Spaces:
Sleeping
Sleeping
| from config import client | |
| from utils import clean_ai_response, parse_json_safe | |
| def classify_alert(log_entry): | |
| prompt = f""" | |
| You are a SOC (Security Operations Center) AI assistant. | |
| Analyze the following security alert and classify it. | |
| Alert details: | |
| Timestamp: {log_entry.get('timestamp')} | |
| Source IP: {log_entry.get('source_ip')} | |
| Event: {log_entry.get('event')} | |
| Threat Intelligence: Reputation = {log_entry.get('ip_reputation')}, Note = {log_entry.get('intel_note')} | |
| GeoIP: {log_entry.get('geo_location')} | |
| Tasks: | |
| 1. Categorize the attack type (e.g., brute force, malware, data exfiltration, benign). | |
| 2. Assign a priority (High, Medium, Low). | |
| 3. Suggest next action. | |
| Return response in JSON with keys: category, priority, action. | |
| """ | |
| response = client.chat.completions.create( | |
| model="gemini-2.5-flash", | |
| messages=[{"role": "user", "content": prompt}], | |
| ) | |
| raw_output = response.choices[0].message.content | |
| cleaned = clean_ai_response(raw_output) | |
| return parse_json_safe(cleaned) | |