---
title: Murshid - مُرشِد
emoji: 🛡️
colorFrom: blue
colorTo: indigo
sdk: docker
pinned: false
license: mit
---

# 🛡️ Murshid | مُرشِد

**From Alerts to Guidance: MITRE ATT&CK-Aligned Techniques Mapping for SOC Analysts**

REST API + Dashboard for analyzing Wazuh IDS rules and mapping them to MITRE ATT&CK techniques.

## Features

- **Rule Analysis**: Parse Wazuh XML rules and classify MITRE ATT&CK techniques
- **WQL Queries**: Get pre-built Wazuh Query Language templates per technique
- **Dashboard**: Interactive web UI with statistics and DB viewer
- **ML Pipeline**: Logistic Regression with SecureBERT+ embeddings

## Tech Stack

- **FastAPI** — REST API
- **SQLite** — Database
- **Logistic Regression** — Primary classification model
- **SecureBERT+** — Text embeddings (optional, requires torch)

## API Endpoints

| Method | URL | Description |
|--------|-----|-------------|
| `GET` | `/health` | System health check |
| `POST` | `/rules/analyze` | Analyze a Wazuh XML rule |
| `GET` | `/results/{rule_id}` | Get stored results for a rule |
| `GET` | `/queries/{technique_id}` | Get WQL templates for a technique |
| `GET` | `/docs` | Interactive Swagger documentation |