tirreno is a security framework. Event tracking, threat detection, and risk scoring for any application.

Cloud Security Operations Orchestrator

vPrioritizer enables us to understand the contextualized risk (vPRisk) on asset-vulnerability relationship level across the organization, for teams to make more informed decision about what (vulnerability/ties) they should remediate (or can afford not to) and on which (asset/s)

Security Analytics Engine - Anomaly Detection in Web Traffic

Detection of network traffic anomalies using unsupervised machine learning

Cloud-native AI-SOC platform for real-time security monitoring, threat detection, and incident response. Integrated endpoint protection with automated security operations and analytics.

Digital Twin Driven Security Analytics for the Industrial Internet of Things.

Plug into extended SecOps: Bring Google Cloud's analytics to your local network. tshark captures on-prem, GCP transforms to UDM. Scalable, event-driven, via Terraform.

Production-ready authentication framework that saves you weeks of development. Features enterprise-grade security: 2FA/TOTP, LDAP integration, intelligent rate limiting, session fingerprinting, brute-force protection, security analytics dashboard, comprehensive audit logging, and granular role-based access control.

This repository contains an end-to-end walkthrough to leverage Google Cloud services to demonstrate Solution Accelerators for few business domains

Power Query collection for SentinelOne - KQL queries, data transformations, and analysis templates for security operations and threat hunting

ML-powered cloud monitoring platform that detects infrastructure anomalies, analyzes system health metrics, and generates intelligent alerts for proactive incident response.

An end-to-end AI system for detecting insider threats using a hybrid machine learning approach (Isolation Forest + XGBoost). Features a high-performance ETL pipeline using DuckDB, real-time inference via FastAPI, and integrated Explainable AI (SHAP) for transparent risk assessment on the CERT R4.2 dataset.

This project demonstrates SSH authentication log analysis using Splunk SIEM to detect malicious activity such as brute-force attacks, unauthorized access attempts, and suspicious SSH behavior. It simulates real-world SOC analyst workflows, including log ingestion, SPL queries, dashboards, and alerting.

Security analytics data lake for TrustOps evidence: governance datasets, findings pipelines, compliance analytics, audit trails, and control-plane reporting.

LIZARD (visuaLized Indicators for Zonal Anomaly Risk Detection) - Interactive fraud pattern visualization and ML-based anomaly detection platform.

Crash course for new tirreno developers. Open-source security framework architecture, integration guide, and risk rules for developers and product teams.

SENTINEL SOC is a professional-grade Security Operations Center (SOC) dashboard that simulates real-world threat detection, investigation, and response workflows. Built with React and Recharts, it features live alert monitoring, interactive investigation playbooks with terminal-style execution, global attack maps, real-time CVE intelligence🔒.

🛡️ CyberSentinel – Threat Intel + Log Correlation Dashboard. An analyst-grade security tool that ingests threat intelligence, parses SSH/Apache logs, correlates IOCs, and generates real-time alerts.

AI-powered cybersecurity monitoring platform that detects suspicious digital attacks, analyzes threat patterns, visualizes intrusion risks, and assists in proactive cyber defense management.