Risk-Driven Cyber Threat Prioritization Engine

The Risk-Driven Cyber Threat Prioritization Engine was created to tackle one of the most common challenges faced by Security Analysts: too many alerts, too little time, and too much noise.

In real-world SOC environments, analysts are constantly triaging alerts under significant time pressure. Unusual user behavior, misconfigurations, or simple human error trigger the majority of alerts. While many of these alerts are technically valid, they often do not require immediate action, yet they still consume analyst attention. Over time, this constant noise leads to cognitive fatigue and increases the risk of critical incidents being delayed, misclassified, or missed altogether.

This project was designed to simulate how risk-based prioritization can help analysts stay focused on what actually matters. Instead of treating every alert the same, the risk engine evaluates each event using a multi-factor risk scoring model that considers:

• Likelihood of exploitation
• Business and operational impact
• Attack complexity and realism
• Asset criticality and exposure
• Detection confidence and control gaps

By applying principles from the NIST Cybersecurity Framework (CSF) and mapping activity to MITRE ATT&CK techniques, the system adds meaningful context to raw alerts. This helps separate routine noise from incidents that align with real attacker behavior and organizational risk.

The goal isn’t just to rank alerts, it’s to help reduce distractions caused by low-risk incidents and human error, allowing analysts to dedicate their time and attention to incidents that require careful investigation, judgment, and experience.