A fully automated, βset-it-and-forget-itβ cybersecurity threat intelligence pipeline that collects, filters, summarizes, and distributes high-risk security news daily β without human intervention.
- Automatically fetches cybersecurity news from trusted RSS feeds:
- The Hacker News
- BleepingComputer
- Dark Reading
- Filters articles related to critical threats such as:
- Zero-day vulnerabilities
- Ransomware attacks
- Breaches and exploits
- Uses a lightweight Large Language Model (LLM) to generate a concise daily threat summary
- Automatically delivers the report to a Discord channel
- Runs on a daily schedule using GitHub Actions (cloud-native cron)
Security teams are overwhelmed with information. This project demonstrates how automation and AI can reduce noise, surface high-impact threats, and save operational time β a core requirement in modern cybersecurity operations.
GitHub Actions (Daily Cron) β Python Automation Script ββ RSS Ingestion ββ Keyword-Based Threat Filtering ββ AI Summarization (LLM) ββ Resilience & Fallback Logic ββ Automated Distribution (Discord)
- Python 3.11
- GitHub Actions (CI/CD & scheduling)
- OpenAI API (LLM summarization)
- RSS Feeds (Threat intelligence sources)
- Discord Webhooks (Automated reporting)
- Secrets managed securely using GitHub Actions secrets
- Graceful degradation when LLM API is unavailable
- No hardcoded credentials
- Fully unattended execution
pip install -r requirements.txt
python threat_intel.py
Environment variables required:
OPENAI_API_KEY
DISCORD_WEBHOOK
π― Use Cases
SOC daily threat briefings
Cybersecurity awareness automation
AI-powered security operations tooling
Demonstration of workflow orchestration and reliability
π Future Enhancements
Severity scoring using MITRE ATT&CK
Multi-channel notifications (Email, Slack)
Historical storage and trend analysis
SaaS-ready deployment