Status: Architecture & Design Phase (v1.0 Planning)
Architecture: Enterprise-Scale, Event-Driven, Polyglot
License: Apache 2.0
A high-performance, self-hosted Cyber Threat Intelligence (CTI) Platform designed to ingest, normalize, correlate, and visualize threat data at scale. Built for security teams who need an "API-First" open-source alternative to commercial TIPs.
Our architecture is built on 5 Core Pillars to ensure scalability and speed:
- Partitioned Polyglot Storage:
- PostgreSQL: Time-series partitioned storage for massive IOC retention.
- Neo4j: Graph database for threat actor and campaign correlations.
- OpenSearch: Hot indexing and Vector Search.
- Distributed Ingestion:
- Redis Streams: High-throughput "firehose" for bursty feed ingestion.
- Celery Workers: Scalable background processing for normalization.
- Intelligent Performance:
- Redis Bloom Filters: Probabilistic deduplication (
O(1)). - Multi-Layer Caching: Edge, API, and Database caching.
- Redis Bloom Filters: Probabilistic deduplication (
- High-Speed API:
- Rust-Backed Validation: Leveraging Pydantic V2 for sub-millisecond schema checks.
- Streaming Responses: Memory-efficient bulk data transfer.
- Vector Intelligence:
- k-NN Search: Semantic analysis to find "related" threats beyond string matching.
👉 Read the Full Architecture Spec
The project documentation is centralized in the docs/ directory:
| Category | File | Description |
|---|---|---|
| Architecture | HIGH_LEVEL_ARCHITECTURE_v2.md | The technical vision and design patterns. |
| Deployment | PRODUCTION_DEPLOYMENT.md | Setup guide for Docker Swarm & Compose. |
| Requirements | SYSTEM_REQUIREMENTS.md | Hardware and software dependency matrix. |
| Roadmap | ROADMAP.md | Release phases from v0.1 to v1.2+. |
| Optimization | OPTIMIZATION_REPORT.md | Metrics on performance improvements. |
| Security | VERIFICATION_PLAN.md | Security and integrity verification checks. |
While we are in the design phase, the core infrastructure can be stood up for testing.
# 1. Clone the repo
git clone https://github.com/your-org/cti-dashboard.git
# 2. Configure Environment
cp .env.prod.template .env.prod
# (Edit .env.prod with secure passwords)
# 3. Launch Services
docker-compose -f docker-compose.prod.yml up -d
# 4. Verify Health
curl http://localhost/health- Core: Python 3.11, FastAPI, Pydantic V2 (Rust)
- Databases: PostgreSQL 16, Neo4j 5, OpenSearch 2.11, Redis 7
- Infrastructure: Docker, Nginx, Celery
- Standards: STIX 2.1, TAXII 2.1
We are continuously evolving. Key upcoming phases:
- Phase 1-10: Core Feature Implementation (In Progress)
- Phase 11: Enterprise Intelligence (Vector Search)
- Phase 12: Big Data Scale (Partitioning & Streams)
See ROADMAP.md for the detailed timeline.