Spaces:
Sleeping
Sleeping
feat(app): Ahora utilizamos Groq
Browse files- requirements.txt +1 -2
- src/app.py +3 -3
- src/incident_crew.py +5 -4
requirements.txt
CHANGED
|
@@ -1,5 +1,4 @@
|
|
| 1 |
altair
|
| 2 |
pandas
|
| 3 |
streamlit
|
| 4 |
-
|
| 5 |
-
crewai[google-genai,tools]
|
|
|
|
| 1 |
altair
|
| 2 |
pandas
|
| 3 |
streamlit
|
| 4 |
+
crewai[tools]
|
|
|
src/app.py
CHANGED
|
@@ -90,10 +90,10 @@ with st.form("post_mortem_form"):
|
|
| 90 |
# --- Lógica de procesamiento ---
|
| 91 |
if submitted:
|
| 92 |
|
| 93 |
-
if not st.session_state.get('gemini_api_key'):
|
| 94 |
-
st.error("❌ Por favor, ingresa tu API Key de Gemini en el panel lateral (sidebar) antes de continuar.")
|
| 95 |
|
| 96 |
-
|
| 97 |
st.error("❌ Por favor, completa todos los campos del formulario para generar el informe.")
|
| 98 |
|
| 99 |
else:
|
|
|
|
| 90 |
# --- Lógica de procesamiento ---
|
| 91 |
if submitted:
|
| 92 |
|
| 93 |
+
#if not st.session_state.get('gemini_api_key'):
|
| 94 |
+
#st.error("❌ Por favor, ingresa tu API Key de Gemini en el panel lateral (sidebar) antes de continuar.")
|
| 95 |
|
| 96 |
+
if not all([tipo_alerta, sistema_afectado, fecha_hora, impacto_detalle, acciones_tomadas]):
|
| 97 |
st.error("❌ Por favor, completa todos los campos del formulario para generar el informe.")
|
| 98 |
|
| 99 |
else:
|
src/incident_crew.py
CHANGED
|
@@ -6,9 +6,10 @@ class IncidentReporterCrew:
|
|
| 6 |
self.api_key = api_key
|
| 7 |
|
| 8 |
self.llm = LLM(
|
| 9 |
-
model="
|
| 10 |
-
|
| 11 |
-
|
|
|
|
| 12 |
)
|
| 13 |
|
| 14 |
def threat_hunter_agent(self) -> Agent:
|
|
@@ -37,7 +38,7 @@ class IncidentReporterCrew:
|
|
| 37 |
Input: Initial raw incident alert details
|
| 38 |
{impacto_detalle}
|
| 39 |
Process:
|
| 40 |
-
1. Extract 10 observable Indicators of Compromise (IOCs) including IPs, domains, file hashes (SHA256, MD5), and URLs from the input.
|
| 41 |
2. For each extracted IOC, try querying external intelligence services (like VirusTotal, IPInfo, etc.).
|
| 42 |
3. Synthesize the findings into a clear, structured intelligence summary.
|
| 43 |
Output Requirements: The output MUST be a JSON-like or clearly delimited text block, detailing each IOC, its type, and a summary of the associated risk/reputation found (e.g., "Malicious/Known C2," "Clean," "High Reputation," "Related to Phishing Campaign X"). This summary is the ONLY content that should be passed to the next agent.
|
|
|
|
| 6 |
self.api_key = api_key
|
| 7 |
|
| 8 |
self.llm = LLM(
|
| 9 |
+
#model="llama-3.3-70b-versatile",
|
| 10 |
+
model="openai/gpt-oss-120b",
|
| 11 |
+
temperature=0.7,
|
| 12 |
+
provider="openai",
|
| 13 |
)
|
| 14 |
|
| 15 |
def threat_hunter_agent(self) -> Agent:
|
|
|
|
| 38 |
Input: Initial raw incident alert details
|
| 39 |
{impacto_detalle}
|
| 40 |
Process:
|
| 41 |
+
1. Extract up to 10 observable Indicators of Compromise (IOCs) including IPs, domains, file hashes (SHA256, MD5), and URLs from the input.
|
| 42 |
2. For each extracted IOC, try querying external intelligence services (like VirusTotal, IPInfo, etc.).
|
| 43 |
3. Synthesize the findings into a clear, structured intelligence summary.
|
| 44 |
Output Requirements: The output MUST be a JSON-like or clearly delimited text block, detailing each IOC, its type, and a summary of the associated risk/reputation found (e.g., "Malicious/Known C2," "Clean," "High Reputation," "Related to Phishing Campaign X"). This summary is the ONLY content that should be passed to the next agent.
|