Welcome to the Threat Oracle project! Threat Oracle is a threat modeling tool with a digital twin, graph structure, and vialuzation.
This project aims to provide a comprehensive solution for threat modeling applications, CI/CD pipelines, and runtime environments. By building a digital twin of the application and infrastructure, we can visualize and analyze potential risks and threats. The digital twin is represented as a graph data structure, capturing data flows and interactions within the application. This graph twin is then matched to custom risk and threat rules or CWE data to discover vulnerabilities and potential threats.
- Digital Twin Creation: Build a digital twin of your application and infrastructure.
- Graph Data Structure: Represent the application and data flows as a graph.
- Visualization: Visualize the digital twin using Neo4j's Bloom.
- Threat and Risk Analysis: Match the graph twin to custom risk and threat rules or CWE data to discover vulnerabilities.
- Comprehensive Threat Modeling: Provide a robust platform for developers and infrastructure engineers to conduct thorough threat modeling of applications, CI/CD pipelines, and runtime environments.
- Digital Twin Creation: Enable the creation of digital twins of applications and infrastructure to visualize data flows and interactions using a graph data structure.
- Visualization with Neo4j Bloom: Utilize Neo4j's Bloom for intuitive and detailed visualization of the digital twin, aiding in better understanding and analysis.
- Risk and Threat Identification: Facilitate the identification of risks and threats by matching the digital twin with custom risk and threat rules, as well as CWE data.
- Develop a Base Application Structure: Establish a solid foundation for the project, including directory structures, initial files, and setup scripts.
- Define a Digital Twin Properties Schema: Create a comprehensive schema that accurately represents the properties and relationships within the digital twin.
- Ensure Database Connectivity: Implement robust database connectivity with Neo4j to support efficient data storage and retrieval.
- Integrate Graph Visualization: Develop tools and examples for visualizing the digital twin using Neo4j Bloom, ensuring clarity and usability.
- Implement Threat and Risk Analysis: Develop mechanisms to analyze the digital twin against custom rules and CWE data, providing actionable insights into potential vulnerabilities.
- Continuous Improvement: Regularly update the platform with new features, performance enhancements, and security improvements based on community feedback and emerging threats.
By achieving these goals and objectives, Threat Oracle aims to be a valuable tool in the arsenal of developers and infrastructure engineers, helping them to proactively identify and mitigate security risks in their applications and environments.
- Neo4j
- Neo4j Bloom
- Python 3.x
- Py2neo
-
Clone the repository:
git clone https://github.com/microbrewerGM/Threat-Oracle.git cd threat-oracle
-
Install the required Python packages:
pip install -r requirements.txt
-
Initialize the digital twin properties schema:
python initialize_schema.py
-
Connect to the Neo4j database:
python connect_db.py
-
Visualize the digital twin:
TBD - Navigate to Bloom.
- Initialize project repository
- Set up basic directory structure and initial files
- Define project goals and objectives
- Define the schema for the digital twin properties
- Create initial schema in Neo4j
- Set up connection to Neo4j database
- Implement basic CRUD operations
- Integrate Neo4j Bloom for visualization
- Develop visualization tests and examples
- Develop custom risk and threat rules
- Integrate CWE data
- Implement threat and risk analysis
-
Base Application Structure:
- Initialize project repository
- Set up basic directory structure and initial files
-
Digital Twin Properties Schema:
- Define the schema for the digital twin properties
- Create initial schema in Neo4j
-
Database Connectivity:
- Set up connection to Neo4j database
- Implement basic CRUD operations
-
Graph Visualization:
- Integrate Neo4j Bloom for visualization
- Develop visualization tests and examples
We welcome contributions from the community. Please read our Contributing Guidelines before submitting a pull request.
This project is licensed under the MIT License. See the LICENSE file for details.
We would like to thank the open source community for their lead, support and contributions.
Especially, we would like to thank the open source project Threagile!
Thank you for your attention.
For any questions or suggestions, please feel free to open an issue or contact us directly.