Spaces:
Running
Running
| # 90-second YouTube walkthrough β OpenSOC | |
| Total: **90 seconds**, broken into four ~25-second beats. Record at 1080p, | |
| unlisted, no music (optional 5-second outro card). | |
| ## Beat 1 β Problem (0:00β0:15) | |
| **Visual**: cursor blinking on a SOC dashboard with a queue of unread alerts; | |
| zoom into one alert that says `Authentication failures (8 attempts) from | |
| 198.51.100.7`. | |
| **Voiceover (suggested)**: | |
| > "By the time a tier-1 analyst sees an alert like this, the attacker may | |
| > have been inside for hours. Most SOCs are understaffed, and a real | |
| > attack that gets dismissed by a tired human is invisible until it's | |
| > too late." | |
| ## Beat 2 β Env demo (0:15β0:40) | |
| **Visual**: the deployed `https://...hf.space/demo` page. Click | |
| "Next incident" three times; pause briefly on each example. | |
| **Voiceover**: | |
| > "OpenSOC is an OpenEnv environment where the same alert is shown to two | |
| > models. On the left: zero-shot Qwen2.5-3B; on the right, the same model | |
| > after we trained it inside this environment with GRPO. The verifier in | |
| > the middle decides what 'right' is β deterministically, from the | |
| > structured incident parameters, never from any text the attacker | |
| > writes." | |
| ## Beat 3 β Before vs after (0:40β1:05) | |
| **Visual**: split screen β left half shows the eval bar chart | |
| `bar_dismiss_on_malicious.png`; right half shows the confusion matrix | |
| `confusion_opensoc_grpo.png`. | |
| **Voiceover**: | |
| > "On a 200-incident hold-out, the baseline dismisses real attacks at | |
| > [BASELINE]%. After SFT warm-start plus GRPO across four curriculum | |
| > stages, dismiss-on-malicious drops to [TRAINED]% β and macro F1 lifts | |
| > from [BASELINE_F1] to [TRAINED_F1]. Over-reaction on benign traffic | |
| > didn't get worse." | |
| ## Beat 4 β Why RLVR (1:05β1:30) | |
| **Visual**: a single code editor pane showing | |
| `verifier.compute_ground_truth(params)` and | |
| `verifier.check_plausibility(params)`; highlight that both are pure | |
| functions of the *structured* params. | |
| **Voiceover**: | |
| > "The reason this works is that the reward is computed from the structured | |
| > attacker parameters, not from any narrative. The plausibility checker | |
| > blocks the trivial reward hack of just emitting noise. That's what makes | |
| > this RLVR β verifiable rewards, no learned judge to fool. Code, eval | |
| > set, training notebook and a $3 GPU recipe are all in the repo." | |
| ## Closing card (1:30) | |
| Title: **OpenSOC β RLVR self-play SOC triage** | |
| URL: `huggingface.co/spaces/<USER>/opensoc-env` | |
| GitHub-style logo: optional | |
| ## Recording tips | |
| - Use OBS or Loom; export as 1080p mp4. | |
| - Pre-load the Space on `/demo` and click "Next incident" once before | |
| recording so the first paint isn't cold. | |
| - Keep terminal font size large; favour Bear Notes / OBS overlays for | |
| the voiceover beats over fullscreen code. | |
| - Upload as **unlisted**; share the URL in the README and the HF blog. | |