5.3 KiB
██████╗██╗ █████╗
██╔════╝██║██╔══██╗
██║ ██║███████║
██║ ██║██╔══██║
╚██████╗██║██║ ██║
╚═════╝╚═╝╚═╝ ╚═╝
Operator-grade real-time situational awareness dashboard. Eleven live feeds across cyber, world, and finance — fused into a single 3D-globe SOC view with WebSocket delivery and configurable alerting.
The Learn docs are here: learn modules.
The phrase "monitoring the situation" is a Twitter/X meme from June 2025. This is the version that actually monitors the situation.
What It Does
- Aggregates 11 high-signal data feeds (DShield, Cloudflare Radar, NVD/EPSS, CISA KEV, ransomware.live, Coinbase WS, USGS, NOAA SWPC, Wikipedia ITN, GDELT, ISS) with per-source cadences from sub-second to daily
- WebSocket fan-out from a single Go binary — collectors run as errgroup goroutines, events flow through an in-process bus to all connected clients
- 3D MapLibre globe centerpiece with country-level outage shading, BGP hijack regions, mass-scan source ASN dots, ransomware victim markers, earthquake epicenters, and live ISS orbital track
- CVE velocity timeline with EPSS-weighted prioritization and CISA KEV diff alerts
- Configurable alerts (toast / banner / chime / Telegram / Discord) with AES-256 encryption of webhook secrets at rest
- BRIN-indexed Postgres time-series storage tuned for append-mostly event streams
- JWT auth with auto-rotating Ed25519 keys, public read-only mode, multi-device session management
Quick Start
just dev-up
Visit http://localhost:8432 or the live demo at iminthewalls.com
[!TIP] This project uses
justas a command runner. Typejustto see all available commands.Install:
curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
Stack
Backend: Go 1.25, chi v5, coder/websocket, pgx + pgxpool, goose migrations, errgroup-driven collectors, Argon2id, JWT (Ed25519)
Frontend: React 19, TypeScript, Vite, TanStack Query v5, Zustand, MapLibre GL, D3, SCSS Modules
Data: PostgreSQL 16 (BRIN time-series indexes), Redis 7
Infrastructure: Docker Compose, nginx reverse proxy, Cloudflare Tunnel (prod), multi-stage builds, air for live reload
Data Sources
| Panel | Source | Cadence | Auth |
|---|---|---|---|
| Mass-scan firehose | DShield (SANS ISC) | 1h | none |
| Internet outages + BGP hijacks | Cloudflare Radar | 5m | CF_RADAR_TOKEN |
| CVE velocity + EPSS | NVD CVE 2.0 + FIRST EPSS | 2h | NVD_API_KEY (optional) |
| CISA KEV (in-the-wild) | CISA KEV catalog | 1h | none |
| Ransomware victims | ransomware.live | 15m | none |
| BTC + ETH live ticks | Coinbase Advanced Trade WS | persistent | none |
| Earthquakes (M2.5+) | USGS GeoJSON | 1m | none |
| Space weather (Kp / Bz / X-flux) | NOAA SWPC | 1m / 3h | none |
| World events | Wikipedia ITN + GDELT v2 | 5m / 15m | none |
| ISS position + passes | wheretheiss.at + CelesTrak | 10s / 24h | none |
| IP enrichment (BGP) | AbuseIPDB | on-demand | ABUSEIPDB_API_KEY (optional) |
Production (Cloudflare Tunnel)
cp .env.example .env
just prod-redeploy
just migrate
Tests
cd backend && go test -race ./...
Learn
This project includes step-by-step learning materials covering security theory, architecture, and implementation.
| Module | Topic |
|---|---|
| 00 - Overview | Prerequisites and quick start |
| 01 - Concepts | Threat intel feeds, BGP hijacks, EPSS, KEV, situational awareness theory |
| 02 - Architecture | Single-binary collector pipeline, in-process event bus, WebSocket fan-out |
| 03 - Implementation | Code walkthrough across collectors, snapshot, ws, alerts |
| 04 - Challenges | Extension ideas (additional feeds, custom alerts, deployment) |
License
AGPL 3.0