DSATP integration embedded for Hugging Face Spaces

app.py

@@ -1,42 +1,95 @@
 import gradio as gr
-from textblob import TextBlob
-
-# Placeholder DSATP function
-def mock_dsatp_scan(text: str) -> dict:
-    """Mock vulnerability scan using sentiment analysis as a placeholder."""
-    blob = TextBlob(text)
-    sentiment = blob.sentiment
-    return {
-        "vulnerability_score": round(sentiment.polarity, 2),
-        "details": "Positive sentiment suggests low risk; negative suggests high risk."
+import yara
+import os
+
+# DSATP log parsing (embedded for Spaces)
+def dsatp_parse_log(text: str) -> dict:
+    """Parse log for IoT threats."""
+    log = text.lower()
+    threats = {
+        "compromised": {"classification": "Threat Detected", "severity": "Critical", "mitigation": "Isolate process, run port scan"},
+        "unauthorized": {"classification": "Threat Detected", "severity": "High", "mitigation": "Quarantine MAC address"},
+        "high cpu": {"classification": "Threat Detected", "severity": "Medium", "mitigation": "Check for crypto-miner or DoS"},
+        "inbound traffic": {"classification": "Threat Detected", "severity": "Medium", "mitigation": "Block closed ports"},
+        "firmware mismatch": {"classification": "Threat Detected", "severity": "High", "mitigation": "Validate OTA or rollback"}
     }
+    for key, value in threats.items():
+        if key in log:
+            return {**value, "confidence": 0.9}
+    return {"classification": "No Threat", "severity": "Safe", "mitigation": "None", "confidence": 0.5}
+
+# DSATP YARA scanning (embedded for Spaces)
+def dsatp_yara_scan(file_path: str) -> dict:
+    """Scan file with YARA rules."""
+    try:
+        rules = yara.compile(filepath="dsatp/rules.yar")
+        matches = rules.match(file_path)
+        if matches:
+            return {
+                "classification": "Malware Detected",
+                "severity": "Critical",
+                "mitigation": "Quarantine file, run antivirus",
+                "confidence": 0.95
+            }
+        return {
+            "classification": "No Malware",
+            "severity": "Safe",
+            "mitigation": "None",
+            "confidence": 0.7
+        }
+    except Exception as e:
+        return {"error": str(e), "severity": "Unknown", "mitigation": "Check file format"}
 
 # Chatbot function
-def chatbot_response(user_input, history):
-    """Basic chatbot response with mock DSATP integration."""
+def chatbot_response(user_input, file, history):
+    """Process input or file with DSATP."""
     if history is None:
-        history = []  # Initialize history if None
-    scan_result = mock_dsatp_scan(user_input)
-    response = f"Security Analyst: Analyzed input. Vulnerability score: {scan_result['vulnerability_score']}. Details: {scan_result['details']}"
-    # Append new message tuple to history
-    updated_history = history + [(user_input, response)]
-    return updated_history, scan_result  # Return updated history and scan_result
-
-# Gradio interface
-with gr.Blocks() as demo:
+        history = []
+    input_text = user_input
+    scan_result = None
+
+    if file:
+        input_text = open(file.name, "r").read()
+        scan_result = dsatp_yara_scan(file.name)
+    else:
+        scan_result = dsatp_parse_log(input_text)
+
+    response = f"Security Analyst: {scan_result['classification']}. Severity: {scan_result['severity']}. Mitigation: {scan_result['mitigation']}. Confidence: {scan_result['confidence']:.1f}"
+    updated_history = history + [(user_input or "File uploaded", response)]
+    return updated_history, scan_result
+
+# Gradio interface with Tailwind-style threat visualizer
+with gr.Blocks(css="""
+    .threat-card { background-color: #1f2937; color: white; padding: 16px; border-radius: 8px; margin-bottom: 16px; }
+    .severity-critical { background-color: #dc2626; }
+    .severity-high { background-color: #f59e0b; }
+    .severity-medium { background-color: #eab308; }
+    .severity-safe { background-color: #10b981; }
+    .severity-label { padding: 4px 8px; border-radius: 4px; }
+""") as demo:
     gr.Markdown("# AI Cybersecurity Agent")
     with gr.Row():
         with gr.Column():
             chatbot = gr.Chatbot(label="Security Analyst Chat")
-            user_input = gr.Textbox(placeholder="Enter text to analyze (e.g., log data)...")
+            user_input = gr.Textbox(placeholder="Enter log data or alert (e.g., 'System compromised!')")
+            file_input = gr.File(label="Upload .txt/.log file", file_types=[".txt", ".log"])
             submit_btn = gr.Button("Analyze")
         with gr.Column():
-            gr.Markdown("### Placeholder for Network Graph and Charts")
+            gr.Markdown("### Threat Analysis Results")
             output_json = gr.JSON(label="Scan Results")
-    
+            gr.Markdown("### Threat Visualizer")
+            gr.Markdown("""
+                <div class="threat-card" id="threat-card">
+                    <p><strong>Classification:</strong> <span id="classification">{{classification}}</span></p>
+                    <p><strong>Severity:</strong> <span class="severity-label {{severity_class}}" id="severity">{{severity}}</span></p>
+                    <p><strong>Mitigation:</strong> <span id="mitigation">{{mitigation}}</span></p>
+                    <p><strong>Confidence:</strong> <span id="confidence">{{confidence}}</span></p>
+                </div>
+            """, visible=True)
+
     submit_btn.click(
         fn=chatbot_response,
-        inputs=[user_input, chatbot],
+        inputs=[user_input, file_input, chatbot],
         outputs=[chatbot, output_json]
     )
 

dsatp/rules.yar

@@ -0,0 +1,6 @@
+rule MockMalware {
+    strings:
+        $a = "malware"
+    condition:
+        $a
+}

requirements.txt

@@ -1,2 +1,6 @@
 gradio[mcp]>=4.0.0
-textblob
+textblob
+fastapi
+uvicorn
+yara-python
+requests