import json # Import your modular agents from agent1 import parse_log from agent2 import analyze_threat def load_and_filter_logs(filepath): """Filters out the noise to find only the anomalies.""" with open(filepath, 'r') as f: logs = json.load(f) anomalies = [] for log in logs: # Nginx filter if log.get("log_type") == "nginx_waf" and log.get("status_code") != 200: anomalies.append(log) # Auth filter elif log.get("log_type") == "linux_auth" and log.get("event_type") not in ["authentication_success", "session_opened"]: anomalies.append(log) return anomalies def main(): print("[*] Booting Modular SOC Pipeline...") anomalous_logs = load_and_filter_logs('logs.json') print(f"[*] Filter caught {len(anomalous_logs)} anomalies. Routing to Agents...\n") incident_reports = [] for idx, log in enumerate(anomalous_logs): ip = log.get('client_ip') or log.get('source_ip') or "Unknown IP" print(f"[*] Processing Anomaly {idx + 1}/{len(anomalous_logs)} - IP: {ip}") # Pass to Agent 1 (Imported from agent1.py) summary = parse_log(log) # Pass to Agent 2 (Imported from agent2.py) report = analyze_threat(summary) incident_reports.append(report) # Save the final output with open('FINAL_REPORT.md', 'w') as f: f.write("# Automated SOC Incident Report\n\n") f.write("*Generated by AMD-Powered Modular Agentic Pipeline*\n\n") f.write("---\n\n".join(incident_reports)) print("\n[+] Pipeline complete! Open FINAL_REPORT.md to see your results.") if __name__ == "__main__": main()