A browser-based and command-line toolkit for querying and triaging network traffic from the PISCES sensor network. Search across all protocol logs, look up threat intelligence on suspicious IPs, manage false positives, and link findings to Mantis tickets — all from one place.
About the PISCES program · pisces-intl.org
New here? Start with the Getting Started guide.
- See the full picture for any IP — one view shows how many times an address appeared across connection, DNS, web, email, and all other log types simultaneously
- Look up suspicious IPs instantly — GreyNoise, AbuseIPDB, Shodan, and VirusTotal results in one panel, with direct links for manual review
- Suppress noise without restarting — mark a known scanner or benign host as a false positive and it disappears from results on the next search
- Search the PISCES ticket history inline — look up existing tickets on any IP without leaving the tool
- Run focused queries from the terminal — filter by sensor, time range, source IP, or protocol when you need more control than the web UI offers
Four browser-based apps served from a central hub. Launch everything with one command and open your browser — no configuration beyond credentials required.
OpenSearch — cross-protocol IP activity matrix showing hit counts across all log types, with per-protocol drill-down and inline enrichment.
Threat Model — threat modelling dashboard with disposition scoring and known malicious IP tracking.
Dashboard — aggregated analytics dashboard.
| App | What it's for |
|---|---|
| OpenSearch | Cross-protocol IP activity matrix, per-protocol drill-down, inline enrichment |
| Threat Model | Threat modelling dashboard with disposition scoring and known malicious IP tracking |
| Dashboard | Aggregated analytics dashboard |
| Mantis Explorer | Ticket browser and search across the PISCES ticket history |
Setup
| Guide | Description |
|---|---|
| VM Setup | Create an Ubuntu VM and connect to the cyber range network |
| Getting Started | Install, configure, and launch the toolkit on Ubuntu |
| MCP Getting Started | Connect Claude Code, kiro-cli, or another AI assistant to the PISCES backends |
Using the toolkit
| Guide | Description |
|---|---|
| Web UI Workflow | End-to-end triage walkthrough using the browser-based UI |
| CLI Workflow | Terminal-based querier walkthrough — alerts, enrichment, filters, tickets |
| False Positive Filters | Filter file format, clause types, and manual authoring guide |
| Mantis Integration | Ticket indexing and search reference |
| Threat Model Generator | Building and maintaining the IP registries that power the Mantis web app |
Reference
| Guide | Description |
|---|---|
| Advanced Usage | Full CLI flag reference for all tools |
| MCP Server Reference | Full tool reference for all three MCP servers |
| Project Structure | Annotated source tree |
See CONTRIBUTING.md for development guidelines and how to open a pull request.
To report a vulnerability, follow the process in SECURITY.md.
This project was created with the assistance of AI coding tools. AI was used to generate initial code implementations and draft documentation. All AI-generated content has been reviewed and tested by a human.
See LICENSE for details.
Maintained by Liam Dale