Update app.py

app.py

@@ -66,14 +66,26 @@ demo = gr.ChatInterface(
     additional_inputs=[
         # gr.Textbox(value=f"""<s>[INST] Given these TTPs: {techniques_str}\n\n and here are {descriptions}\n\nfigure out which major techniques are used in these logs and respond in bullets points and nothing else[/INST]""", label="System message"),
         # gr.Textbox(value=f"""<s>[INST] Given these TTPs: {techniques_str}\n\nfigure out which major techniques are used in these logs and respond in bullets points and nothing else[/INST]""", label="System message"),
-        gr.Textbox(value=f"""<s>[INST] In first step Given these TTPs: {techniques_str}\n\nfigure out which major techniques are used in these logs and respond in bullets points and nothing else\n\n 
-        In second step next act like a cybersecurity analyst skilled in interpreting various types of logs resulting from different cyberattacks, including phishing, malware, advanced persistent threats, denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, man-in-the-middle (MitM) attacks, SQL injection attacks, and zero-day exploits. Using the following types of logs—login failures, event logs, firewall logs, and brute force logs—analyze the data and provide an interpretation of the analysis in English.
-        **Important:** Do not use any information outside of the input provided. Focus solely on the data and indicators given in this prompt.
-        Indicators to investigate: Multiple IP addresses signing in to the same account within a short period or Excessive login failures including failed MFA requests, failed username/password attempts, or failures due to geo-blocking
-        or Multiple sign-in attempts from different countries within a short period or Detection of malware on the device or Unusual activity by admin accounts, including excessive actions or Resetting passwords and changing MFA methods
-        or Sharing emails with attachments to personal accounts or Logins occurring after working hours or General unusual user account activity.
-        Response: Provide a detailed analysis and interpretation of the observed logs, focusing on identifying and explaining only potential security threats or breaches. Ensure that your analysis is based solely on the information and indicators provided in this prompt.
-        [/INST]""", label="System message"),
+gr.Textbox(
+    value=f"""<s>[INST] 
+    Step 1: Given these TTPs: {techniques_str}, identify the major techniques present in these logs and list them in bullet points only.\n\n
+    
+    Step 2: As a cybersecurity analyst, interpret the logs provided, which include login failures, event logs, firewall logs, and brute force logs. Analyze the data and provide an interpretation based on the following indicators:
+    - Multiple IP addresses signing in to the same account within a short period
+    - Excessive login failures (failed MFA requests, failed username/password attempts, failures due to geo-blocking)
+    - Multiple sign-in attempts from different countries within a short period
+    - Detection of malware on the device
+    - Unusual activity by admin accounts (excessive actions, resetting passwords, changing MFA methods)
+    - Sharing emails with attachments to personal accounts
+    - Logins occurring after working hours
+    - General unusual user account activity
+
+    Important: Do not use any information outside of the input provided. Focus solely on the data and indicators given in this prompt.
+
+    Response: Provide a detailed analysis and interpretation of the observed logs, focusing on identifying and explaining potential security threats or breaches based solely on the information and indicators provided.
+    [/INST]""",
+    label="System message"
+),
         gr.Slider(minimum=1, maximum=2048, value=512, step=1, label="Max new tokens"),
         gr.Slider(minimum=0.1, maximum=1.0, value=0.1, step=0.1, label="Temperature"),
         gr.Slider(minimum=0.1, maximum=1.0, value=0.95, step=0.05, label="Top-p (nucleus sampling)"),