Skip to content
@Cyberfortress-Labs

Cyberfortress Labs

Cyberfortress is a security-focused research and engineering space dedicated to building modern SOC, SIEM, and XDR capabilities.
README.md

Cyberfortress Labs

Building Intelligent Security Operations Through Research and Innovation

A security research organization advancing SOC ecosystems through the integration of SIEM, SOAR, and XDR technologies with intelligent analysis and automation.

🔬 Research Focus

We develop intelligent Security Operations Center (SOC) architectures that enhance cyber threat detection and response capabilities through:

SIEM Integration

  • Centralized log collection & normalization
  • Real-time correlation & alerting
  • Multi-layer security monitoring

SOAR Automation

  • Incident orchestration & case management
  • Response playbook automation
  • Analyst workload optimization

SmartXDR Intelligence

  • AI-assisted threat analysis
  • False positive reduction
  • Priority-based alert enrichment

🎯 Research Objectives

  • Intelligent SOC Design — Integrating SIEM, SOAR, and Open XDR concepts into a cohesive ecosystem
  • Alert Optimization — Reducing false positives through AI-assisted filtering and prioritization
  • Automated Response — Improving MTTD and MTTR via orchestrated security workflows
  • Detection Coverage — Evaluating effectiveness using MITRE ATT&CK framework mapping

🧪 Laboratory Environment

Our controlled experimental infrastructure simulates real-world attack scenarios to validate detection and response capabilities:

  • Network Layer — Firewall, IDS/IPS, Network Security Monitoring (NSM)
  • Endpoint Layer — Host-based detection agents and EDR tools
  • Analysis Layer — Centralized SIEM, threat intelligence platforms, case management
  • Attack Simulation — Brute-force, SQL injection, malware, web exploits

📦 Research Areas

Security Domain Focus Areas
Detection Engineering MITRE ATT&CK coverage, signature development, behavioral analysis
Threat Intelligence IOC integration, threat hunting, intelligence sharing platforms
Automation & Orchestration SOAR playbooks, API integration, incident workflows
XDR Research Open XDR architecture, cross-layer correlation, unified visibility
AI-Assisted Analysis Alert prioritization, anomaly detection, intelligent enrichment

⚠️ Scope & Limitations

This is an academic research initiative focused on proof-of-concept implementation and experimental validation in simulated environments. The system leverages existing open-source security tools and external AI services without proprietary ML model training. Large-scale enterprise deployment is outside the current research scope.

📍 Affiliated Institution

University of Information Technology (UIT)
Vietnam National University HCMC (VNU-HCM)

🔗 Connect With Us

🌐 cyberfortress-labs.github.io | ✉️ thienlai159@gmail.com

Pinned Loading

  1. Cyberfortress-SmartXDR-Core Cyberfortress-SmartXDR-Core Public

    CyberFortress-SmartXDR-Core provides the central AI-driven intelligence layer for the CyberFortress Intelligent SOC Ecosystem. It delivers alert triage, IOC enrichment, MITRE mapping, and automated…

    Python 1

  2. Cyberfortress-Intelligent-SOC-Ecosystem Cyberfortress-Intelligent-SOC-Ecosystem Public

    An Intelligent SOC Ecosystem that integrates SIEM, SOAR, and SmartXDR to enhance monitoring, detection, and response to cyber attacks. SmartXDR combines OpenXDR tools (Wazuh, Suricata, Zeek, pfSens…

    Shell 1

  3. Cyberfortress-n8n-Automation Cyberfortress-n8n-Automation Public

    This repository contains the automation infrastructure for Cyberfortress, utilizing n8n to orchestrate security workflows, generate reports, and integrate with platforms like Wazuh, SmartXDR, and T…

    JavaScript 1

  4. Cyberfortress-ML-Logs-Classification Cyberfortress-ML-Logs-Classification Public

    A machine-learning–powered log classification system designed to normalize multi-source security logs (Suricata, Zeek, pfSense, ModSecurity, Apache, Nginx, MySQL, Windows, Wazuh, etc.) and predict …

    Python 1

  5. Cyberfortress-IRIS-SmartXDR-Module Cyberfortress-IRIS-SmartXDR-Module Public

    iris-smartxdr-module is a IRIS pipeline/processor module created with https://github.com/dfir-iris/iris-skeleton-module

    Python 1

  6. Cyberfortress-Wazuh-Defend Cyberfortress-Wazuh-Defend Public

    A collection of Python utilities and build artifacts used to package and sign small Windows helper applications for interacting with Wazuh and endpoint workflows. This repository contains tools for…

    Python 1

Repositories

Showing 10 of 17 repositories
  • Cyberfortress-Intelligent-SOC-Ecosystem Public

    An Intelligent SOC Ecosystem that integrates SIEM, SOAR, and SmartXDR to enhance monitoring, detection, and response to cyber attacks. SmartXDR combines OpenXDR tools (Wazuh, Suricata, Zeek, pfSense,…) with AI/ML to reduce false positives, prioritize critical threats, and accelerate incident response, ensuring a more adaptive and effective SOC.

    Cyberfortress-Labs/Cyberfortress-Intelligent-SOC-Ecosystem’s past year of commit activity
    Shell 1 AGPL-3.0 0 0 0 Updated Jan 8, 2026
  • Cyberfortress-SmartXDR-Core Public

    CyberFortress-SmartXDR-Core provides the central AI-driven intelligence layer for the CyberFortress Intelligent SOC Ecosystem. It delivers alert triage, IOC enrichment, MITRE mapping, and automated response logic through a unified Flask-based AI gateway.

    Cyberfortress-Labs/Cyberfortress-SmartXDR-Core’s past year of commit activity
    Python 1 AGPL-3.0 0 0 0 Updated Jan 8, 2026
  • cyberfortress-labs.github.io Public

    A unified intelligent SOC ecosystem where SIEM, SOAR, OpenXDR, Threat Intelligence, and AI/ML/LLM platforms are integrated into a cohesive operational pipeline. The system enables end-to-end security event processing: from log collection and normalization to analysis and automated incident response.

    Cyberfortress-Labs/cyberfortress-labs.github.io’s past year of commit activity
    HTML 0 AGPL-3.0 0 0 0 Updated Jan 8, 2026
  • Cyberfortress-Wazuh-Defend Public

    A collection of Python utilities and build artifacts used to package and sign small Windows helper applications for interacting with Wazuh and endpoint workflows. This repository contains tools for isolation handling, application registration, threat removal helpers, and desktop notifications.

    Cyberfortress-Labs/Cyberfortress-Wazuh-Defend’s past year of commit activity
    Python 1 AGPL-3.0 0 0 0 Updated Jan 8, 2026
  • Cyberfortress-RedOps Public

    Attack simulation toolkit for testing Intelligent SOC Ecosystem detection capabilities, aligned with the MITRE ATT&CK framework.

    Cyberfortress-Labs/Cyberfortress-RedOps’s past year of commit activity
    Python 1 Apache-2.0 0 0 0 Updated Jan 8, 2026
  • Cyberfortress-SmartXDR-Classification Public

    A machine-learning–powered log classification system designed to normalize multi-source security logs (Suricata, Zeek, pfSense, ModSecurity, Apache, Nginx, MySQL, Windows, Wazuh, etc.) and predict their severity level: ERROR, WARNING, or INFO.

    Cyberfortress-Labs/Cyberfortress-SmartXDR-Classification’s past year of commit activity
    Python 0 AGPL-3.0 0 0 0 Updated Jan 8, 2026
  • Cyberfortress-SmartXDR-Ingest-Pipeline Public

    Automatic log classification system using Machine Learning on Elasticsearch.

    Cyberfortress-Labs/Cyberfortress-SmartXDR-Ingest-Pipeline’s past year of commit activity
    0 AGPL-3.0 0 0 0 Updated Jan 8, 2026
  • Cyberfortress-ML-Logs-Classification Public

    A machine-learning–powered log classification system designed to normalize multi-source security logs (Suricata, Zeek, pfSense, ModSecurity, Apache, Nginx, MySQL, Windows, Wazuh, etc.) and predict their severity level: ERROR, WARNING, or INFO.

    Cyberfortress-Labs/Cyberfortress-ML-Logs-Classification’s past year of commit activity
    Python 1 AGPL-3.0 0 0 0 Updated Jan 8, 2026
  • Cyberfortress-n8n-Automation Public

    This repository contains the automation infrastructure for Cyberfortress, utilizing n8n to orchestrate security workflows, generate reports, and integrate with platforms like Wazuh, SmartXDR, and Telegram. The project is containerized using Docker and includes a custom n8n image pre-configured with Puppeteer, Pandoc, and document generation tools.

    Cyberfortress-Labs/Cyberfortress-n8n-Automation’s past year of commit activity
    JavaScript 1 0 0 0 Updated Dec 28, 2025
  • Cyberfortress-IntelOwl-CTI Public

    Cloned from https://github.com/intelowlproject/IntelOwl

    Cyberfortress-Labs/Cyberfortress-IntelOwl-CTI’s past year of commit activity
    Python 1 AGPL-3.0 0 0 0 Updated Dec 24, 2025
View all repositories

Top languages

Loading…

Most used topics

Loading…