Darshan-Basavaraju/AI-SOC-ANALYST

# AI SOC 分析师 🔍 一款由 AI 驱动的 SOC（安全运营中心）分析工具，用于处理日志数据并生成结构化的事件洞察。 ## 🚀 功能特性 - 从文件导入日志 - AI 生成的事件摘要 - 严重性分类（低、中、高） - 置信度评分 - 关键指标提取 (IOC) - 可行的修复建议 - 用于自动化的结构化 JSON 输出 ## 🧠 应用场景 该工具通过自动分析日志并提供事件上下文来模拟 SOC 分析师，帮助安全团队更快地对警报进行分类。 ## 💻 技术栈 - Python - OpenAI API (gpt-4o-mini) ## 📥 输入示例 ``` Failed login from 192.168.1.10 Failed login from 185.23.44.12 Successful login from 192.168.1.15 ``` ## 📤 输出示例 ``` { "incident_summary": "Multiple failed login attempts detected from both internal and external IP addresses, followed by a successful login from an internal IP address. The failed attempts could potentially indicate a brute-force attack or unauthorized access attempts.", "severity": "Medium", "confidence": "Medium", "key_indicators": [ "3 failed login attempts from two different IP addresses", "1 successful login from a different internal IP address" ], "recommended_actions": [ "Monitor the account associated with the successful login for unusual activity.", "Perform a password policy review and consider implementing account lockout mechanisms to mitigate brute-force attempts.", "Investigate the source of the failed login attempts, particularly from the external IP address." ] } ``` ## ⚙️ 运行方式 ``` python analyzer.py logs.txt ```

标签：AMSI绕过, BurpSuite集成, DLL 劫持, GPT-4, GPT-4o, IOC 提取, LLM, OpenAI, Petitpotam, Python, Unmanaged PE, 事件分类, 人工智能, 内存规避, 告警分流, 大语言模型, 威胁检测, 安全报告生成, 安全运营中心, 无后门, 用户模式Hook绕过, 结构化查询, 网络安全, 网络映射, 自动化安全, 逆向工具, 隐私保护, 风险评分