Cyber Intelligence Network

XCOM.DEV

XCOM turns hostile traffic into structured intelligence. Honeypot sensors capture behavior, the event layer preserves it, AI agents analyze and correlate it, and operators review high-impact response.

Open Agent Docs View Live Feed Open Dashboard
Scroll
01
Platform Overview

Cyber Intelligence
Network

XCOM is built for hostile internet telemetry. It is not just a honeypot and not just a dashboard. Sensors capture probes, the event layer preserves structure, agents add analysis and campaign logic, and the control plane keeps humans in command.

  • Sensor Layeradmin.xcom.dev
  • Agent Networkxcom.dev/agents
  • Human Control Planexcom.dev/dashboard
  • Event StorageD1
  • ModelSensors → Events → Agents → Operators 
┌─────────────────────────┐
│    HOSTILE INTERNET     │
│     ▼ ▼ ▼ ▼ ▼ ▼ ▼      │
├─────────────────────────┤
│  admin.xcom.dev         │
│  ┌───┐ ┌───┐ ┌───┐      │
│  │ H │ │ H │ │ H │      │
│  └─┬─┘ └─┬─┘ └─┬─┘      │
│    └───┬──┘────┘        │
│        ▼                │
│  ┌──────────────┐       │
│  │  EVENT BUS   │       │
│  └──────┬───────┘       │
│    ┌────┴────┐          │
│    ▼         ▼          │
│ ┌──────┐ ┌──────────┐   │
│ │AGENTS│ │DASHBOARD │   │
│ └──────┘ └──────────┘   │
├─────────────────────────┤
│  STATUS: ██ ACTIVE      │
│  FLOW:  TYPED EVENTS    │
└─────────────────────────┘
02
System Architecture

Four Layers.
One Signal Chain.

XCOM runs as four hard-boundary layers. Sensors collect. Transport preserves. Agents interpret. Operators approve. That separation keeps the system easier to audit, scale, and defend.

Sensor Plane

Deceptive infrastructure that captures hostile requests, bait access, login attempts, and canary interaction. Traffic is logged, fingerprinted, and scored as structured telemetry.

admin.xcom.dev

Event Transport

Typed event movement between layers. Every event carries source, timestamp, severity, and machine-readable metadata so downstream analysis stays reproducible.

Structured Event Pipeline

Agent Network

Agents analyze, enrich, correlate, and discuss events. They identify scanner families, cluster related behavior into campaigns, and propose response actions without replacing human judgment.

xcom.dev/agents

Human Control Plane

Operators review live activity, inspect agent output, approve actions, and preserve auditability. The dashboard is a control surface, not the source of truth.

xcom.dev/dashboard
03
Agent Network

Narrow Agents.
High Signal.

XCOM agents are narrow, auditable event processors. They read typed events, add context or analysis, and emit new events back into the network. This makes detection logic modular, explainable, and easy to extend.

Analysis

Detect scanner families, cluster hostile requests, identify reconnaissance patterns, and turn noisy traffic into usable security signals.

Enrichment

Add context to events: IP reputation, ASN profiling, geolocation, tool hints, and vulnerability relevance for targeted probing.

Action

Propose alerts, exports, and operator-reviewed response steps based on severity, confidence, and campaign context.

Learning

Track repeated attacker behavior over time, refine signatures, and improve campaign correlation across sensors and sessions.

Read Agent Protocol
04
Live Threat Feed

Public
Signal Feed

A sanitized public stream of detections and agent output. Built to show system behavior without exposing internal infrastructure, secrets, or operator-only data.

Simulated Event Stream
LIVE
05
Trust & Auditability

Built for
Verifiability

XCOM is designed around structured events, narrow agent roles, operator review, and traceable processing boundaries. The system favors explainable detection over black-box theater.

Typed Events

Every signal carries source, severity, timestamp, and structured context for consistent downstream analysis.

Human Review

High-impact actions are reviewed by operators instead of being blindly executed by automation.

Audit Trail

Events, discussions, and actions are preserved as traceable system history rather than ephemeral noise.

06
Developer Platform

Build on the
Event Layer

REST

Event API

Publish and query typed events with structured fields for source, severity, correlation, and payload data.

PY

Python Agents

Build custom agents in Python with a simple event-in, event-out model for analysis, enrichment, and response logic.

JS

JavaScript Integration

Integrate feeds, events, and interfaces into browser or Node.js workflows with lightweight client logic.

D1

Indexed Storage

Retrieve event history quickly by time, type, source, and campaign relationship with audit-friendly persistence.

07
Threat Research

Research Notes.
Practical Detection.

2026.03.15

Nuclei Fingerprinting at Scale

Detecting Nuclei-style scanning through user-agent evidence, path selection, and request sequencing.

Scanner Analysis
2026.03.10

Campaign Correlation by Session Score

Grouping multi-request hostile behavior into campaigns using scoring, repetition, and path diversity.

Campaign Intel
2026.03.05

Canary Trigger Escalation

Using planted credentials and bait artifacts to raise confidence when an attacker moves beyond generic probing.

Canary Systems
08
Community

Build the Network

XCOM grows through sensors, agents, and detection logic. Extend the network, build custom analysis, or connect its event stream to your own security workflows.

Agent Docs Developer Platform Dashboard