---
base_model: unsloth/SmolLM2-1.7b-Instruct
tags:
- text-generation-inference
- transformers
- unsloth
- llama
license: apache-2.0
language:
- en
datasets:
- madox81/mittre_severity_ds
---

# Uploaded finetuned  model

- **Developed by:** madox81
- **License:** apache-2.0
- **Finetuned from model :** unsloth/SmolLM2-1.7b-Instruct

This llama model was trained 2x faster with [Unsloth](https://github.com/unslothai/unsloth) and Huggingface's TRL library.

[<img src="https://raw.githubusercontent.com/unslothai/unsloth/main/images/unsloth%20made%20with%20love.png" width="200"/>](https://github.com/unslothai/unsloth)


# Smollm2_Cyber_Insight

## Model Overview

**Smollm2_Cyber_Insight** is a lightweight domain-adapted language model fine-tuned for **cybersecurity threat analysis** tasks.  
The model specializes in interpreting short textual descriptions of security incidents and producing structured (JSON) security insights.

- **Base Model:** smollm2-1.7b-instruct
- **Architecture:** SmolLM2
- **Training Method:** LoRA fine-tuning
- **Domain:** Cyber Threat Analysis
- **Model Size:** ~1.7B parameters

## Capabilities

The model supports the following tasks:

- Mapping incidents to **MITRE ATT&CK tactics**
- Identifying possible **attack techniques**
- Assessing **incident severity and potential business impact**
- Assisting in structured cybersecurity analysis

## Intended Use

This model is suitable for:

- Cyber threat intelligence experiments
- NLP research in cybersecurity
- Cybersecurity research
- Prototyping AI-assisted SOC tools

## Limitations

- Predictions are probabilistic and may require analyst validation
- Performance depends on similarity to training data
- Not intended for autonomous security decision-making

## Training Data

The model was trained on a **specialized cybersecurity dataset** [madox81/mittre_severity_ds](https://huggingface.co/datasets/madox81/mittre_severity_ds) containing incident descriptions and structured labels including:

- attack tactics
- attack techniques
- incident severity indicators.

## Example Prompt


```
Map the following security event to MITRE ATT&CK tactics and techniques.
Input: rule apt_lolbin { strings: $a = "certutil.exe" nocase; $b = "-urlfetch" nocase; condition: $a and $b }

Identify the ATT&CK tactics and techniques in this data.
Input: selection: EventName: 'UpdateDomainNameservers' AND SourceIPAddress not in ('aws-internal')

Classify this cybersecurity event into MITRE ATT&CK framework.
Input: rule apt_wasm { strings: $a = "WebAssembly.compile" nocase; $b = "fetch" nocase; condition: $a and $b }

Map the following security event to MITRE ATT&CK tactics and techniques.
Input: Incident Type: Data Breach
Target: MongoDB Instance
Vector: Weak Authentication

Assess the severity and business risk of the following incident.
Input: Incident: Phishing affecting HR Accounts.

Analyze the business risk and severity for the input below.
Input: Incident: Supply Chain Attack affecting CI/CD Pipeline.

Rate the severity (Low/Medium/High/Critical) and impact of this event.
Input: Incident: Credential Dumping affecting Windows Domain Controller.
```

## License

Refer to the base model license.