Overview

SOCAlabama is a real-time, browser-based Security Operations Center (SOC) dashboard purpose-built for Alabama. It aggregates authoritative public threat intelligence feeds and visualizes active cyber risks across all 67 Alabama counties using an interactive geospatial threat map.

The platform is designed for state agency IT teams, county governments, critical infrastructure operators, and security practitioners who need situational awareness of the current threat landscape without deploying on-premise tooling.

Intelligence Sources

• CISA Known Exploited Vulnerabilities (KEV) Catalog — The authoritative U.S. government feed of vulnerabilities actively exploited in the wild. Maintained by the Cybersecurity and Infrastructure Security Agency (CISA) and updated continuously. The platform fetches the full JSON catalog (known_exploited_vulnerabilities.json) via a server-side proxy, bypassing browser CORS restrictions while keeping client credentials zero.
• NVD (National Vulnerability Database) — CVSS scores and severity ratings are fetched live from the NIST NVD REST API (services.nvd.nist.gov) via a server-side proxy and displayed alongside each KEV entry. API responses are cached server-side for 24 hours. Each CVE entry also links directly to the NVD detail page for full CWE classification, affected CPE configurations, and patch guidance.
• County Risk Scoring — Threat scores per county are dynamically derived from a weighted algorithm factoring the volume of recently added KEV entries and population density (as a proxy for attack surface). Severity classification is recency-based: entries added within 7 days are classified Critical; 7–30 days High; older entries Medium. This is not a CVSS-based score.

How the Threat Map Works

The Alabama county threat map is rendered using Leaflet.js on a dark CartoDB tile layer. Each of Alabama’s 67 counties is represented as a proportional circle overlay centered on the county seat coordinates:

• Critical (80–100) — Active KEV in past 7 days, high-population county
• High (60–79) — KEV activity in past 30 days
• Elevated (40–59) — Moderate background threat level
• Moderate (20–39) — Low current KEV activity
• Low (0–19) — Minimal threat indicators

Circle radius scales with threat score. Hover over any county for a tooltip, or click for a full detail popup.

Data Refresh & Architecture

• The CISA KEV feed is proxied server-side through nginx on the SOCAlabama host, with a 10-minute cache. This eliminates CORS errors and prevents direct client exposure to external APIs.
• The full dashboard performs an automatic full-page reload every 10 minutes, with a live countdown shown in the top header bar.
• All processing is client-side JavaScript — no user data is collected, no cookies are set, no analytics are loaded.
• The site is served over HTTPS with a full A-grade security header policy (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy).

Limitations & Disclaimer

• County threat scores are probabilistic models derived from national data. They do not represent confirmed incidents within specific Alabama counties.
• This tool is informational only and should be used alongside official CISA advisories, MS-ISAC alerts, and your organization’s own threat intelligence program.
• SOCAlabama does not access or process any classified, law enforcement, or non-public data sources.