127 lines
3.3 KiB
Markdown
127 lines
3.3 KiB
Markdown
---
|
|
language:
|
|
- en
|
|
- ru
|
|
- es
|
|
license: llama3.1
|
|
library_name: transformers
|
|
base_model: meta-llama/Llama-3.1-8B-Instruct
|
|
tags:
|
|
- cybersecurity
|
|
- security-analysis
|
|
- wazuh
|
|
- threat-detection
|
|
- llama
|
|
- peft
|
|
- lora
|
|
pipeline_tag: text-generation
|
|
widget:
|
|
- text: 'Analyze this security event: Multiple failed SSH login attempts from 45.142.120.10'
|
|
example_title: "SSH Brute Force"
|
|
- text: 'Rule Level 12: High importance event detected'
|
|
example_title: "High Severity Alert"
|
|
model-index:
|
|
- name: wazuh-llama-3.1-8B-assistant
|
|
results:
|
|
- task:
|
|
type: text-generation
|
|
name: Security Log Analysis
|
|
metrics:
|
|
- type: loss
|
|
value: 0.05
|
|
name: Training Loss
|
|
- type: eval_loss
|
|
value: 0.15
|
|
name: Validation Loss
|
|
---
|
|
|
|
# wazuh-llama-3.1-8B-assistant
|
|
|
|
## Model Details
|
|
|
|
- **Model Name:** wazuh-llama-3.1-8B-assistant
|
|
- **Base Model:** meta-llama/Llama-3.1-8B-Instruct
|
|
- **License:** llama3.1
|
|
- **Model Type:** Causal Language Model
|
|
- **Architecture:** 8B parameters
|
|
- **Languages:** English, Russian, Spanish (multilingual support)
|
|
- **Training Method:** Supervised Fine-Tuning (SFT) with LoRA adapters
|
|
|
|
## Model Description
|
|
|
|
LLaMA 3.1 8B Instruct model fine-tuned for advanced Wazuh security log analysis with instruction-following capabilities.
|
|
|
|
### Key Features
|
|
|
|
- Advanced security reasoning and analysis
|
|
- Instruction-following for complex queries
|
|
- Multi-turn conversation support
|
|
- Unsloth optimization on CUDA (2x faster)
|
|
- LoRA fine-tuning for efficiency
|
|
- Comprehensive threat assessment
|
|
|
|
|
|
## Wazuh Severity Levels
|
|
|
|
| Level Range | Severity | Analysis Approach |
|
|
|-------------|-------------|-------------------------|
|
|
| 0-5 | Low | Informational analysis |
|
|
| 6-10 | Medium | Detailed investigation |
|
|
| 11-15 | High/Crit | Comprehensive response |
|
|
|
|
## Usage
|
|
|
|
### Python API
|
|
|
|
```python
|
|
from transformers import AutoModelForCausalLM, AutoTokenizer
|
|
|
|
model = AutoModelForCausalLM.from_pretrained("pyToshka/wazuh-llama-3.1-8b-assistant")
|
|
tokenizer = AutoTokenizer.from_pretrained("pyToshka/wazuh-llama-3.1-8b-assistant")
|
|
|
|
prompt = """Analyze this Wazuh alert and provide:
|
|
1. Threat Level (0-15)
|
|
2. Classification
|
|
3. Risk Assessment
|
|
4. Recommended Actions
|
|
|
|
Alert: Multiple failed SSH login attempts from 45.142.120.10"""
|
|
|
|
inputs = tokenizer(prompt, return_tensors="pt")
|
|
outputs = model.generate(**inputs, max_new_tokens=512)
|
|
response = tokenizer.decode(outputs[0], skip_special_tokens=True)
|
|
print(response)
|
|
```
|
|
|
|
### Expected Output Format
|
|
|
|
```
|
|
Rule Level: 12 - High importance event
|
|
|
|
Event Type: SSH brute-force attack detected
|
|
Detailed Reasoning: Multiple failed SSH login attempts indicate brute-force attack...
|
|
Risk Assessment: High - Active credential compromise attempt
|
|
Recommended Actions:
|
|
1. Block source IP 45.142.120.10 immediately
|
|
2. Review authentication logs for successful logins
|
|
3. Enable 2FA if not already active
|
|
Investigation Guidance: Check for related events from same subnet...
|
|
MITRE ATT&CK: T1110.001 - Brute Force: Password Guessing
|
|
```
|
|
|
|
## Limitations
|
|
|
|
- Domain: Security/cybersecurity specific
|
|
|
|
## Citation
|
|
|
|
```bibtex
|
|
@software{{wazuh_llama_3.1_8B_assistant,
|
|
title = {{wazuh-llama-3.1-8B-assistant}},
|
|
author = {{pyToshka}},
|
|
year = {{2025}},
|
|
version = {{1.0.0}},
|
|
url = {{https://huggingface.co/pyToshka/wazuh-llama-3.1-8b-assistant}}
|
|
}}
|
|
```
|