Hugging Face's logo

pyToshka
/
wazuh-llama-3.1-8b-assistant

Text Generation
Transformers
Safetensors
PEFT
English
Russian
Spanish
llama
cybersecurity
security-analysis
wazuh
threat-detection
lora
conversational
Eval Results
text-generation-inference
Model card Files
xet
Community

wazuh-llama-3.1-8B-assistant

Model Details

  • Model Name: wazuh-llama-3.1-8B-assistant
  • Base Model: meta-llama/Llama-3.1-8B-Instruct
  • License: llama3.1
  • Model Type: Causal Language Model
  • Architecture: 8B parameters
  • Languages: English, Russian, Spanish (multilingual support)
  • Training Method: Supervised Fine-Tuning (SFT) with LoRA adapters

Model Description

LLaMA 3.1 8B Instruct model fine-tuned for advanced Wazuh security log analysis with instruction-following capabilities.

Key Features

  • Advanced security reasoning and analysis
  • Instruction-following for complex queries
  • Multi-turn conversation support
  • Unsloth optimization on CUDA (2x faster)
  • LoRA fine-tuning for efficiency
  • Comprehensive threat assessment

Wazuh Severity Levels

Level Range Severity Analysis Approach
0-5 Low Informational analysis
6-10 Medium Detailed investigation
11-15 High/Crit Comprehensive response

Usage

Python API 

from transformers import AutoModelForCausalLM, AutoTokenizer

model = AutoModelForCausalLM.from_pretrained("pyToshka/wazuh-llama-3.1-8b-assistant")
tokenizer = AutoTokenizer.from_pretrained("pyToshka/wazuh-llama-3.1-8b-assistant")

prompt = """Analyze this Wazuh alert and provide:
1. Threat Level (0-15)
2. Classification
3. Risk Assessment
4. Recommended Actions

Alert: Multiple failed SSH login attempts from 45.142.120.10"""

inputs = tokenizer(prompt, return_tensors="pt")
outputs = model.generate(**inputs, max_new_tokens=512)
response = tokenizer.decode(outputs[0], skip_special_tokens=True)
print(response)

Expected Output Format 

Rule Level: 12 - High importance event

Event Type: SSH brute-force attack detected
Detailed Reasoning: Multiple failed SSH login attempts indicate brute-force attack...
Risk Assessment: High - Active credential compromise attempt
Recommended Actions:
  1. Block source IP 45.142.120.10 immediately
  2. Review authentication logs for successful logins
  3. Enable 2FA if not already active
Investigation Guidance: Check for related events from same subnet...
MITRE ATT&CK: T1110.001 - Brute Force: Password Guessing

Limitations

  • Domain: Security/cybersecurity specific

Citation 

@software{{wazuh_llama_3.1_8B_assistant,
  title = {{wazuh-llama-3.1-8B-assistant}},
  author = {{pyToshka}},
  year = {{2025}},
  version = {{1.0.0}},
  url = {{https://huggingface.co/pyToshka/wazuh-llama-3.1-8b-assistant}}
}}
Downloads last month
108
Safetensors
Model size
8B params
Tensor type
BF16
ยท
Inference Providers NEW
Text Generation
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support

Model tree for pyToshka/wazuh-llama-3.1-8b-assistant

Base model

meta-llama/Llama-3.1-8B
Finetuned
meta-llama/Llama-3.1-8B-Instruct
Adapter
(1205)
this model
Adapters
1 model

Evaluation results

Metadata error: specify a dataset to view leaderboard