Volume 2 - Issue 2, March - April 2026

In Modern enterprise networks are continuously targeted by sophisticated cyber attackers who carry out multi-stage attacks, starting from credential theft and progressing to data exfiltration. These attacks often occur rapidly, making it difficult for human analysts to detect them in time This paper presents the Unified BlueTeam Threat Detection and Alert System (UBTDAS), a Python-based Security Operations Center (SOC) platform designed for real-time threat monitoring and automated response. The system integrates continuous log analysis, a rule-based detection engine aligned with the MITRE ATT&CK framework, host-level risk evaluation, automated mitigation actions, and a live web dashboard developed using Flask and SocketIO By processing data from Sysmon and Windows Security Event Logs, the system applies multiple detection rules to identify common attack techniques and aggregates alerts into a unified risk score for each system. Based on severity levels, the system automatically executes response actions such as blocking suspicious IP addresses, terminating malicious processes, isolating compromised systems, and quarantining harmful files. The system was evaluated using a simulated multi-stage attack model and demonstrated high detection performance, a significant decrease in false alerts, and rapid alert generation within a short time frame. The platform can function as a standalone security solution or be integrated with enterprise tools such as SIEM systems and email notification services.

Karthiban R, Monika P, Naveen Kumar P, Sandhiya C, Sandhiya S,"Unified Blueteam Threat Detection and Alert System" International Journal of Advanced Multidisciplinary Research and Educational Development, V2(2): Page(1583-1591) Mar-Apr 2026. ISSN: 3107-6513. www.ijamred.com. Published by Scientific and Academic Research Publishing.