Update src/streamlit_app.py

src/streamlit_app.py

@@ -266,7 +266,7 @@ with st.sidebar:
     st.subheader("💡 批量分析指令")
     analysis_prompt = st.text_area(
         "針對每個 Log/Alert 執行的指令",
-        value="You are a security expert in charge of analyzing alerts related to Initial Access, Establish Foothold & Reconnaissance, Lateral Movement, Targeting & Data Exfiltration, Malware Deployment & Execution and Ransom & Negotiation. Respond with a clear, structured analysis using the following mandatory sections: \n\n- Priority: Provide the overall priority level. (Answer High-risk detected!, Medium-risk detected!, or Low-risk detected! only) \n- Explanation: If this alert is highly related to Initial Access, Establish Foothold & Reconnaissance, Lateral Movement, Targeting & Data Exfiltration, Malware Deployment & Execution and Ransom & Negotiation, explain the potential impact and why this specific alert requires attention. If not, **omit the explanation section**. \n- Action Plan: If this alert is highly related to Initial Access, Establish Foothold & Reconnaissance, Lateral Movement, Targeting & Data Exfiltration, Malware Deployment & Execution and Ransom & Negotiation, What should be the immediate steps to address this specific alert? If not, **omit the action plan section**. \n\nStrictly use the information in the provided Log and its correlated sequence.",
+        value="You are a security expert tasked with analyzing logs related to Initial Access, Establish Foothold & Reconnaissance, Lateral Movement, Targeting & Data Exfiltration, Malware Deployment & Execution and Ransom & Negotiation. Respond with a clear, structured analysis using the following mandatory sections: \n\n- Priority: Provide the overall priority level. (Answer High-risk detected!, Medium-risk detected!, or Normal-Behavior detected! only) \n- Explanation: If this log is not normal behavior, explain the potential impact and why this specific log requires attention. If not, **omit the explanation section**. \n- Action Plan: If this log is not normal behavior, What should be the immediate steps to address this specific log? If not, **omit the action plan section**.",
         height=200
     )
     st.markdown("此指令將對檔案中的**每一個 Log 條目**執行一次獨立分析 (使用 **IP 關聯視窗**)。")
@@ -604,20 +604,20 @@ if st.session_state.execute_batch_analysis and 'json_data_for_batch' in st.sessi
                         is_high = any(x in response.lower() for x in ['high-risk detected!'])
                         is_medium = any(x in response.lower() for x in ['medium-risk detected!'])
                         if is_high: 
-                            st.subheader(f"Log/Alert #{item['log_id']} (HIGH RISK DETECTED)")
+                            st.subheader(f"Log #{item['log_id']} (HIGH RISK DETECTED)")
                             with st.expander("序列內容 (JSON Format)"):
                                 st.code(item["sequence_analyzed"], language='json')
                                 st.error(item['analysis_result'])
                                 st.markdown("---")
 
                         elif is_medium:
-                            st.subheader(f"Log/Alert #{item['log_id']} (MEDIUM RISK DETECTED)")
+                            st.subheader(f"Log #{item['log_id']} (MEDIUM RISK DETECTED)")
                             with st.expander("序列內容 (JSON Format)"):
                                 st.code(item["sequence_analyzed"], language='json')
                                 st.warning(item['analysis_result'])
                                 st.markdown("---")
                         else:
-                            st.subheader(f"Log/Alert #{item['log_id']} (LOW RISK DETECTED)")
+                            st.subheader(f"Log #{item['log_id']} (NORMAL BEHAVIOR DETECTED)")
                             with st.expander("序列內容 (JSON Format)"):
                                 st.code(item["sequence_analyzed"], language='json')
                                 st.info(item['analysis_result'])