agent2.py

import ollama

def analyze_threat(summary):
    """Agent 2: Contextualizes the threat and writes the incident report."""
    prompt = f"""
    You are a strict, precise SOC Analyst. Read the log summary below and classify the threat.
    
    CRITICAL INSTRUCTIONS:
    - Output ONLY the Markdown format. Do not add any conversational text.
    - If the IP is missing or null, write "Local/Internal".
    - Risk Score MUST be a number between 1 and 10.

    EXAMPLE GOOD OUTPUT:
    ### Path Traversal (Risk Score: 8)
    **Attacker IP:** 192.168.1.50
    **Summary:** An external IP attempted to read the /etc/passwd file using directory traversal sequences.
    **Recommendation:** Sanitize user input and block URI paths containing '../'.
    
    Now, generate the report for the following log:
    Summary: {summary}
    """
    
    response = ollama.chat(
        model='qwen2:7b', 
        messages=[{'role': 'user', 'content': prompt}],
        options={'temperature': 0.1}
    )
    
    return response['message']['content'].strip()