1. Project Objective To establish a proactive, automated monitoring framework that utilizes Open-Source Intelligence (OSINT) to identify hardware security, financial, and geopolitical risks within the supply chain. The primary goal is to provide early warning signals regarding suppliers, contract manufacturers, and assembly test houses by scanning public, private, and dark web data sources. 2. Project Description This project involves the development of an automated intelligence engine designed to aggregate and synthesize data from high-value security and news sources. The system will: Ingest Data: Connect to APIs and feeds including CISA Alerts, HaveIBeenPwned (for corporate domain leaks), news aggregators, and dark web monitoring tools. Filter & Categorize: Apply logic-based filtering to separate "noise" (such as marketing press releases or routine corporate news) from "genuine risk signals" (such as data breaches, IP theft, or rumors of financial insolvency). Trigger Investigations: Automatically flag suspicious hits for manual verification to determine if a reported breach or risk is factual or speculative. Centralize Visibility: Consolidate all verified alerts into a unified dashboard for real-time risk management and stakeholder reporting. 3. Project Outcome The successful implementation of this project will result in: Reduced Mean Time to Detect (MTTD): Rapid identification of supplier-related security incidents before they impact the internal production environment. Operational Efficiency: A significant reduction in manual OSINT research time by automating the "noise" filtration process. Enhanced Supply Chain Resilience: A centralized Risk Dashboard that provides actionable intelligence on geopolitical shifts, financial instability, and hardware vulnerabilities. Data-Driven Decision Making: Improved ability to pivot to alternative suppliers or implement security patches based on verified, real-time breach alerts. Acceptance criteria 1. The crawler covers at least ten high-signal public sources and can be expanded easily. 2. Critical hardware security events surface within one hour of public appearance. 3. Alert accuracy (true positive rate) hits a minimum 85 % on a pilot test set we will share. 4. All code is delivered in a private Git repository with clear setup instructions. When you reply, include examples of past work on OSINT pipelines, cybersecurity monitoring, or similar data-engineering projects so I can gauge fit quickly.