Overview

SOCSOUTHEAST is a browser-based regional Security Operations Center dashboard purpose-built for the southeastern United States. It aggregates authoritative public threat intelligence feeds and visualizes active cyber risk across 12 southeastern states using an interactive geospatial threat map.

The platform is designed for state agencies, fusion centers, county and municipal IT teams, critical infrastructure operators, hospital systems, and private-sector defenders that need rapid regional situational awareness without deploying local tooling.

Intelligence Sources

• CISA Known Exploited Vulnerabilities (KEV) Catalog — The authoritative U.S. government catalog of vulnerabilities actively exploited in the wild, proxied server-side to avoid browser CORS issues and cached for performance.
• NIST National Vulnerability Database (NVD) — CVSS base scores and severity ratings are fetched live through a server-side proxy and cached for 24 hours. Each CVE links directly to its NVD detail record.
• State Risk Scoring — Threat scores are dynamically derived from live KEV activity, state attack-surface weighting, population scale, and critical infrastructure density. Scores indicate comparative regional exposure, not confirmed incidents in a specific state.

How the Map Works

The southeast threat map is rendered with Leaflet on a dark Carto basemap. Each southeastern state is represented by a proportional geospatial overlay centered on a representative state coordinate.

• Critical (80–100) — Very high exposure to recently added KEVs and dense critical infrastructure concentration.
• High (60–79) — Elevated operational exposure and broad attack surface.
• Elevated (40–59) — Moderate regional threat pressure.
• Moderate (20–39) — Lower current pressure with material residual risk.
• Low (0–19) — Minimal present indicators relative to the region.

Architecture

• The CISA KEV and NVD APIs are proxied through nginx with local caching to reduce latency and external API pressure.
• The dashboard auto-refreshes every 10 minutes and shows a live UTC clock and refresh countdown.
• No cookies, analytics, or user accounts are used. The site serves public intelligence only.
• The site is intended to run with a hardened HTTPS header policy, including CSP, HSTS, frame protections, MIME protections, and a restrictive permissions policy.

Coverage

The current release covers Alabama, Arkansas, Florida, Georgia, Kentucky, Louisiana, Mississippi, North Carolina, South Carolina, Tennessee, Virginia, and West Virginia.