Real-time MongoDB security monitoring powered by Snowflake Cortex AI, Google Gemini, and Solana blockchain tamper-proof audit trails.
Live Demo: http://15.204.229.78
Devpost: hackmerced-xi.devpost.com
Track: Cybersecurity
MongoDB Source(s) → Rule Engine (7 detectors) → Snowflake Cortex AI → Solana Blockchain Proof
→ Gemini AI (DB health summaries)
- Detect — Rule engine flags brute-force, privilege escalation, PII exfiltration, mass deletes, unauthorized access
- Explain — Snowflake Cortex
mistral-large2classifies each threat with risk scores and plain-English analysis - Summarize — Google Gemini 2.0 Flash produces holistic database health assessments
- Prove — SHA-256 hash anchored on Solana devnet — tamper-proof evidence chain
| Layer | Tech |
|---|---|
| Backend | Python, Flask, 7 modular blueprints |
| Frontend | React 19, Vite, Tailwind CSS v4 |
| Database | MongoDB 7.0 (also the thing we're protecting) |
| AI | Snowflake Cortex (mistral-large2), Google Gemini 2.0 Flash |
| Blockchain | Solana devnet, SHA-256 hashing |
| Deployment | Ubuntu VPS, nginx, systemd |
- Multi-source monitoring — 2 MongoDB instances (Local + CyberShield Corp with 53K docs)
- 7 detection rules — failed_login, role_change, collection_drop, read_spike, sensitive_access, mass_delete, unauthorized_access
- Dual AI — Snowflake for per-event analysis, Gemini for database-level summaries
- Blockchain proof — every flagged event hashed and anchored on Solana
- Incident grouping — auto-correlates events into incidents with timelines, remediation checklists, executive summaries
- Tamper test — proves evidence integrity by detecting hash mismatches
- Production-scale demo — 53,250 seeded documents across 8 collections (users, customers, transactions, PII vault, API keys, sessions)
vaultwatch/
├── backend/
│ ├── app.py # Flask entry point
│ ├── services/
│ │ ├── snowflake_ai.py # Snowflake Cortex AI integration
│ │ ├── gemini_ai.py # Google Gemini AI integration
│ │ ├── blockchain.py # Solana devnet proof anchoring
│ │ ├── detector.py # 7 rule-based detectors
│ │ ├── incidents.py # Incident grouping engine
│ │ ├── event_generator.py # Multi-source attack simulator
│ │ ├── source_manager.py # Multi-source MongoDB connector
│ │ └── seed_production_db.py # 53K document seeder
│ └── routes/ # API blueprints (events, incidents, sources, audit, verify, scanner, live)
├── frontend/
│ └── src/
│ ├── pages/ # Dashboard, EventDetail, IncidentDetail, SourceExplorer, Audit, About
│ └── components/ # StatCards, FilterBar, AlertTable, Timeline, etc.
└── README.md
# Backend
cd vaultwatch/backend
python -m venv venv && source venv/bin/activate
pip install -r requirements.txt
cp .env.example .env # fill in Snowflake, Solana, Gemini keys
python app.py
# Frontend
cd vaultwatch/frontend
npm install && npm run dev- 🔒 Cybersecurity — Real-time MongoDB threat detection + blockchain evidence
- ❄️ Best Use of Snowflake — Cortex AI per-event threat classification
- ✨ Best Use of Gemini — Database health summaries on the Explorer page
Built for HackMerced XI, March 2026.