metadata
title: Murshid - مُرشِد
emoji: 🛡️
colorFrom: blue
colorTo: indigo
sdk: docker
pinned: false
license: mit
🛡️ Murshid | مُرشِد
From Alerts to Guidance: MITRE ATT&CK-Aligned Techniques Mapping for SOC Analysts
REST API + Dashboard for analyzing Wazuh IDS rules and mapping them to MITRE ATT&CK techniques.
Features
- Rule Analysis: Parse Wazuh XML rules and classify MITRE ATT&CK techniques
- WQL Queries: Get pre-built Wazuh Query Language templates per technique
- Dashboard: Interactive web UI with statistics and DB viewer
- ML Pipeline: Logistic Regression with SecureBERT+ embeddings
Tech Stack
- FastAPI — REST API
- SQLite — Database
- Logistic Regression — Primary classification model
- SecureBERT+ — Text embeddings (optional, requires torch)
API Endpoints
| Method | URL | Description |
|---|---|---|
GET |
/health |
System health check |
POST |
/rules/analyze |
Analyze a Wazuh XML rule |
GET |
/results/{rule_id} |
Get stored results for a rule |
GET |
/queries/{technique_id} |
Get WQL templates for a technique |
GET |
/docs |
Interactive Swagger documentation |