nimra-pixel/sentinel-cyber-defense

# 🛡️ SENTINEL — AI Cyber Defense Intelligence Platform [](https://streamlit.io) [](https://langchain-ai.github.io/langgraph/) [](https://groq.com) [](https://python.org) ## 🏗️ Architecture — LangGraph 7-Agent Pipeline Raw Security Logs │ ▼ ┌─────────────────────────────────────────────────────────────────┐ │ LangGraph StateGraph │ │ │ │ [Log Parser] ──► [Threat Hunter] ──► [Reasoning Agent] │ │ │ │ │ ▼ │ │ [IR Reporter] ◄── [Responder] ◄── [MITRE Mapper] ◄── [Risk Scorer] │ │ │ │ │ ▼ │ │ END │ └─────────────────────────────────────────────────────────────────┘ │ ▼ Incident Report + Response Playbook ## 🤖 The 7 Agents | Agent | Role | Output | |---|---|---| | 🔍 **Log Parser** | Normalizes all log formats | Structured events, IPs, protocols | | 🕵️ **Threat Hunter** | Detects attack signatures & IOCs | Threat list, malicious IPs, commands | | 🧠 **Reasoning Agent** | Builds full attack chain narrative | Step-by-step attack story | | 📊 **Risk Scorer** | CVSS-style severity scoring | Score 0-10, severity level | | 🗺️ **MITRE Mapper** | Maps to MITRE ATT&CK framework | Tactics, techniques, kill chain | | 🛡️ **Response Agent** | Generates IR playbook | Shell commands, containment steps | | 📝 **Incident Reporter** | Creates downloadable IR report | Full professional report | ## ✨ Features - **LangGraph StateGraph** — agents share typed state, each builds on previous output - **4 Attack Scenarios** — Brute Force SSH, SQL Injection, Port Scan, Ransomware - **Upload any log file** — syslog, auth.log, Apache, Windows Event, IDS/IPS, firewall - **CVSS Risk Scoring** — automatic severity: CRITICAL / HIGH / MEDIUM / LOW - **MITRE ATT&CK Mapping** — tactic & technique IDs with descriptions - **IR Playbook** — prioritized actions with real shell commands - **Downloadable IR Report** — professional .txt incident report - **Dark cybersecurity UI** — terminal aesthetic with scanning animation - **Auto-fallback** — falls back to direct pipeline if LangGraph encounters an error ## 🚀 Quick Start # 1. Clone the repo git clone https://github.com/nimra-pixel/sentinel-cyber-defense.git cd sentinel-cyber-defense # 2. Install dependencies pip install -r requirements.txt # 3. Run streamlit run app.py Paste your free Groq API key in the sidebar → [console.groq.com](https://console.groq.com) ## ☁️ Deploy to Streamlit Cloud git add . && git commit -m "deploy" && git push On [share.streamlit.io](https://share.streamlit.io): - Main file: `app.py` - Secrets: `GROQ_API_KEY = "gsk_..."` ## 📁 File Structure sentinel-cyber-defense/ ├── app.py # Streamlit UI — 5 tabs ├── cyber_graph.py # LangGraph pipeline — 7 agents ├── cyber_agents.py # Direct pipeline (fallback) ├── cyber_config.py # Agent prompts, sample logs, config ├── requirements.txt # Dependencies └── README.md ## 🧰 Tech Stack - **[LangGraph](https://langchain-ai.github.io/langgraph/)** — Agent orchestration with shared state - **[Groq](https://groq.com)** — Free ultra-fast LLM inference - **[Llama 3.3 70B](https://llama.meta.com)** — AI reasoning engine - **[Streamlit](https://streamlit.io)** — Web UI - **Python** — Core language ## 🎯 Supported Log Types - Linux syslog / auth.log / kern.log - Apache / Nginx access & error logs - Windows Event Logs - Firewall logs (iptables, UFW, Palo Alto) - IDS/IPS alerts (Snort, Suricata) - Custom application logs ## 👩‍💻 Built By **Nimra** — AI Engineer & Assistant Professor, Superior University 🔗 [GitHub](https://github.com/nimra-pixel) ## 📄 License MIT License — free to use, modify, and distribute.