Spaces:

Agents-MCP-Hackathon
/

TDAgent

Running

App Files Files Community

pedrobento988

RodDoSanz commited on Jun 10

Commit

3fe27ba

verified ·

1 Parent(s): 0a1ac14

examples_provided_in_interface (#20)

Browse files

- feat: add examples to UI (8641f03f5935c6bf5e8f418b822248caec12a8b7)

Co-authored-by: Rodrigo Domínguez Sanz <RodDoSanz@users.noreply.huggingface.co>

Files changed (2) hide show

exfiltration_ticket.txt +58 -0
tdagent/grchat.py +10 -1

exfiltration_ticket.txt ADDED Viewed

	@@ -0,0 +1,58 @@

+Handle the following ticket by deducing its associated MITRE technique and performing the usual course-of-action:
+{
+"Ticket_ID": "INC-2025-0234",
+"Created_Date": "2025-06-05 03:14:22 UTC",
+"Last_Updated": "2025-06-05 09:53:35 UTC",
+"Status": "In Progress",
+"Severity": "High",
+"Category": "Data Exfiltration",
+"Detection_Source": {
+"System": "DLP (Data Loss Prevention)",
+"Alert_ID": "DLP-2025-1842",
+"Detection_Rule": "Large Data Transfer Pattern"
+},
+"Incident_Details": {
+"Summary": "Unusual data transfer pattern detected from Finance Department workstation to unknown external IP",
+"Description": "DLP system detected approximately 2.3GB of data being transferred from a workstation in Finance (IP: 192.168.45.132) to an unrecognized external IP address (176.65.144.169). The transfer occurred outside normal business hours and contained multiple compressed files with potential sensitive data.",
+"Initial_Vector": "Potentially compromised credentials",
+"Affected_Systems": [
+"FINWS-132 (Finance Workstation)",
+"Internal File Server FS-23"
+]
+},
+"Technical_Data": {
+"Source_IP": "192.168.45.132",
+"Destination_IP": "176.65.144.169",
+"Timestamp": "2025-06-05 03:12:45 UTC",
+"Protocol": "HTTPS",
+"Port": 7702,
+"Data_Volume": "2.3GB",
+"File_Types": ["zip", "rar", "xlsx", "pdf"]
+},
+"Actions_Taken": [
+{
+"Time": "2025-06-05 03:14:22 UTC",
+"Action": "Automatic alert generated by DLP system",
+"By": "DLP-System"
+},
+{
+"Time": "2025-06-05 03:25:10 UTC",
+"Action": "Workstation isolated from network",
+"By": "SOC-Analyst-John"
+},
+{
+"Time": "2025-06-05 04:15:33 UTC",
+"Action": "Initial forensic snapshot created",
+"By": "SOC-Analyst-Sarah"
+},
+{
+"Time": "2025-06-05 09:53:35 UTC",
+"Action": "Initiated full system memory dump",
+"By": "IR-Team-Lead"
+}
+],
+}

tdagent/grchat.py CHANGED Viewed

@@ -481,6 +481,12 @@ async def gr_connect_to_azure(  # noqa: PLR0913
 #     )
 #     return "✅ Successfully connected to nebius!"
 async def gr_chat_function(  # noqa: D103
     message: str,
@@ -742,7 +748,10 @@ with (
                 chat_interface = gr.ChatInterface(
                     fn=gr_chat_function,
                     type="messages",
-                    examples=[],  # Add examples if needed
                     description="A simple threat analyst agent with MCP tools.",
                 )
         with gr.TabItem("Demo"):

 #     )
 #     return "✅ Successfully connected to nebius!"
+with open("exfiltration_ticket.txt") as fhandle:  # noqa: PTH123
+    exfiltration_ticket = fhandle.read()
+with open("sample_kali_linux_1.txt") as fhandle1:  # noqa: PTH123
+    service_discovery_ticket = fhandle1.read()
 async def gr_chat_function(  # noqa: D103
     message: str,
                 chat_interface = gr.ChatInterface(
                     fn=gr_chat_function,
                     type="messages",
+                    examples=[exfiltration_ticket, service_discovery_ticket],
+                    example_labels=[
+                        "Enrich & Handle exfiltration ticket 🕵️‍♂️",
+                        "Handle service discovery ticket 🤖💻"],
                     description="A simple threat analyst agent with MCP tools.",
                 )
         with gr.TabItem("Demo"):