import streamlit as st import re import time # Page Config for Dark Mode / Professional Look st.set_page_config(page_title="Zero-Noise | Agentic SOC", layout="wide", initial_sidebar_state="collapsed") # Premium Custom CSS for Professional Security Interface st.markdown(""" """, unsafe_allow_html=True) st.title("Zero-Noise: Agentic SOC-in-a-Box") st.markdown("

Real-time Threat Intelligence & Analysis Pipeline

", unsafe_allow_html=True) st.markdown("---") # Status Overview cols = st.columns(2) with cols[0]: st.metric("System Status", "🟢 PROTECTED", delta="Active", delta_color="inverse") with cols[1]: st.metric("Latency", "38ms", delta="↓ 4ms", delta_color="inverse") st.markdown("---") col_main, col_side = st.columns([3, 1], gap="medium") with col_side: st.markdown("
🛠️ Operations
", unsafe_allow_html=True) if st.button("🔄 Re-Scan Logs", use_container_width=True, key="rescan"): st.toast("Reinitializing threat analysis pipeline...") st.write("") # Create placeholder for Log Analysis that will update as we scan log_analysis_placeholder = st.empty() with col_main: st.markdown("
🚨 Incident Intelligence Feed
", unsafe_allow_html=True) try: with open('FINAL_REPORT.md', 'r') as f: content = f.read() # Split individual incidents incidents = content.split("---") total_logs_scanned = 0 incident_count = 0 for incident in incidents: if "###" in incident: incident_count += 1 # Scan logs with 0.5 second increments until we hit the next incident while total_logs_scanned < incident_count * 3: # Each incident represents ~3 logs scanned total_logs_scanned += 1 if total_logs_scanned > 32: total_logs_scanned = 32 # Update log analysis in sidebar with log_analysis_placeholder.container(): st.markdown(f"""
📊 Log Analysis
Total Logs: {total_logs_scanned}
Anomalies Found: {incident_count}
Scanning... {(total_logs_scanned/32)*100:.1f}%
""", unsafe_allow_html=True) time.sleep(0.5) # Determine threat level from risk score risk_match = re.search(r"Risk Score: (\d+)", incident) risk_score = int(risk_match.group(1)) if risk_match else 5 if risk_score >= 8: threat_class = "threat-high" severity = "🔴 CRITICAL" elif risk_score >= 5: threat_class = "threat-medium" severity = "🟠 MEDIUM" else: threat_class = "threat-low" severity = "🟢 LOW" # Parse incident components title_match = re.search(r"### (.+)", incident) title = title_match.group(1) if title_match else "Unknown Threat" attacker_match = re.search(r"\*\*Attacker IP:\*\*\s*(.+?)(?=\n|$)", incident) attacker = attacker_match.group(1).strip() if attacker_match else "N/A" summary_match = re.search(r"\*\*Summary:\*\*\s*(.+?)(?=\*\*Recommendation:\*\*|\n\*\*|$)", incident, re.DOTALL) summary = summary_match.group(1).strip() if summary_match else "" recommendation_match = re.search(r"\*\*Recommendation:\*\*\s*(.+?)(?=---|\*\*|$)", incident, re.DOTALL) recommendation = recommendation_match.group(1).strip() if recommendation_match else "" with st.container(): st.markdown(f"""
{title} {severity}
""", unsafe_allow_html=True) st.markdown(f"**Attacker IP:** {attacker}") st.markdown(f"**Summary:** {summary}") st.markdown(f"**Recommendation:** {recommendation}") st.markdown("
", unsafe_allow_html=True) # 2-second delay between incidents time.sleep(2) # Finish scanning remaining logs up to 32 while total_logs_scanned < 32: total_logs_scanned += 1 with log_analysis_placeholder.container(): st.markdown(f"""
📊 Log Analysis
Total Logs: {total_logs_scanned}
Anomalies Found: {incident_count}
Scanning... {(total_logs_scanned/32)*100:.1f}%
""", unsafe_allow_html=True) time.sleep(0.5) except Exception as e: st.info("⏳ Awaiting live log ingestion...") st.markdown("""
Pipeline Configuration
Analysis Stack:
• Filter: Deterministic Regex
• Parser: Qwen2-7B (Agent 1)
• Analyst: Qwen2-7B (Agent 2)
• Hardware: AMD MI300X
""", unsafe_allow_html=True)