softvillaGh/langchain-security-log-triage-agent
GitHub: softvillaGh/langchain-security-log-triage-agent
一个基于 LangChain 的防御型网络安全智能体,通过推理分析替代传统静态规则,实现日志分类、IOC 提取和事件报告自动化。
Stars: 0 | Forks: 0
# 🛡️ AI 安全日志分类智能体
一个基于 AI 的网络安全智能体,通过使用推理驱动的分析来检测威胁、提取 IOC 并生成可操作的安全洞察,从而超越了传统的基于规则的 SIEM 分类。
## 🚀 概述
安全团队正被海量的噪音日志和告警疲劳所淹没。
本项目引入了一个基于 LangChain 的 AI 智能体,它可以:
- 分析原始日志
- 检测可疑模式
- 提取威胁指标 (IOC)
- 分配严重级别
- 建议响应措施
这不是一个聊天机器人——它是一个具备推理能力的安全智能体。
## ⚙️ 核心能力
- 针对SSH、HTTP和系统日志的日志分析
- 针对登录失败、暴力破解和可疑访问的威胁检测
- 上下文感知推理
- 严重性分类
- 结构化事件摘要
- 可操作的修复建议
## 🧠 示例输出
```
Incident: Multiple failed SSH login attempts detected
Severity: High
Confidence: 0.92
Indicators:
- Repeated login failures from IP 192.168.1.100
- Possible brute force attack pattern
Recommended Actions:
- Block offending IP
- Enable rate limiting
- Review authentication logs
🏗️ Architecture
[ Log Input ]
↓
[ Preprocessing ]
↓
[ AI Agent (LangChain) ]
↓
├── Threat Detection
├── IOC Extraction
├── Severity Classification
└── Response Recommendation
↓
[ Structured Security Report ]
🔧 Tech Stack
Python
LangChain
LLMs
Regex and heuristic detection
JSON-based reporting
🧩 Use Cases
SOC log triage automation
Security monitoring enhancement
AI-assisted incident response
Threat intelligence enrichment
🔐 Why This Matters
Traditional systems often rely on static rules, generate high false positives, and lack context.
This approach uses reasoning to adapt to suspicious patterns and produce human-readable security intelligence.
🔄 Future Enhancements
MITRE ATT&CK mapping
Multi-agent orchestration
SIEM integration with Splunk, ELK, or Wazuh
AI red team simulation
Dashboard and visualization
📦 Installation
git clone https://github.com/softvillaGh/langchain-security-log-triage-agent.git
cd langchain-security-log-triage-agent
pip install -r requirements.txt
▶️ Usage
python app/main.py
🤝 Let's Connect
If you're working on AI in cybersecurity, security automation, or red teaming and blue teaming with AI, let’s connect.
Open to opportunities in AI and Cybersecurity.
⭐ Support
If you find this useful:
Star the repo
Share feedback
Suggest improvements
```
标签:AI安全智能体, AMSI绕过, BurpSuite集成, C2, CCTV/网络接口发现, DLL 劫持, Homebrew安装, IOC检测, LangChain, LLM, Python, SOC自动化, SSH暴力破解检测, Unmanaged PE, 告警疲劳缓解, 大语言模型, 威胁情报, 威胁检测, 安全报告生成, 安全运营, 开发者工具, 异常行为检测, 扫描框架, 无后门, 日志分类, 结构化报告, 网络安全, 自动化日志分析, 轻量级, 逆向工具, 速率限制, 隐私保护