🛡️ Trinetra - Cloud Security Analytics Platform

Enterprise-Grade IAM Risk Analysis & Multi-Cloud Access Visualization

Trinetra is a comprehensive platform designed to identify and visualize the riskiest users in your organization based on their cloud permissions and access patterns. By analyzing IAM configurations across AWS and GCP, Trinetra helps security teams understand which users pose the greatest risk if compromised and what the maximum potential impact would be to your infrastructure.

🎯 Why IAM Risk Analysis Matters

The Challenge

In modern cloud environments, users accumulate permissions across multiple accounts, services, and projects. Traditional security tools show what permissions exist, but not which users represent the highest risk if their credentials are compromised.

Our Solution

Trinetra answers critical questions:

• 🔍 Who are your riskiest users? - Identify users with the most dangerous permission combinations
• 💥 What's the blast radius? - Visualize the maximum impact if a specific user gets compromised
• 🌐 Cross-cloud visibility - See user permissions spanning AWS accounts and GCP projects
• 📊 Risk prioritization - Focus security efforts on users who matter most

Key Insights Provided

• Permission Visualization: Interactive graphs showing user-to-resource relationships across cloud accounts
• Impact Assessment: Calculate potential damage from compromised high-privilege users
• Cross-Account Analysis: Identify users with access spanning multiple AWS accounts or GCP projects
• Privilege Escalation Paths: Detect users who could escalate to admin-level access
• Unused Permissions: Find over-privileged users with dormant but dangerous permissions

🎯 Core IAM Risk Analysis Features

✅ Risk Identification & Visualization

• 🔍 Interactive Permission Mapping - Visual network graphs showing user permissions across cloud accounts
• ⚠️ Risk Scoring Engine - Automated calculation of user risk based on permission combinations
• 👥 High-Risk User Identification - Pinpoint users who pose the greatest threat if compromised
• 💥 Impact Assessment - Calculate potential infrastructure damage from user compromise
• 🌐 Multi-Cloud Risk Analysis - Unified risk view across AWS accounts and GCP projects
• 📊 Cross-Account Permission Analysis - Identify users with dangerous cross-account access
• 🎯 Attack Surface Mapping - Visualize potential attack paths through user permissions
• 📈 Passive Security Analysis - Non-intrusive assessment of existing IAM configurations
• 📋 Risk-Based Compliance - Prioritize compliance efforts based on actual risk levels

🔬 Advanced Risk Analytics

• Privilege Escalation Detection - Identify users who could gain admin access
• Dormant High-Privilege Analysis - Find unused but dangerous permissions
• Service-Level Impact Assessment - Understand which critical services each user can affect
• Group Risk Propagation - Analyze how group memberships amplify individual user risk
• Cross-Cloud Correlation - Detect users with elevated access across multiple cloud providers

🛡️ Security Features

• Authentication: JWT-based with secure session management
• Authorization: Role-based access control (Admin/User)
• Data Protection: bcrypt password hashing, input sanitization
• Audit Logging: Comprehensive security event tracking
• CORS Protection: Production-grade cross-origin resource sharing
• Rate Limiting: API abuse prevention (configurable)

🌟 Key Differentiators

• Passive Analysis: Non-intrusive data collection without affecting cloud resources
• Multi-Cloud Unified View: Single pane of glass for AWS and GCP environments
• Advanced Risk Scoring: ML-powered risk assessment algorithms
• Attack Surface Mapping: Comprehensive IAM and network security analysis
• Real-time Insights: Live data synchronization and analysis

📊 Dashboard Overview

Main Risk Analysis Features

1. 🎨 Risk Visualization Dashboard - Interactive network diagrams showing high-risk user relationships across AWS/GCP
2. 🔍 Risk-Based Search & Filtering - Find users by risk score, permission types, and potential impact
3. 📈 Comprehensive Risk Analytics - Multi-factor risk scoring including privilege escalation paths and cross-account access
4. 👥 Group Risk Analysis - Understand how group memberships contribute to individual user risk profiles
5. 🎯 Attack Surface Assessment - Map potential attack vectors through user permissions and service access
6. 📊 Executive Risk Reporting - Generate reports focusing on highest-risk users and recommended actions
7. ⚙️ Multi-Cloud Risk Correlation - Identify users with dangerous permission combinations across cloud providers
8. 💥 Impact Simulation - Model the potential damage if specific high-risk users are compromised

🏗️ Architecture

┌─────────────────────────────────────────────────────────────┐
│                    Production Architecture                    │
├─────────────────────────────────────────────────────────────┤
│                                                            │
│  ┌─────────────┐    ┌─────────────┐    ┌─────────────┐    │
│  │   React     │◄──►│   FastAPI   │◄──►│  MongoDB    │    │
│  │  Frontend   │    │   Backend   │    │  Database   │    │
│  │             │    │             │    │             │    │
│  │ - Auth UI   │    │ - JWT Auth  │    │ - User Data │    │
│  │ - Dashboard │    │ - REST API  │    │ - Cloud Data│    │
│  │ - Analytics │    │ - Risk Eng. │    │ - Audit Log │    │
│  │ - Reports   │    │ - Sync Eng. │    │ - Sessions  │    │
│  └─────────────┘    └─────────────┘    └─────────────┘    │
│         │                   │                             │
│         │                   ▼                             │
│         │        ┌─────────────────────────────────────┐  │
│         │        │       Cloud Provider APIs          │  │
│         │        │                                     │  │
│         │        │  ┌─────┐ ┌─────┐ ┌─────┐ ┌─────┐   │  │
│         │        │  │ AWS │ │ GCP │ │Azure│ │Okta │   │  │
│         │        │  └─────┘ └─────┘ └─────┘ └─────┘   │  │
│         │        │                                     │  │
│         │        │  ┌─────┐                           │  │
│         │        │  │GitHub                           │  │
│         │        │  └─────┘                           │  │
│         │        └─────────────────────────────────────┘  │
│         │                                                │
│    ┌────▼─────┐                                          │
│    │  Nginx   │  (Production Load Balancer)              │
│    │ (Reverse │                                          │
│    │  Proxy)  │                                          │
│    └──────────┘                                          │
└─────────────────────────────────────────────────────────────┘

🚀 Deployment Options

Trinetra supports multiple deployment modes to fit your infrastructure needs:

Option 1: Docker Deployment (Recommended)

# Clone the repository
git clone https://github.com/themalwarenews/trinetra.git
cd trinetra

# Update credentials in docker-compose.yml if needed
# Start all services
docker-compose up -d

# Access the application
# Frontend: http://localhost:3000
# Backend: http://localhost:8001

Option 2: Manual Installation

Prerequisites:

• Python 3.11+
• Node.js 18+
• MongoDB 7.0+
• Git

Step 1: Database Setup

# Deploy MongoDB (change credentials in docker-compose.yml)
docker-compose up -d mongo

# Or manually:
docker run -d \
  --name trinetra-mongodb \
  -p 27017:27017 \
  -e MONGO_INITDB_ROOT_USERNAME=admin \
  -e MONGO_INITDB_ROOT_PASSWORD=cloudaccess123 \
  -v mongodb_data:/data/db \
  mongo:4.4-focal

Step 2: Backend Setup

cd backend
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate
pip install -r requirements.txt

# Configure MongoDB connection
export DB_NAME="cloud_access"
export MONGO_URL="mongodb://admin:cloudaccess123@localhost:27017/cloud_access?authSource=admin"

# Start backend server
uvicorn server:app --host 0.0.0.0 --port 8001 --reload

Step 3: Frontend Setup

cd frontend
npm install
# or yarn install

# Start frontend (runs on port 3000)
npm start

🌐 Access the Application

After deployment, access Trinetra:

Ports depends on the mode of deployment, please verify before accessing.

• Frontend Dashboard: http://localhost:3000
• Backend API: http://localhost:8001
• API Documentation: http://localhost:8001/docs
• Health Check: http://localhost:8001/api/health

Default Configuration:

• Frontend Port: 3000
• Backend Port: 8001
• MongoDB: localhost:27017
• Database: cloud_access

⚙️ Configuration

Environment Variables

Backend Configuration (.env):

# Database Configuration
MONGO_URL=mongodb://localhost:27017/cloud_access_db
DB_NAME=cloud_access_db

# Security Configuration
JWT_SECRET=your-super-secure-jwt-secret-key-here
SECRET_KEY=your-application-secret-key-here
JWT_EXPIRATION_HOURS=24

# Cloud Provider Credentials (Optional)
AWS_ACCESS_KEY_ID=your-aws-access-key
AWS_SECRET_ACCESS_KEY=your-aws-secret-key
AWS_REGION=us-east-1

GITHUB_PAT=your-github-personal-access-token
GITHUB_ORG=your-github-organization

# GCP Configuration (Planned)
GCP_SERVICE_ACCOUNT_KEY=path/to/service-account.json
GCP_PROJECT_ID=your-gcp-project-id

# Azure Configuration (Planned)
AZURE_CLIENT_ID=your-azure-client-id
AZURE_CLIENT_SECRET=your-azure-client-secret
AZURE_TENANT_ID=your-azure-tenant-id

# Okta Configuration (Planned)
OKTA_DOMAIN=your-okta-domain.okta.com
OKTA_API_TOKEN=your-okta-api-token

Frontend Configuration (.env):

# Backend API URL
REACT_APP_BACKEND_URL=http://localhost:8001

# Application Configuration  
REACT_APP_APP_NAME=Cloud Access Visualizer
REACT_APP_VERSION=1.0.0
REACT_APP_ENVIRONMENT=development

# Optional: Analytics and Monitoring
REACT_APP_GOOGLE_ANALYTICS_ID=your-ga-id
REACT_APP_SENTRY_DSN=your-sentry-dsn

🔗 Cloud Provider Integration

Trinetra supports multiple integration modes for comprehensive cloud security analysis:

AWS Integration

• Single Account: Direct IAM user/role access
• Multi-Account: AWS Organizations with cross-account roles
• AWS Identity Center: SSO-based access patterns
• Data Sources: IAM users, roles, policies, EC2, VPC, Route53, ELB
• Analysis: Privilege escalation paths, unused permissions, cross-account access

GCP Integration

• Single Project: Service account-based access
• Organization-Wide: Folder and project hierarchy analysis
• Google Workspace: User and group integration
• Data Sources: IAM bindings, service accounts, Compute Engine, Cloud DNS
• Analysis: Service account permissions, cross-project access, resource policies

Integration Modes

• Read-Only Access: Minimal permissions for data collection
• Automated Sync: Scheduled data refresh and updates
• Real-time Monitoring: Continuous access pattern analysis
• Secure Credential Storage: Encrypted credential management

trinetra_v4.1080p.1.1.mp4

📚 Documentation

Setup Guides

• AWS Integration Guide - Complete AWS setup with multi-account support
• GCP Integration Guide - Google Cloud Platform configuration
• Quick Start Guide - Get up and running in minutes

Technical Documentation

• API Reference - Complete REST API documentation
• Developer Guide - Development setup and contribution guidelines
• Architecture Overview - Technical architecture and design decisions
• Features Overview - Comprehensive feature documentation

Production Security Checklist

• Change default credentials immediately after installation
• Configure HTTPS with valid SSL certificates
• Set strong JWT secrets (min 256-bit entropy)
• Enable rate limiting (default: 5 requests/15min)
• Configure firewall rules (allow only necessary ports)
• Set up monitoring for security events
• Enable audit logging for compliance
• Regular backups of database and configuration
• Update dependencies regularly for security patches

Network Security

# Firewall configuration (UFW example)
sudo ufw enable
sudo ufw allow 22/tcp    # SSH
sudo ufw allow 80/tcp    # HTTP
sudo ufw allow 443/tcp   # HTTPS
sudo ufw allow from 10.0.0.0/8 to any port 27017  # MongoDB (internal only)

🔮 Upcoming Features

Trinetra is actively developed with exciting features on the roadmap:

🚀 Planned Risk Analysis Enhancements

• Microsoft Azure - Active Directory risk analysis, subscription-level impact assessment
• Okta SSO - Application access risk mapping, SSO-based privilege escalation detection
• GitHub Enterprise - Repository access risk, code modification impact analysis
• Network Risk Visualization - AWS VPC and GCP network-based attack path analysis

🎯 Advanced Risk Features

• Unified Risk Search - Global search across high-risk users, dangerous permissions, and critical assets
• Risk-Based Compliance - Automated compliance scoring prioritized by actual user risk levels
• Executive Risk Dashboards - C-level reporting focused on highest-impact security risks
• Real-time Risk Alerts - Immediate notifications when high-risk users gain new dangerous permissions
• Risk API Integrations - Webhook support for SIEM and security orchestration platforms
• Predictive Risk Modeling - Machine learning to predict which users are likely to become high-risk

🤝 Contributing & Collaboration

We welcome contributions from the security community!

How to Contribute

• 🐛 Bug Reports: Submit issues with detailed reproduction steps
• 💡 Feature Requests: Suggest new features and enhancements
• 🔧 Code Contributions: Fork, develop, and submit pull requests
• 📖 Documentation: Help improve guides and documentation
• 🧪 Testing: Contribute test cases and quality assurance

Community Guidelines

• Follow security best practices in all contributions
• Maintain backward compatibility when possible
• Include comprehensive tests for new features
• Update documentation for user-facing changes
• Respect the Apache 2.0 license terms

📄 License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

Apache License 2.0

• ✅ Commercial Use: Use in commercial applications
• ✅ Modification: Modify and distribute modifications
• ✅ Distribution: Distribute original and modified versions
• ✅ Patent Use: Grant of patent rights from contributors
• ⚠️ Trademark Use: No trademark rights granted
• ⚠️ Liability: No warranty or liability provided

🙏 Acknowledgments

Built with these amazing open-source technologies:

• FastAPI - Modern Python web framework
• React - Frontend UI library
• MongoDB - Document database
• Cytoscape.js - Graph visualization engine
• Tailwind CSS - Utility-first CSS framework
• Docker - Containerization platform

📞 Support & Community

Community Support

• 📖 Documentation: Comprehensive guides in the /docs folder
• 🐛 Issues: GitHub Issues
• 💬 Discussions: GitHub Discussions
• 📧 Security: Report security issues privately

Feature Requests

We actively welcome feature requests and suggestions:

• Enhancement Requests: Submit via GitHub Issues with the enhancement label
• Integration Requests: Suggest new cloud providers or tools
• UI/UX Improvements: Help us improve the user experience
• Performance Optimizations: Contribute to scalability improvements

Enterprise & Commercial Use

Trinetra is open source and free for commercial use under the Apache 2.0 license:

• No licensing fees for commercial deployment
• Modification rights for custom enterprise needs
• Distribution rights for internal and external use
• Professional services available through community contributors

---

🛡️ Secure Your Multi-Cloud Environment Today

🚀 Quick Start | 📚 Documentation | 🔗 Integrations

---

Built for the Cloud Security Community 🌟

IAM Risk Analysis • User Impact Assessment • Multi-Cloud Visualization • Attack Surface Analysis

📊 Repository Analytics

📈 Project Statistics