CyberBrief: Threat Intelligence Briefing Tool

[+] Status: Complete [+] Origin: Portfolio Project [+] Date: 2025.01
>> TECH_STACK:
[React][FastAPI][Python][TypeScript][Tailwind CSS][OpenAI API][MITRE ATT&CK]

CyberBrief automates the daily threat intelligence briefing process. It ingests threat feeds from multiple configurable sources, extracts key indicators and tactics, maps them to the MITRE ATT&CK framework, and generates both executive and technical summaries. The goal is to compress hours of manual reading into a structured, actionable briefing.

The tool addresses a real workflow pain point: analysts reading the same reports from different angles, reformatting content for different audiences, and manually cross-referencing IOCs against ATT&CK. CyberBrief handles all of that in a single pipeline.

Open Source

This project is open source and available on GitHub

View Repository 15 Commits Star on GitHub

Full-stack application with a Python processing backend and React frontend:

React + TypeScript
Frontend Framework

Component-based UI with type safety for complex form interactions and dynamic briefing displays

FastAPI
Backend API

Async Python backend handling threat feed ingestion, summarization requests, and briefing generation

Tailwind CSS
Styling

Utility-first CSS for responsive layouts, dark mode support, and consistent design tokens

Python + NLP
Processing Engine

Threat feed parsing, entity extraction, MITRE ATT&CK mapping, and summary generation pipeline

Architecture Multi-Source Feed Aggregation
Problem: Analysts spend hours reading multiple threat feeds to produce a single daily briefing
Solution: Built an ingestion pipeline that pulls from configurable RSS/API sources, deduplicates by IOC and CVE reference, and ranks by severity and relevance to configured industry verticals
Result: Consolidates multiple feeds into a single prioritized view in seconds
NLP Pipeline Automated Summarization
Problem: Raw threat reports are verbose and inconsistent in format across different sources
Solution: Implemented a multi-stage summarization pipeline: extract key entities (IOCs, TTPs, affected products), map to MITRE ATT&CK framework, then generate concise executive and technical summaries
Result: Consistent briefing format regardless of source, with ATT&CK context included automatically
UX Design Audience-Adaptive Output
Problem: Security briefings need different levels of detail for executives vs. SOC analysts
Solution: Designed dual-view output: executive summary with risk scores and business impact, plus a technical deep-dive with IOCs, detection rules, and remediation steps
Result: One tool serves both leadership updates and analyst action items
Full-Stack Development
  • React component architecture
  • FastAPI async endpoints
  • REST API design
  • TypeScript interfaces
Data Processing
  • Feed parsing and normalization
  • Entity extraction
  • Deduplication logic
  • MITRE ATT&CK mapping
Security Domain
  • Threat intelligence workflows
  • IOC management
  • CVE prioritization
  • Executive briefing formats
Frontend
  • Tailwind responsive design
  • Dark/light mode
  • PDF export
  • Real-time filtering
Complete
  • Multi-source feed ingestion pipeline
  • MITRE ATT&CK mapping engine
  • Executive and technical summary generation
  • PDF export with branded templates
  • Configurable industry vertical filtering
  • Dark/light mode responsive UI