Ahmed-try/cyber-threat-intel

# 🛡️ AI Cybersecurity Threat Intelligence Assistant A RAG-powered cybersecurity assistant that answers threat intelligence questions using your own documents (PDFs, CVE JSONs, threat reports). ## Tech Stack - **FastAPI** — REST API backend - **ChromaDB** — Vector database (stores document embeddings) - **Sentence-Transformers** — all-MiniLM-L6-v2 for embeddings - **Google Gemini 2.5 Flash** — LLM for generating answers - **LangChain** — RAG pipeline orchestration ## Features - Ask questions about CVEs, malware, threat actors - Answers grounded in YOUR documents with page citations - Upload new PDFs/JSONs via API - No hallucination — only answers from real documents ## Setup ### 1. Clone the repo git clone https://github.com/YOUR_USERNAME/cyber-threat-intel.git cd cyber-threat-intel ### 2. Create virtual environment python -m venv venv venv\Scripts\activate ### 3. Install dependencies pip install -r requirements.txt ### 4. Add your API key Create a .env file: GEMINI_API_KEY=your_key_here ### 5. Add documents to /data folder Drop your PDF threat reports and CVE JSON files into the data/ folder. ### 6. Ingest documents python scripts\ingest_data.py ### 7. Run the server uvicorn app.main:app --reload --port 8000 ### 8. Open in browser http://localhost:8000/docs ## API Endpoints - POST /ask — Ask a cybersecurity question - POST /upload — Upload a new document - GET /stats — Check knowledge base stats