Hugging Face's logo

Spaces:
rajrakeshdr
/
intelliSOC
Running

App Files Community
rajrakeshdr commited on
Commit
2bf42e1
·
verified ·
1 Parent(s): 85807eb

Update app.py

Browse files
Files changed (1) hide show
  1. app.py +241 -34
app.py CHANGED
@@ -20,40 +20,241 @@ llm = ChatGroq(
20
  groq_api_key="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" # Replace with your actual Groq API key
21
  )
22
 
23
- # Define the prompt template with elite cybersecurity expertise
24
- prompt_template = PromptTemplate(
25
- input_variables=["query", "context"],
26
- template="""
27
- Context: You are an elite cybersecurity AI with comprehensive
28
- mastery of all domains, including network security, cloud security, threat intelligence, cryptography, and incident response. Your expertise spans
29
- enterprise-grade strategies, current threat landscapes (2023-2024), and actionable mitigation tactics. Prioritize concise, technical, and
30
- ROI-driven insights.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
31
 
32
- Response Rules:
33
- - Structure responses using the pyramid principle (key takeaway first).
34
- - Maximum 500 words per response.
35
- - Use technical terminology appropriately (e.g., OWASP Top 10, MITRE ATT&CK, NIST references).
36
- - Include critical data points:
37
- - CVE IDs for vulnerabilities.
38
- - CVSS scores where applicable.
39
- - Latest compliance standards (e.g., ISO 27001:2022, NIST CSF 2.0).
40
- - Format complex concepts clearly:
41
- → Security through obscurity
42
- → Zero-trust architecture
43
 
44
- Source Integration:
45
- - Cite only authoritative sources (e.g., CISA alerts, RFCs, vendor advisories).
46
- - Include timestamps for exploit disclosures.
47
- - Flag conflicting industry perspectives where relevant.
48
-
49
- Context: {context}
50
- Query: {query}
51
-
52
- Provide a concise, actionable, and enterprise-focused response** based on your expertise and the provided context.
53
- """
54
- )
55
-
56
- chain = LLMChain(llm=llm, prompt=prompt_template)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
57
 
58
  @app.post("/search")
59
  async def process_search(search_query: SearchQuery):
@@ -61,8 +262,14 @@ async def process_search(search_query: SearchQuery):
61
  # Set default context if not provided
62
  context = search_query.context or "You are a cybersecurity expert."
63
 
64
- # Process the query using LangChain with context
65
- response = chain.run(query=search_query.query, context=context)
 
 
 
 
 
 
66
 
67
  return {
68
  "status": "success",
 
20
  groq_api_key="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" # Replace with your actual Groq API key
21
  )
22
 
23
+ # Define all prompt templates
24
+ prompt_templates = {
25
+ # Cybersecurity Threats and Mitigation
26
+ "common_threats": PromptTemplate(
27
+ input_variables=["query", "context"],
28
+ template="""
29
+ Context: {context}
30
+ Query: {query}
31
+ Provide a comprehensive overview of the most common cybersecurity threats faced by organizations on a daily basis, including details on threat_1, threat_2, and threat_3. Also, provide effective measures to mitigate these risks and protect critical data and systems.
32
+ """
33
+ ),
34
+ "task_prioritization": PromptTemplate(
35
+ input_variables=["query", "context"],
36
+ template="""
37
+ Context: {context}
38
+ Query: {query}
39
+ Provide a guide on how cybersecurity professionals prioritize their tasks and responsibilities, focusing on the most critical areas such as threat detection, response times, and resource allocation.
40
+ """
41
+ ),
42
+ "network_traffic_tools": PromptTemplate(
43
+ input_variables=["query", "context"],
44
+ template="""
45
+ Context: {context}
46
+ Query: {query}
47
+ List and describe the most effective tools and software used for monitoring network traffic. Include tools for real-time analysis, anomaly detection, and reporting.
48
+ """
49
+ ),
50
+ "vulnerability_assessments": PromptTemplate(
51
+ input_variables=["query", "context"],
52
+ template="""
53
+ Context: {context}
54
+ Query: {query}
55
+ Provide best practices for conducting vulnerability assessments and penetration tests, including recommended frequencies and methodologies to ensure systems are adequately tested for vulnerabilities.
56
+ """
57
+ ),
58
+ "security_policies": PromptTemplate(
59
+ input_variables=["query", "context"],
60
+ template="""
61
+ Context: {context}
62
+ Query: {query}
63
+ Explain the role cybersecurity professionals have in developing, updating, and enforcing security policies within an organization. Include considerations for evolving threats and compliance requirements.
64
+ """
65
+ ),
66
+ "staying_updated": PromptTemplate(
67
+ input_variables=["query", "context"],
68
+ template="""
69
+ Context: {context}
70
+ Query: {query}
71
+ Describe the methods and tools cybersecurity professionals use to stay up-to-date on the latest cybersecurity threats, trends, and vulnerabilities, including ongoing education and industry resources.
72
+ """
73
+ ),
74
+ "immediate_incidents": PromptTemplate(
75
+ input_variables=["query", "context"],
76
+ template="""
77
+ Context: {context}
78
+ Query: {query}
79
+ Identify and describe the types of cybersecurity incidents that require immediate attention, such as data breaches, malware attacks, and denial-of-service attacks. Provide guidance on how to respond to each incident type.
80
+ """
81
+ ),
82
+ "collaboration_it_teams": PromptTemplate(
83
+ input_variables=["query", "context"],
84
+ template="""
85
+ Context: {context}
86
+ Query: {query}
87
+ Discuss how cybersecurity professionals work with IT teams to ensure system security, focusing on areas such as patch management, incident response, and ongoing risk management.
88
+ """
89
+ ),
90
+ "incident_investigation": PromptTemplate(
91
+ input_variables=["query", "context"],
92
+ template="""
93
+ Context: {context}
94
+ Query: {query}
95
+ Outline the steps involved in investigating and resolving a security incident, including initial detection, containment, root cause analysis, and reporting.
96
+ """
97
+ ),
98
+ "securing_remote_workers": PromptTemplate(
99
+ input_variables=["query", "context"],
100
+ template="""
101
+ Context: {context}
102
+ Query: {query}
103
+ Provide strategies for securing remote workers and their devices, including the use of VPNs, multi-factor authentication, and endpoint protection measures.
104
+ """
105
+ ),
106
+ "disaster_recovery": PromptTemplate(
107
+ input_variables=["query", "context"],
108
+ template="""
109
+ Context: {context}
110
+ Query: {query}
111
+ Explain the responsibilities of cybersecurity professionals in ensuring that disaster recovery and business continuity plans are developed, tested, and maintained to address security challenges.
112
+ """
113
+ ),
114
+ "user_access_management": PromptTemplate(
115
+ input_variables=["query", "context"],
116
+ template="""
117
+ Context: {context}
118
+ Query: {query}
119
+ Describe the best practices for managing user access and privileges, including role-based access control (RBAC), least privilege principles, and audit trails for sensitive systems.
120
+ """
121
+ ),
122
+ "cloud_security": PromptTemplate(
123
+ input_variables=["query", "context"],
124
+ template="""
125
+ Context: {context}
126
+ Query: {query}
127
+ Provide a list of best practices for securing cloud-based infrastructure, including the use of strong authentication, data encryption, and continuous monitoring.
128
+ """
129
+ ),
130
+ "security_kpis": PromptTemplate(
131
+ input_variables=["query", "context"],
132
+ template="""
133
+ Context: {context}
134
+ Query: {query}
135
+ Discuss the key performance indicators (KPIs) used by cybersecurity professionals to measure the effectiveness of security programs, such as incident response times, patching cycles, and vulnerability remediation rates.
136
+ """
137
+ ),
138
+ "employee_security_education": PromptTemplate(
139
+ input_variables=["query", "context"],
140
+ template="""
141
+ Context: {context}
142
+ Query: {query}
143
+ Describe the methods used by cybersecurity professionals to educate employees on security best practices, including training programs, phishing simulations, and awareness campaigns.
144
+ """
145
+ ),
146
+ "common_challenges": PromptTemplate(
147
+ input_variables=["query", "context"],
148
+ template="""
149
+ Context: {context}
150
+ Query: {query}
151
+ Identify and discuss the common challenges that cybersecurity professionals face, including resource limitations, evolving threats, and the complexities of compliance.
152
+ """
153
+ ),
154
+ "compliance_standards": PromptTemplate(
155
+ input_variables=["query", "context"],
156
+ template="""
157
+ Context: {context}
158
+ Query: {query}
159
+ Provide an overview of how cybersecurity professionals ensure compliance with industry standards and regulations, such as GDPR, HIPAA, and PCI DSS, including regular audits and reporting.
160
+ """
161
+ ),
162
+ "encryption_role": PromptTemplate(
163
+ input_variables=["query", "context"],
164
+ template="""
165
+ Context: {context}
166
+ Query: {query}
167
+ Explain the role of encryption in protecting sensitive data, focusing on encryption methods, data-at-rest vs. data-in-transit, and how encryption helps mitigate the risks of data breaches.
168
+ """
169
+ ),
170
+ "mobile_device_security": PromptTemplate(
171
+ input_variables=["query", "context"],
172
+ template="""
173
+ Context: {context}
174
+ Query: {query}
175
+ Provide strategies for managing and securing mobile devices and applications, including mobile device management (MDM), app whitelisting, and secure communication methods.
176
+ """
177
+ ),
178
+ "security_audits": PromptTemplate(
179
+ input_variables=["query", "context"],
180
+ template="""
181
+ Context: {context}
182
+ Query: {query}
183
+ Outline the steps involved in conducting security audits and risk assessments, including identifying potential threats, assessing vulnerabilities, and recommending mitigation strategies.
184
+ """
185
+ ),
186
+ "patch_management": PromptTemplate(
187
+ input_variables=["query", "context"],
188
+ template="""
189
+ Context: {context}
190
+ Query: {query}
191
+ Describe the best practices for managing patch updates and ensuring software security, including patch management policies, vulnerability scanning, and prioritizing patches based on risk.
192
+ """
193
+ ),
194
+ "wireless_iot_security": PromptTemplate(
195
+ input_variables=["query", "context"],
196
+ template="""
197
+ Context: {context}
198
+ Query: {query}
199
+ Provide a comprehensive guide on securing wireless networks and IoT devices, including the use of encryption, network segmentation, and regular vulnerability assessments.
200
+ """
201
+ ),
202
+ # Add all other prompts here...
203
+ }
204
 
205
+ # Initialize chains for each prompt
206
+ chains = {key: LLMChain(llm=llm, prompt=prompt) for key, prompt in prompt_templates.items()}
 
 
 
 
 
 
 
 
 
207
 
208
+ # Classify user input to determine the appropriate prompt
209
+ def classify_query(query: str) -> str:
210
+ # Simple keyword-based classification
211
+ if "common threats" in query.lower():
212
+ return "common_threats"
213
+ elif "task prioritization" in query.lower():
214
+ return "task_prioritization"
215
+ elif "network traffic tools" in query.lower():
216
+ return "network_traffic_tools"
217
+ elif "vulnerability assessments" in query.lower():
218
+ return "vulnerability_assessments"
219
+ elif "security policies" in query.lower():
220
+ return "security_policies"
221
+ elif "staying updated" in query.lower():
222
+ return "staying_updated"
223
+ elif "immediate incidents" in query.lower():
224
+ return "immediate_incidents"
225
+ elif "collaboration with IT teams" in query.lower():
226
+ return "collaboration_it_teams"
227
+ elif "incident investigation" in query.lower():
228
+ return "incident_investigation"
229
+ elif "securing remote workers" in query.lower():
230
+ return "securing_remote_workers"
231
+ elif "disaster recovery" in query.lower():
232
+ return "disaster_recovery"
233
+ elif "user access management" in query.lower():
234
+ return "user_access_management"
235
+ elif "cloud security" in query.lower():
236
+ return "cloud_security"
237
+ elif "security KPIs" in query.lower():
238
+ return "security_kpis"
239
+ elif "employee security education" in query.lower():
240
+ return "employee_security_education"
241
+ elif "common challenges" in query.lower():
242
+ return "common_challenges"
243
+ elif "compliance standards" in query.lower():
244
+ return "compliance_standards"
245
+ elif "encryption role" in query.lower():
246
+ return "encryption_role"
247
+ elif "mobile device security" in query.lower():
248
+ return "mobile_device_security"
249
+ elif "security audits" in query.lower():
250
+ return "security_audits"
251
+ elif "patch management" in query.lower():
252
+ return "patch_management"
253
+ elif "wireless and IoT security" in query.lower():
254
+ return "wireless_iot_security"
255
+ # Add more conditions for other prompts...
256
+ else:
257
+ return "general"
258
 
259
  @app.post("/search")
260
  async def process_search(search_query: SearchQuery):
 
262
  # Set default context if not provided
263
  context = search_query.context or "You are a cybersecurity expert."
264
 
265
+ # Classify the query
266
+ query_type = classify_query(search_query.query)
267
+
268
+ # Process the query using the appropriate chain
269
+ if query_type in chains:
270
+ response = chains[query_type].run(query=search_query.query, context=context)
271
+ else:
272
+ response = "I am not sure how to help with that. Please provide more details."
273
 
274
  return {
275
  "status": "success",