--- language: - en - ru - es license: llama3.1 library_name: transformers base_model: meta-llama/Llama-3.1-8B-Instruct tags: - cybersecurity - security-analysis - wazuh - threat-detection - llama - peft - lora pipeline_tag: text-generation widget: - text: 'Analyze this security event: Multiple failed SSH login attempts from 45.142.120.10' example_title: "SSH Brute Force" - text: 'Rule Level 12: High importance event detected' example_title: "High Severity Alert" model-index: - name: wazuh-llama-3.1-8B-assistant results: - task: type: text-generation name: Security Log Analysis metrics: - type: loss value: 0.05 name: Training Loss - type: eval_loss value: 0.15 name: Validation Loss --- # wazuh-llama-3.1-8B-assistant ## Model Details - **Model Name:** wazuh-llama-3.1-8B-assistant - **Base Model:** meta-llama/Llama-3.1-8B-Instruct - **License:** llama3.1 - **Model Type:** Causal Language Model - **Architecture:** 8B parameters - **Languages:** English, Russian, Spanish (multilingual support) - **Training Method:** Supervised Fine-Tuning (SFT) with LoRA adapters ## Model Description LLaMA 3.1 8B Instruct model fine-tuned for advanced Wazuh security log analysis with instruction-following capabilities. ### Key Features - Advanced security reasoning and analysis - Instruction-following for complex queries - Multi-turn conversation support - Unsloth optimization on CUDA (2x faster) - LoRA fine-tuning for efficiency - Comprehensive threat assessment ## Wazuh Severity Levels | Level Range | Severity | Analysis Approach | |-------------|-------------|-------------------------| | 0-5 | Low | Informational analysis | | 6-10 | Medium | Detailed investigation | | 11-15 | High/Crit | Comprehensive response | ## Usage ### Python API ```python from transformers import AutoModelForCausalLM, AutoTokenizer model = AutoModelForCausalLM.from_pretrained("pyToshka/wazuh-llama-3.1-8b-assistant") tokenizer = AutoTokenizer.from_pretrained("pyToshka/wazuh-llama-3.1-8b-assistant") prompt = """Analyze this Wazuh alert and provide: 1. Threat Level (0-15) 2. Classification 3. Risk Assessment 4. Recommended Actions Alert: Multiple failed SSH login attempts from 45.142.120.10""" inputs = tokenizer(prompt, return_tensors="pt") outputs = model.generate(**inputs, max_new_tokens=512) response = tokenizer.decode(outputs[0], skip_special_tokens=True) print(response) ``` ### Expected Output Format ``` Rule Level: 12 - High importance event Event Type: SSH brute-force attack detected Detailed Reasoning: Multiple failed SSH login attempts indicate brute-force attack... Risk Assessment: High - Active credential compromise attempt Recommended Actions: 1. Block source IP 45.142.120.10 immediately 2. Review authentication logs for successful logins 3. Enable 2FA if not already active Investigation Guidance: Check for related events from same subnet... MITRE ATT&CK: T1110.001 - Brute Force: Password Guessing ``` ## Limitations - Domain: Security/cybersecurity specific ## Citation ```bibtex @software{{wazuh_llama_3.1_8B_assistant, title = {{wazuh-llama-3.1-8B-assistant}}, author = {{pyToshka}}, year = {{2025}}, version = {{1.0.0}}, url = {{https://huggingface.co/pyToshka/wazuh-llama-3.1-8b-assistant}} }} ```