A distributed, event-driven cybersecurity simulation platform built with Flask, Apache Kafka, and Docker.
Watchtower simulates real-time interactions between system entities — including attackers, victims, and monitoring agents — using an event-driven architecture.
It is designed to:
- Model adversarial behavior in distributed systems
- Demonstrate real-time event streaming
- Enable scalable system monitoring and analysis
- Central orchestration layer
- Handles API requests
- Produces and consumes Kafka events
- Distributed message broker
- Enables asynchronous communication
- Decouples services
- Monitors system activity
- Processes events
- Detects anomalies
- Simulates a target system
- Generates normal behavior
- Responds to incoming events
- Simulates malicious activity
- Produces attack events
All services are containerized using Docker and orchestrated via Docker Compose.
Benefits:
- Consistent environments
- Easy setup and deployment
- Scalable architecture
- Backend: Flask (Python)
- Streaming: Apache Kafka
- Containerization: Docker, Docker Compose
- Architecture: Event-driven microservices
bash git clone https://github.com/yourusername/watchtower.git cd watchtower
bash docker-compose up --build
- Attacker produces malicious events
- Events are published to Kafka topics
- Victim consumes and reacts
- Agent monitors and analyzes activity
- Backend coordinates and logs system behavior
- Real-time event streaming with Kafka
- Modular microservices architecture
- Fully Dockerized environment
- Simulated attack detection workflows
- Scalable and extensible design