import gradio as gr from huggingface_hub import InferenceClient import os from mitreattack.stix20 import MitreAttackData from descriptions import descriptions # Chemins des fichiers JSON ics_attack_path = 'ics-attack.json' enterprise_attack_path = 'enterprise-attack.json' # Charger les données ATT&CK mitre_attack_data = MitreAttackData(enterprise_attack_path) # Charger les techniques ATT&CK techniques = mitre_attack_data.get_techniques(remove_revoked_deprecated=True) # Convert techniques to a readable string format techniques_str = "\n".join([f"{technique['name']} ({mitre_attack_data.get_attack_id(technique['id'])})" for technique in techniques]) def clean_string(input_string): characters_to_remove = [',', '/', ':', '"',';','|','-','_'] cleaned_string = ''.join(char for char in input_string if char not in characters_to_remove) return cleaned_string client = InferenceClient(model='mistralai/Mixtral-8x7B-Instruct-v0.1') def respond( message, history: list[tuple[str, str]], system_message, max_tokens, temperature, top_p, ): messages = [{"role": "system", "content": system_message}] for val in history: if val[0]: messages.append({"role": "user", "content": val[0]}) if val[1]: messages.append({"role": "assistant", "content": val[1]}) messages.append({"role": "user", "content": message}) message_content = message response = "" for message in client.chat_completion( messages, max_tokens=max_tokens, stream=True, temperature=temperature, top_p=top_p, ): token = message.choices[0].delta.content response += token yield response demo = gr.ChatInterface( respond, additional_inputs=[ # gr.Textbox(value=f"""[INST] Given these TTPs: {techniques_str}\n\n and here are {descriptions}\n\nfigure out which major techniques are used in these logs and respond in bullets points and nothing else[/INST]""", label="System message"), # gr.Textbox(value=f"""[INST] Given these TTPs: {techniques_str}\n\nfigure out which major techniques are used in these logs and respond in bullets points and nothing else[/INST]""", label="System message"), gr.Textbox( value=f"""[INST] Step 1: Given these TTPs: {techniques_str}, identify the major techniques present in these logs and list them in bullet points only.\n\n Step 2: As a cybersecurity analyst, interpret the logs provided, which include login failures, event logs, firewall logs, and brute force logs. Analyze the data and provide an interpretation based on the following indicators: - Multiple IP addresses signing in to the same account within a short period - Excessive login failures (failed MFA requests, failed username/password attempts, failures due to geo-blocking) - Multiple sign-in attempts from different countries within a short period - Detection of malware on the device - Unusual activity by admin accounts (excessive actions, resetting passwords, changing MFA methods) - Sharing emails with attachments to personal accounts - Logins occurring after working hours - General unusual user account activity Important: Do not use any information outside of the input provided. Focus solely on the data and indicators given in this prompt. Response: Provide a detailed analysis and interpretation of the observed logs, focusing on identifying and explaining potential security threats or breaches based solely on the information and indicators provided. [/INST]""", label="System message" ), gr.Slider(minimum=1, maximum=2048, value=512, step=1, label="Max new tokens"), gr.Slider(minimum=0.1, maximum=1.0, value=0.1, step=0.1, label="Temperature"), gr.Slider(minimum=0.1, maximum=1.0, value=0.95, step=0.05, label="Top-p (nucleus sampling)"), ], ) if __name__ == "__main__": demo.launch()