A personal portfolio website built with Laravel, featuring a custom-built, integrated "Mini-SIEM" system for real-time threat detection, logging, and response.
This project is a personal portfolio website designed not only to showcase projects and skills but also to serve as a practical demonstration of advanced, custom-built security features. It includes a fully integrated Mini-SIEM (Security Information and Event Management) system that actively detects, logs, and responds to common web threats in real-time.
The entire system, from content management to security monitoring, is managed through a comprehensive admin panel secured with Two-Factor Authentication (2FA) via email OTP.
- Dynamic Frontend: All content on the public-facing pages (Home, About, Projects, etc.) is fully manageable through the admin panel.
- Admin Panel: A complete backend to manage all portfolio content, users, and site settings.
- Project & Certificate Showcase: Sections to display detailed information about personal projects and certifications.
- Two-Factor Authentication (2FA): Secure admin login using a One-Time Password (OTP) sent to the admin's email.
- Real-time Threat Detection: A custom middleware inspects all incoming requests for malicious patterns (SQL Injection, XSS, LFI, Command Injection).
- Security Logging: All detected threats are logged to the database with detailed information, including IP address, user agent, request URL, and the malicious payload.
- Automated IP Blocking: An observer-based system automatically blocks an attacker's IP address after a configurable number of detected offenses.
- Live SOC Dashboard: A real-time Security Operations Center (SOC) dashboard to monitor site traffic, server resources, HTTP response codes, and security events as they happen.
- Firewall & Blocklist Management: A dedicated page to view and manage all automatically or manually blocked IP addresses.
- Themed HTML Email Alerts: Sends beautifully formatted, "cyber-themed" HTML emails to the admin in real-time when a new threat is detected or an IP is blocked.
- Backend: PHP 8.2, Laravel 12
- Frontend: Blade, Tailwind CSS, Vite, Chart.js (for dashboards)
- Database: MySQL
- Development Environment: XAMPP
To get a local copy up and running, follow these simple steps.
- PHP >= 8.2
- Composer
- Node.js & NPM
- A local web server environment (e.g., XAMPP, Laragon, Valet) with a MySQL database.
-
Clone the repository:
git clone https://github.com/AdliXSec/portfolio-project-soc cd porto-project-soc -
Install PHP dependencies:
composer install
-
Install NPM dependencies and build assets:
npm install npm run build
-
Create your environment file:
copy .env.example .env
-
Generate an application key:
php artisan key:generate
-
Configure your
.envfile: Update the following variables with your local database and mail server credentials:DB_DATABASE=your_database_name DB_USERNAME=your_database_username DB_PASSWORD=your_database_password MAIL_MAILER=smtp MAIL_HOST=your_mail_host MAIL_PORT=your_mail_port MAIL_USERNAME=your_mail_username MAIL_PASSWORD=your_mail_password MAIL_ENCRYPTION=tls MAIL_FROM_ADDRESS=[email protected]
-
Run database migrations and seeders: This will create all necessary tables and populate the database with initial data, including the admin user.
php artisan migrate --seed
-
Start the local development server:
php artisan serve
-
Start the queue worker: This is required to process background jobs, such as sending security alert emails. Keep this running in a separate terminal.
php artisan queue:work
-
Access the application:
- Public Site: http://127.0.0.1:8000
- Admin Login: http://127.0.0.1:8000/login
- Default Admin Email:
[email protected] - Default Admin Password:
12345678
- Default Admin Email:
This project is open-sourced software licensed under the MIT license.