metadata
title: RAG Threat Intelligence Assistant
emoji: π§
colorFrom: indigo
colorTo: blue
sdk: docker
app_file: app.py
pinned: false
π‘οΈ Threat Intelligence Assistant
A modern, AI-powered threat analysis platform that instantly evaluates IP addresses, domains, and file hashes for potential security risks. Features an intelligent chatbot assistant and beautiful, responsive web interface.
β¨ Key Features
- π Multi-Source Analysis: AlienVault OTX, AbuseIPDB threat intelligence
- π€ AI-Powered Chatbot: Interactive assistant for analysis results
- π¨ Modern UI: Glass morphism design with smooth animations
- π Smart Risk Assessment: ML-enhanced scoring with clear recommendations
- π Web Interface: Beautiful, responsive design at
http://localhost:5000 - π API Access: RESTful endpoints for integration
- π§ RAG System: Retrieval-Augmented Generation for intelligent summaries
π Quick Start
1. Install Dependencies
pip install -r requirements.txt
2. Configure Environment
Create .env file in project root:
# Threat Intelligence APIs
ALIENVAULT_API_KEY=your_otx_key_here
ABUSEIPDB_API_KEY=your_abuseipdb_key_here
OPENAI_API_KEY=your_openai_key_here # Optional for AI summaries
# Flask Configuration
FLASK_ENV=development
FLASK_DEBUG=True
SECRET_KEY=your-secret-key-here
3. Run the Application
python app.py
4. Access the Interface
- Web Interface: Open
http://localhost:5000 - API Endpoint:
POST /analyzefor programmatic access
π― How It Works
Threat Analysis
- Input: Enter IP address, domain, or file hash
- Intelligence Gathering: Queries multiple threat intelligence sources
- AI Processing: Uses RAG system for intelligent analysis
- Risk Assessment: Generates risk score and recommendations
- Interactive Chat: Ask questions about results via AI chatbot
Risk Scoring
- π΄ High Risk: AbuseIPDB confidence β₯ 70% OR OTX pulse count β₯ 5
- π‘ Medium Risk: AbuseIPDB confidence β₯ 30% OR OTX pulse count β₯ 1
- π’ Low Risk: Minimal or no threat indicators detected
Supported Indicators
- IP Addresses: IPv4 addresses (e.g.,
8.8.8.8) - Domains: Website domains (e.g.,
example.com) - File Hashes: MD5, SHA1, SHA256 hashes
π‘ Features
π€ AI Chatbot Assistant
- Context-aware responses about analysis results
- Natural language queries about threats
- Real-time conversation with typing indicators
- Mobile-responsive design
π¨ Modern Interface
- Glass morphism design with backdrop blur
- Smooth animations and hover effects
- Responsive layout for all devices
- Beautiful gradient backgrounds
π§ Technical Capabilities
- RAG System: Retrieval-Augmented Generation for intelligent summaries
- Fallback Logic: Works without API keys (reduced functionality)
- ML Integration: Machine learning risk assessment
- Real-time Analysis: Instant threat evaluation
π Usage Examples
Web Interface
- Open
http://localhost:5000 - Enter threat indicator in the input field
- Click "Analyze Threat" or press Enter
- Review results and chat with AI assistant
API Usage
curl -X POST http://localhost:5000/analyze \
-H "Content-Type: application/json" \
-d '{"indicator": "8.8.8.8"}'
Chat API
curl -X POST http://localhost:5000/chat \
-H "Content-Type: application/json" \
-d '{"message": "What is the risk level?"}'
π API Keys (Optional)
- AlienVault OTX: Get free key at otx.alienvault.com
- AbuseIPDB: Get free key at abuseipdb.com
- OpenAI: Get key at platform.openai.com
Note: The app works without API keys but with reduced functionality.