What’s new in TI Mindmap | mar 2024
Series of periodic articles on the developments of TI Mindmap.
Article co-authored with Oleksiy Meletskiy.
TL;DR
TI Mindmap, a Streamlit application, simplifies complex cyber threat intelligence content. Utilizing Large Language Models (LLMs), it produces succinct summaries and significant insights from various sources such as articles, blog posts, infosec write-ups, and extraction of Indicators of Compromise (IOCs). Users can customize it with their own OpenAI or Azure OpenAI keys to boost information processing efficiency, ultimately aiming to expedite strategic decision-making by reducing data analysis duration.
App details:
https://ti-mindmap-gpt.streamlit.app/
https://github.com/format81/TI-Mindmap-GPT
What’s new
- Session management
- Scraping enhancements
- Code optimization
- PDF Report enhancements
- Mitre ATT&CK Navigator layer
Session management
We introduced session management using Streamlit’s State Management feature. Session State is a method for sharing variables between reruns for each user session. See Session State in Streamlit documentation: https://docs.streamlit.io/library/api-reference/session-state
How It Works:
If in our multi-tab app, you have obtained the Mindmap in the “Main” tab and want to produce the PDF report in the “PDF Report” tab, the application will not recalculate the Mindmap or any other variable already obtained but will reuse the one already initialized. The advantages are as follows:
- increased execution speed of the app,
- saving calls to OpenAI/Azure OpenAI API with cost savings for content generation.
See GitHub repo for more information.
Scraping enhancements
The scraping functionality has been extracted from the various tabs of the application, and the scraping result is available for all tabs of the app. This avoids the need to perform scraping in each tab.
Additionally, to prevent blocking by some sites, a user agent has been set. Thanks to Thomas Roccia for his contribution.
How It Works:
By clicking ‘Scrape it,’ the data from any previous session is deleted, and a new working session will be started. Session keys are retained until the entire page is refreshed.
Code optimization
In the previous release, the application was developed in a single .py file. Now the structure is much more readable and easily accessible.
How It Works:
In order to improve code usability, optimize the application, allow for easier contributions from potential contributors, and avoid headaches that can arise as the project grows, the app has been divided as follows:
- timindmapgpt.py → App file with UI
- ti_ai.py → Generative AI functions
- ti_mermaid.py → function related to Mermaid code generation
- ti_mermaid_live.py → function to integrate with Mermaid live editor
- ti_pdf.py → functions to provide PDF Report
PDF Report enhancements
Added more information in the PDF report.
How It Works:
We have added to the PDF report, in addition to the already present summary and Mindmap, the following information:
- reference to the app and GitHub repository,
- Mitre tactics, techniques, and procedures ordered by execution time.
Examples:
Mitre ATT&CK Navigator layer
With a dedicated function and prompt, TI Mindmap can generate a Mitre ATT&CK Navigator layer JSON file that can be imported into the MITRE ATT&CK Navigator app, which is a tool for searching across the entire KB and bringing together particular attack types and custom notations for organizations.
How It Works:
From the analysis of the writeup and the extraction of TTPs, a JSON file is generated representing the layer that can be loaded into the Mitre ATT&CK Navigator tool to obtain an interesting graphical analysis of the TTPs.
By downloading the JSON and using it in the Mitre ATT&CK Navigator, you get the following result.
Soon, the Mitre ATT&CK Navigator will be integrated into the interface with an automatic loading of the produced layer.
App schema
How to get involved
The project is open to external contributions. To collaborate, please check the GitHub repository: https://github.com/format81/TI-Mindmap-GPT/ .
If you find TI Mindmap useful, please consider starring the repository on GitHub.
Antonio Formato: Linkedin — Twitter
Oleksiy Meletskiy: Linkedin — Twitter
Contact us for feedback, suggestions for new features, assistance in trying out the tool, or to report malfunctions or bugs.
References:
