14 (App Router)
Styling: Vanilla CSS with CSS Modules
State Management: React Hooks (useState, useEffect)
Storage: Browser localStorage for recent searches
Architecture: Component-based, modular design

Ready to investigate IOCs?

Head to the dashboard and start analyzing threat intelligence from multiple sources.

🎯 Go to Dashboard
Nandan S

Hi, I'm Nandan S

Aspiring SOC Analyst (L1)

Cybersecurity Analyst | Full Stack Developer

Aspiring SOC Analyst (L1) with structured training and guided hands-on experience in Cybersecurity Analysis, SOC operations, SIEM-based alert monitoring, initial incident investigation, and security event analysis. Trained on SIEM, EDR, threat intelligence, and ticketing tools through lab-based scenarios and instructor-led demonstrations, with a clear understanding of how alerts are analyzed, validated, documented, and escalated within a SOC environment.

I also bring prior internship experience in full-stack application development, which helps me better understand application behavior and logs. I built this Unified Threat Intelligence Dashboard to demonstrate my understanding of SOC analyst workflows and my ability to create professional security tools.

I am actively seeking an SOC Analyst L1 role to continue learning and support blue team operations, combining my cybersecurity training with my technical development background.

⚖️Important Notice

  • Educational Purpose: This project is built for educational and portfolio demonstration purposes only.
  • No Scraping: This tool does not scrape, store, or misuse data from OSINT platforms.
  • Terms of Service: All OSINT platform integrations respect their respective Terms of Service.
  • No Warranty: This software is provided "as-is" without any warranty or guarantee of accuracy.
  • Not for Production: This is a proof-of-concept and should not be used in production SOC environments.