Introducing TI Mindmap GPT
An AI-powered tool designed to help producing Threat Intelligence Mindmap.
In this post I delve into the motivation and development behind the “TI Mindmap GPT” tool. In the world of threat intelligence, teams are often overwhelmed with a deluge of information. This influx, while potentially valuable for tasks such as hunting and incident response, presents a significant challenge: there are countless write-ups to read and very little time to analyze and extract valuable insights from these contents.
StreamlitApp: https://ti-mindmap-gpt.streamlit.app/
Drawing inspiration from the work of Thomas Roccia, I envisioned creating “TI Mindmap GPT”, a tool developed using Large Language Models (LLMs), OpenAI GPT4. It’s designed to assist cyber threat intelligence teams in quickly synthesizing and visualizing key information from various sources. The app operates on a ‘Bring Your Own (OpenAI) Key’ model, allowing users to leverage their own OpenAI keys for personalized and efficient information processing. This tool aims to streamline the data analysis process, enabling teams to focus more on strategic decision-making and less on the cumbersome task of data mining.
TI Mindmap GPT accepts a URL to a blog post, a threat intelligence article, or a write-up as input. Once inputted into the application, the tool utilizes OpenAI to process and condense the content, producing an effective summary. This summary isn’t just a mere reduction of text; it’s a concise, insightful encapsulation of the key points and themes.
From this summary, the magic of the OpenAI truly unfolds. It generates Mermaid code, a simple, markdown-like script language for generating diagrams and flowcharts. This code is then used to create a mind map, visually connecting the various entities, themes, and concepts discussed in the article. This mind map is a representation of the content, allowing users to see how different aspects are interrelated and to gain a deeper understanding of the subject matter.
The application operates on the ‘Bring Your Own (OpenAI) Key’ concept, so to use or test the app, you will need to enter your own OpenAI key, which you can obtain by opening your OpenAI dashboard. I chose to use the gpt-4–1106-preview model to avoid the issues related to OpenAI’s token limits. These limits are outlined in the following table:
Here follows a demo of TI Mindmap GPT. Subsequently, the main building blocks and implementation details will be presented.
I used Streamlit, an open-source platform for machine learning and data science teams to create data applications with python.
The Python code is available here: https://github.com/format81/TI-Mindmap-GPT
Step by step explanation and demo.
Home page:
The user must enter their own OpenAI API Key, which remains active only for the duration of the user session.
OpenAI model: gpt-4–1106-preview
The user enters the URL of the web resource containing relevant information for which to produce a recap and mindmap (https://www.microsoft.com/en-us/security/blog/2023/11/09/microsoft-shares-threat-intelligence-at-cyberwarcon-2023/ in this example).
The scraping function is invoked (you can view the code on GitHub), and an appropriate prompt is sent using the “Few-Shot Prompting” technique to request a summary from OpenAI.
Using the summarized information, the function to generate the Mermaid.js code is invoked, which allows for the graphical visualization of the relationships between the entities identified in the summary.
I hope you find this interesting. If you’ve found this app useful, I invite you to contribute and add a star on GitHub.
Future developments:
- bug fixing
- streamlining the map production process to avoid syntactic errors
- adding an option to run the app with Azure OpenAI.
Enjoy TI Mindmap GPT https://ti-mindmap-gpt.streamlit.app/
☺️
References:
Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer.
