Building ThreatLedger: AI-Powered NDR on AWS Aurora and Vercel in 72 Hours

How we built ThreatLedger — AI-powered NDR on AWS Aurora + Vercel in 72 hours

Venkat Sathu and team built ThreatLedger, a cloud-native Network Detection and Response dashboard, in just 72 hours for the H0 Hackathon. The system processes raw logs from Suricata, Zeek, and AWS VPC Flow to generate plain-English threat summaries via Claude API.

Why This Matters

Small businesses face the same network threats as enterprises but cannot afford $100K/year NDR tools. ThreatLedger democratizes threat detection by combining affordable cloud infrastructure (Aurora PostgreSQL, Vercel) with AI-driven analysis, eliminating the cost barrier for SMBs.

Key Insights

• Aurora PostgreSQL with pgvector enabled production-ready database from day one, supporting future semantic search across 21,742 IP reputation records (H0 Hackathon, 2026).
• Prisma integrated with Aurora on Vercel’s serverless environment required configuring PrismaPg adapter with connection pooling and SSL handling (ThreatLedger build, 2026).
• Correlation engine groups alerts into attack campaigns with composite risk scores and kill chain mapping (ThreatLedger architecture, 2026).

Practical Applications

• Small businesses can upload Suricata or Zeek logs to detect attack campaigns without expensive enterprise tools.
• Security teams use Claude API to generate plain-English summaries of complex network threats.
• Pitfall: Ignoring SSL configuration when connecting Prisma to Aurora in serverless environments leads to connection failures.

References:

• https://threatledger-app.vercel.app