Building a Production-Ready SOC Triage Tool with Python & Streamlit

Building a Production-Ready SOC Triage Tool with Python & Streamlit

Live Demo: (https://hansec-soc-triage-threat-intelligence-3n25rk85kwfaho2luyss4v.streamlit.app/)

The Problem That Needed Solving

Every SOC analyst knows this pain:

• Another alert? Let me grep the logs... copy the IP... open AbuseIPDB... manually check 50 IPs... create a ticket... repeat.

Manual log triage takes 5-10 minutes PER suspicious IP.

When you have 100+ IPs to investigate, that's 8+ hours of manual work.

I built a solution that reduces this to 30 seconds.

What I Built

SOC Triage & Threat Intelligence Automator - A tool that:

✅ Ingests - Apache/Nginx combined logs

✅ Detects - SQLi, XSS, and Path Traversal attacks using REGEX

✅ Enriches - IPs with AbuseIPDB threat intelligence

✅ Presents - a clean, actionable dashboard via Streamlit

Watch It In Action
(https://dev-to-uploads.s3.amazonaws.com/uploads/articles/dhrwxachfhmsbuqy255c.png)