HexGuard agents are deployed on behavioral honeypots to collect, process and enrich malicious activity with automated workflows.
Our backend integrates real-time parsing, context-aware enrichment, and threat scoring using structured knowledge bases and continuously updated feeds.
The upcoming AI module will support automated pattern detection, anomaly correlation, and advanced predictive threat modeling.
Goals
- Collect indicators from honeypots (e.g. via HexGuard)
- Enrich threat data using AI and external intelligence (OSINT)
- Provide a dashboard or CLI for real-time visualization
- Automate reactions to incidents (alerts, blacklisting, etc.)
๐งช Tech Stack
- Python 3.11+
- FastAPI or Flask for the REST API
- SQLite or PostgreSQL for storage
- Docker for containerization
- Minimal web interface inspired by GreyNoise dashboards
๐ Automation & Ingestion
A range of automated scripts continuously drive ingestion, enrichment, and response across the HexGuard ecosystem:
- IOC collection from feeds and honeypots
- ASN enrichment and verification
- Daily reporting, syncing, and cleanup routines
- Blacklisting & tagging of suspicious infra (VPNs, proxies, Tor, etc.)
๐ Future Developments
- Random Forest classifiers for behavioral intel
- GRU & LSTM anomaly detection on sequences (CICIDS/ModSec)
- KMeans & DEC clustering for darkweb threat grouping
- DistilBERT M7B for NLP & multilingual analysis
- IOCs Telephony & GSM Network Intelligence
๐ผ HexGuard Intelligence Platform โ Professional Offering
HexGuard is evolving into a premium threat intelligence service with a subscription-based model tailored for organizations and security teams seeking operational excellence.
- Real-time threat feeds enriched by AI and continuous signal processing
- Advanced subscriber dashboard featuring interactive intel, IOC drilldowns, and alerts timeline
- Pre-built modules for integration with TIP, SIEM, SOAR, and next-gen firewalls
- Automated mitigation workflows โ push blacklists, trigger DNS sinks, or alert internal teams instantly
- Adaptive AI Enrichment based on threat profiles and behavioral analysis
Whether you're a SOC analyst, threat hunter, or decision maker, HexGuard delivers a precise, responsive, and extensible platform built for the new cyber landscape.
๐ก HexGuard Agent โ Open Source & Decentralized Intelligence Sharing
The upcoming HexGuard agent will be installable on any Linux server, either natively or via Docker. Once released as open source, any user will be able to:
- Deploy the agent effortlessly with a one-liner install or Docker container
- Contribute to a global pool of real-time attack data
- Access a shared community dashboard
- Receive a unique API token to retrieve all collected IOCs
IOCs provided via the API are raw and unprocessed. Enrichment, behavioral correlation, and threat intelligence remain exclusive to the DeathWeb Core.
Unlike static blocklists or reactive tools like Fail2Ban, HexGuard captures and shares live attacker behavior across the network. It's not just about banning โ it's about understanding, classifying, and predicting threats as they evolve.
