Hugging Face's logo

Spaces:
medmac01
/
sonic-cyber-assistant
Sleeping

App Files Community
sonic-cyber-assistant
File size: 2,067 Bytes 
4531c67
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
from langchain.tools import tool
# import pymisp


from pymisp import PyMISP
from dotenv import load_dotenv
import os

load_dotenv(override=True)

URL = os.getenv('MISP_URL')
KEY = os.getenv('MISP_KEY')
verify_cert = False

print(URL, KEY)

misp = PyMISP(url=URL, key=KEY, ssl=verify_cert)

class MispTool():
    @tool("MISP search Tool by keyword")
    def search(keyword: str):
      """Useful tool to search for an indicator of compromise or an security event by keyword
      Parameters:
      - keyword: The keyword to search for
      Returns:
      - A list of events that match the keyword
      """

      events = misp.search(controller='attributes', value=keyword, limit=5, metadata=True, include_event_tags=False, include_context=False, return_format='json', sg_reference_only=True)
      
      if len(events['Attribute']) == 0:
        return "No events found matching the search criteria."
      
      results = """Answer user question using these search results:\n\n"""
      return results + str(events)
    
    @tool("MISP search Tool by date")
    def search_by_date(date_from: str = None, date_to: str = None):
      """Useful tool to retrieve events that match a specific date or date range, use this if you know the date of the event
      Parameters:
      - date_from: The start date of the event
      - date_to: The end date of the event
      Not necessary to provide both dates, you can provide one or the other

      Returns:
      - A list of events that match the date or date range
      """

      events = misp.search(controller='attributes',date_from=date_from, date_to=date_to, limit=5)
      return events

    @tool("MISP search Tool by event_id")
    def search_by_event_id(event_id: str | int):
      """Useful tool to retrieve events by their ID, use this if you know the ID of the event.
      Parameters:
      - event_id: The ID of the event
      Returns:
      - A list of events that match the event ID
      """

      events = misp.search(controller='attributes', eventid=event_id, limit=1)
      return events