广州白云区做网站商务网站建设论文总结

广州白云区做网站,商务网站建设论文总结,搜狗指数,京东网上商城怎么看订单这篇文章介绍了一个基于大模型的多智能体安全运营中心(SOC)自动化分析助手#xff0c;通过5个专用智能体系统实现威胁指标提取、VirusTotal集成、MITRE ATTCK映射、CVE情报获取、数字取证与事件响应规划等功能。系统使用LangGraph构建流水线#xff0c;可生成结构化JSON…这篇文章介绍了一个基于大模型的多智能体安全运营中心(SOC)自动化分析助手通过5个专用智能体系统实现威胁指标提取、VirusTotal集成、MITRE ATTCK映射、CVE情报获取、数字取证与事件响应规划等功能。系统使用LangGraph构建流水线可生成结构化JSON和文本报告所有报告按时间戳保存在指定目录中为SOC团队提供自动化安全分析和响应能力。基于终端的多智能体安全运营中心自动化分析助手主要功能威胁指标提取- 自动识别IP地址、域名、URL、文件哈希、电子邮件及文件路径VirusTotal集成- 结合威胁情报增强的自动化哈希分析MITRE ATTCK映射- 依据官方企业版ATTCK框架验证并映射攻击技术真实CVE情报- 从NVD API获取实际漏洞信息数字取证与事件响应规划- 生成调查与遏制行动计划安全运营中心级报告- 生成结构化JSON和易读的文本报告持久化输出- 所有报告均按时间戳保存在/output/目录下多智能体编排- 基于LangGraph流水线构建的5个专用智能体系统关键实现1.威胁指标提取使用few-shot的方式提取用户输入中的威胁指标。指令还是比较简单的给定了角色、任务和输出格式。系统提示词system_prompt ( You are a SOC analyst specializing in IOC extraction. Your task is to read the incident description and extract indicators of compromise (IPs, domains, URLs, emails, malware hashes, file paths) into a valid JSON format.\n\n IMPORTANT RULES:\n - Do NOT extract memory addresses (e.g., 0x...) as hashes.\n - Do NOT extract usernames (e.g., john.doe) as emails. Emails MUST contain and a domain.\n - Only extract valid IPv4 or IPv6 addresses. )用户提示词user_prompt fIncident text:{incident_text}Return ONLY a valid JSON with the following structure:{{ ips: [1.2.3.4, ...], domains: [example.com, ...], urls: [http://example.com/malware.exe, ...], emails: [userexample.com, ...], hashes: {{ md5: [...], sha1: [...], sha256: [...] }}, file_paths: [C:\\\\Windows\\\\System32\\\\..., /tmp/malicious, ...]}}最后将模型提出的结果进行一次内容和格式校验。2.VT威胁情报富化根据哈希值在VT中查询相关记录返回结果return { malicious_count: stats.get(malicious, 0), total_engines: sum(stats.values()) if stats else 0, permalink: fhttps://www.virustotal.com/gui/file/{file_hash}, scan_date: attributes.get(last_analysis_date, 0), names: attributes.get(names, [])[:5], threat_label: threat_label, sandbox_verdicts: sandbox_verdicts[:5], sigma_rules: sigma_rules[:3], signature_description: signature_info }3.ATTCK技术映射MITRE技术映射LLM 官方数据库验证用大模型根据incident_text与IOCs提议一组技术ID以及证据说明。将LLM返回的ID交给本地或线上的数据库查询通过technique ID查找对应的信息并将结果返回。查询ATTCK系统提示词system_prompt ( You are a cybersecurity analyst expert in MITRE ATTCK. Based on the incident description and IOCs, identify the most probable techniques and sub-techniques (ID Txxxx / Txxxx.xx). \n\nCRITICAL RULES:\n 1. Do NOT invent IDs; use only valid MITRE ATTCK Enterprise IDs.\n 2. ONLY map techniques if there is DIRECT EVIDENCE in the incident text.\n 3. DO NOT map T1027.003 (Steganography) to ZIP files - ZIP is compression, NOT steganography.\n 4. DO NOT map T1071 (C2) or T1071.001 (Web Protocols) unless there is evidence of BEACONING or persistent communication.\n 5. DO NOT map T1190 (Exploit Public-Facing Application) unless there is evidence of exploitation (RCE, injection, etc).\n 6. For file downloads, prefer T1105 (Ingress Tool Transfer).\n 7. For phishing with malicious links, use T1566.002 only if there is evidence.\n 8. If the incident involves ransomware execution, focus on execution techniques (T1204, T1059) and impact (T1486).\n \nDo not provide names or tactics, only IDs and justification: the system will enrich them later. )用户输入提示词user_prompt fIncident description:{incident_text}Extracted IOCs (JSON):{ioc_snippet}IMPORTANT GUIDELINES:- Only map techniques with DIRECT evidence from the incident- For downloads: use T1105 (Ingress Tool Transfer)- For ZIP files: use T1560.001 (Archive via Utility) if relevant, NOT T1027.003- For C2: ONLY if theres evidence of beaconing/persistent communication- For exploitation: ONLY if theres evidence of RCE, injection, or vulnerability exploitation- For ransomware execution: focus on T1204 (User Execution), T1059 (Command/Scripting), T1486 (Data Encrypted for Impact)Return ONLY a valid JSON with the following structure:{{ techniques: [ {{ id: T1059.001, justification: Briefly explain why this technique applies based on EVIDENCE }} ], summary: Summary in 3-5 lines of the observed MITRE pattern.}}4.检索CVE用大模型抽取2-3个相关的产品或技术关键词及时间范围作为查询条件。调用NVD API获取CVE列表。对于每个CVE再次使用大模型判断是否与当前时间相关。最后讲结果返回。主要实现方式extraction _build_cve_keywords_with_llm(software_info, mitre_context)for kw in keywords: cves search_cves(kw, max_results3, pub_start_datepub_start_date, pub_end_datepub_end_date) for c in cves: if _validate_cve_relevance(c, software_info): c2 dict(c) c2[source_keyword] kw c2[related_techniques] [] c2[confidence] medium all_cves.append(c2)5.DFIR计划生成汇集上下文信息后使用大模型来生成结构化的调查步骤。系统提示词system_prompt ( You are a Senior DFIR Analyst in a SOC. Based on the incident/event description, IOCs, MITRE mapping, and vulnerabilities (CVEs), you must propose a structured investigation and response plan, oriented towards L1/L2 analysts. )用户提示词user_prompt fIncident / Event description:{text}Extracted IOCs:{ioc_snippet}MITRE Context (TTPs):{mitre_snippet}CVE Context:{cve_snippet}Return ONLY a valid JSON with the following structure:{{ investigation_steps: [ {{ step: 1, category: Artifact Collection, description: Detailed action description., tools: [Splunk, EDR, Volatility], expected_outcome: What is expected to be found. }} ], containment_actions: [ {{ priority: high, description: Containment action., depends_on: [1] }} ], eradication_and_recovery: [ Eradication action 1, Recovery action 1 ], notes: Additional notes (e.g., communication, reporting, etc.).}}6.结构化报告生成根据上下文生成结构化报告系统提示词system_prompt ( You are an L2 SOC Analyst responsible for writing incident reports. You must generate a clear, structured, and actionable report for a SOC environment, separating an executive section (for managers) and a technical section (for analysts). Use a professional and concise tone. )用户提示词user_prompt fOriginal incident description:{incident_text}IOCs (JSON):{ioc_snippet}MITRE Context (JSON):{mitre_snippet}CVE Context (JSON):{cve_snippet}Investigation / Response Plan (JSON):{investigation_snippet}Generate ONLY a valid JSON with the following structure:{{ metadata: {{ title: Incident Title, severity: high, status: under_investigation, tlp: TLP:AMBER, detected_by: SOC L1 - SIEM alert, environment: production }}, executive_summary: Summary in 5-8 lines, oriented to non-technical managers., technical_summary: Technical summary of the attack, vectors, IOCs, MITRE, and CVEs., timeline: [ {{ timestamp: 2025-11-30T08:14:00Z, event: First SIEM alert for suspicious traffic to malicious IP. }} ], ioc_section: {{ ips: [], domains: [], urls: [], emails: [], hashes: {{ md5: [], sha1: [], sha256: [] }}, file_paths: [] }}, mitre_mapping: [ {{ id: T1059.001, name: Command Shell, tactic: Execution, tactic_id: TA0002, justification: Brief explanation of why it applies. }} ], cve_section: [ {{ id: CVE-XXXX-YYYY, cvss: 9.8, description: Vulnerability summary., related_techniques: [T1059.001], confidence: high }} ], investigation_summary: [ Brief list of investigation actions performed / planned. ], containment_and_recovery: {{ containment_actions: [ Isolate affected host from corporate network. ], eradication: [ Reimage machine or clean malicious artifacts according to playbook. ], recovery: [ Return systems to production after validating integrity. ] }}, recommendations: {{ short_term: [ Immediate improvement actions. ], long_term: [ Strategic long-term measures. ] }}}}7.持久化保存保存报告为txt或json文件并加入时间戳。​最后我在一线科技企业深耕十二载见证过太多因技术卡位而跃迁的案例。那些率先拥抱 AI 的同事早已在效率与薪资上形成代际优势我意识到有很多经验和知识值得分享给大家也可以通过我们的能力和经验解答大家在大模型的学习中的很多困惑。我整理出这套 AI 大模型突围资料包✅AI大模型学习路线图✅Agent行业报告✅100集大模型视频教程✅大模型书籍PDF✅DeepSeek教程✅AI产品经理入门资料完整的大模型学习和面试资料已经上传带到CSDN的官方了有需要的朋友可以扫描下方二维码免费领取【保证100%免费】​​为什么说现在普通人就业/升职加薪的首选是AI大模型人工智能技术的爆发式增长正以不可逆转之势重塑就业市场版图。从DeepSeek等国产大模型引发的科技圈热议到全国两会关于AI产业发展的政策聚焦再到招聘会上排起的长队AI的热度已从技术领域渗透到就业市场的每一个角落。智联招聘的最新数据给出了最直观的印证2025年2月AI领域求职人数同比增幅突破200%远超其他行业平均水平整个人工智能行业的求职增速达到33.4%位居各行业榜首其中人工智能工程师岗位的求职热度更是飙升69.6%。AI产业的快速扩张也让人才供需矛盾愈发突出。麦肯锡报告明确预测到2030年中国AI专业人才需求将达600万人人才缺口可能高达400万人这一缺口不仅存在于核心技术领域更蔓延至产业应用的各个环节。​​资料包有什么①从入门到精通的全套视频教程⑤⑥包含提示词工程、RAG、Agent等技术点② AI大模型学习路线图还有视频解说全过程AI大模型学习路线③学习电子书籍和技术文档市面上的大模型书籍确实太多了这些是我精选出来的④各大厂大模型面试题目详解⑤ 这些资料真的有用吗?这份资料由我和鲁为民博士共同整理鲁为民博士先后获得了北京清华大学学士和美国加州理工学院博士学位在包括IEEE Transactions等学术期刊和诸多国际会议上发表了超过50篇学术论文、取得了多项美国和中国发明专利同时还斩获了吴文俊人工智能科学技术奖。目前我正在和鲁博士共同进行人工智能的研究。所有的视频教程由智泊AI老师录制且资料与智泊AI共享相互补充。这份学习大礼包应该算是现在最全面的大模型学习资料了。资料内容涵盖了从入门到进阶的各类视频教程和实战项目无论你是小白还是有些技术基础的这份资料都绝对能帮助你提升薪资待遇转行大模型岗位。智泊AI始终秉持着“让每个人平等享受到优质教育资源”的育人理念‌通过动态追踪大模型开发、数据标注伦理等前沿技术趋势‌构建起前沿课程智能实训精准就业的高效培养体系。课堂上不光教理论还带着学员做了十多个真实项目。学员要亲自上手搞数据清洗、模型调优这些硬核操作把课本知识变成真本事‌​​​​如果说你是以下人群中的其中一类都可以来智泊AI学习人工智能找到高薪工作一次小小的“投资”换来的是终身受益应届毕业生‌无工作经验但想要系统学习AI大模型技术期待通过实战项目掌握核心技术。零基础转型‌非技术背景但关注AI应用场景计划通过低代码工具实现“AI行业”跨界‌。业务赋能 ‌突破瓶颈传统开发者Java/前端等学习Transformer架构与LangChain框架向AI全栈工程师转型‌。获取方式有需要的小伙伴可以保存图片到wx扫描二v码免费领取【保证100%免费】**​