ZERO-NOISE / main.py
KanchanP's picture
Upload 9 files
943768f verified
Raw
History Blame Contribute Delete
1.73 kB
import json
# Import your modular agents
from agent1 import parse_log
from agent2 import analyze_threat
def load_and_filter_logs(filepath):
"""Filters out the noise to find only the anomalies."""
with open(filepath, 'r') as f:
logs = json.load(f)
anomalies = []
for log in logs:
# Nginx filter
if log.get("log_type") == "nginx_waf" and log.get("status_code") != 200:
anomalies.append(log)
# Auth filter
elif log.get("log_type") == "linux_auth" and log.get("event_type") not in ["authentication_success", "session_opened"]:
anomalies.append(log)
return anomalies
def main():
print("[*] Booting Modular SOC Pipeline...")
anomalous_logs = load_and_filter_logs('logs.json')
print(f"[*] Filter caught {len(anomalous_logs)} anomalies. Routing to Agents...\n")
incident_reports = []
for idx, log in enumerate(anomalous_logs):
ip = log.get('client_ip') or log.get('source_ip') or "Unknown IP"
print(f"[*] Processing Anomaly {idx + 1}/{len(anomalous_logs)} - IP: {ip}")
# Pass to Agent 1 (Imported from agent1.py)
summary = parse_log(log)
# Pass to Agent 2 (Imported from agent2.py)
report = analyze_threat(summary)
incident_reports.append(report)
# Save the final output
with open('FINAL_REPORT.md', 'w') as f:
f.write("# Automated SOC Incident Report\n\n")
f.write("*Generated by AMD-Powered Modular Agentic Pipeline*\n\n")
f.write("---\n\n".join(incident_reports))
print("\n[+] Pipeline complete! Open FINAL_REPORT.md to see your results.")
if __name__ == "__main__":
main()