This is a submission for the Postmark Challenge: Inbox Innovators.
π What I Built
I built SnagIT, an AI-powered tool designed to automate the processing and triage of security alerts (offences) received from SIEM systems, almost all SIEM tools supports email notifications. SnagIT leverages Postmarkβs inbound email processing and a powerful AI agent to handle everything from automated ticket creation and AI remediation writing to severity-based notifications and transparent logging.
π₯ Demo
Code Repository
MustafaMunir123
/
SnagIt
π SnagIT: AI-driven security incident triage β automated, intelligent, and reliable!
SnagIT
SnagIT is an AI-powered tool designed to automate the processing and triage of security alerts (offences) received from SEIM systems. By leveraging Postmarkβs inbound email processing and a powerful AI agent, SnagIT streamlines your security workflows β from automated ticket creation and remediation guidance to targeted notifications and comprehensive logging β ensuring a swift and efficient response to security incidents.
π Features
β Inbound Alert Processing with Postmark Receives and parses SEIM alerts through Postmarkβs inbound email processing service, seamlessly transforming email data into structured JSON via webhook.
β Custom Alert Target Handling SnagIT supports defining custom alert targets (e.g., new device detected, suspicious file download). If an alert matches a custom target, it is automatically processed through the same AI-powered severity detection, ticket creation, AI remediation writing, and email notification flow β ensuring these critical alerts receive tailored attention.
β AI-Powered Severity Detection & Automated Workflow For allβ¦
βοΈ How I Built It
SnagIT processes SIEM email alerts sent to Postmark, turning them into structured JSON. It then intelligently determines if an alert matches a custom target, handles severity-based workflows, and sends targeted notifications β all while maintaining an agentic log for full transparency.
1 π Behind the Scenes
When SnagIT receives an alert, it:
- Parses the email data into JSON.
- Checks if the alert matches any custom alert targets (can include / exclude in ai context).
- For matched alerts or Critical severity:
- Creates a ticket in your task management system.
- Writes AI-powered remediation.
- Sends an email with ticket url (supports JIRA & ASANA).
- For High severity, it sends an email notification only.
- For Medium and Low severity, it logs the alert at the console.
- Every step is logged agentically for easy debugging and compliance.
2 πΌοΈ Screenshots
Custom Alert Targets
AI Agent Processing
Ticket Emails (send to SOC Analyst)
3 Architecture
4 βοΈ Tech Stack
- Postmark β Inbound email service to parse and deliver SIEM alerts as JSON via webhook.
- Python Django β Robust backend framework powering the SnagIT server.
- Groq API β AI agent for severity detection and remediation generation.
- Gmail SMTP β Email notifications for critical and high-severity alerts.
- Jira API / Asana API β Task management integrations for automated ticket creation and tracking.
5 Future Goals
- Add support for more Task Management services like: Zoho Projects, Notion, Azure DevOps
- Add a scoring algorithm that automatically assign the ticket to respective person based on:
- Number of tickets working on.
- Number of high or low priority tasks.
- Number of story points covering
Top comments (0)