Spaces:
Sleeping
Sleeping
| title: ThreatRadar | |
| emoji: π | |
| colorFrom: yellow | |
| colorTo: red | |
| sdk: gradio | |
| sdk_version: 5.33.0 | |
| app_file: src/gradio_interface.py | |
| pinned: false | |
| license: mit | |
| short_description: AI-Powered Cybersecurity Threat Intelligence | |
| tags: | |
| - mcp-server-track | |
| # π‘ ThreatRadar | |
| **AI-Powered Cybersecurity Threat Intelligence** | |
| A comprehensive cybersecurity threat intelligence platform that combines IOC (Indicator of Compromise) analysis with advanced threat intelligence capabilities. ThreatRadar provides an intuitive web interface for cybersecurity professionals and researchers. | |
| Demo Link - [Demo Link](https://drive.google.com/file/d/1smg4pm4BY7sQj6woDZgBRu-7nU0J8SDZ/view?usp=sharing) | |
| ## π Features | |
| - **π― IOC Analysis**: Analyze IP addresses, domains, URLs, and file hashes using VirusTotal | |
| - **π Threat Intelligence**: Search and analyze cybersecurity threats, APT groups, malware families using Tavily | |
| - **π€ AI-Powered Analysis**: Uses Nebius LLM for intelligent threat assessment and natural language processing | |
| - **β‘ Real-Time Detection**: Automatically identifies and extracts IOCs from natural language queries | |
| - **π₯οΈ Web Interface**: Intuitive Gradio-powered web interface for easy access | |
| - **π Rich Reporting**: HTML-formatted results with expandable raw data sections | |
| ## π οΈ Quick Start | |
| ### π Prerequisites | |
| - API Keys for: | |
| - **VirusTotal API** (sign up at https://www.virustotal.com/gui/join-us) | |
| - **Nebius API** (for LLM analysis) | |
| - **Tavily API** (optional, for enhanced threat intelligence) | |
| ### π§ Setup | |
| 1. **Configure your API keys** in the Hugging Face Spaces secrets: | |
| - `VT_API_KEY`: Your VirusTotal API key | |
| - `NEBIUS_API_KEY`: Your Nebius API key | |
| - `TAVILY_API_KEY`: Your Tavily API key (optional) | |
| ## π― Usage | |
| ### π Web Interface (Gradio) | |
| The application automatically starts when deployed to Hugging Face Spaces. Simply: | |
| 1. **Enter your query** in the input field | |
| 2. **Click "π Analyze"** to get comprehensive threat intelligence | |
| ### π Example Queries | |
| | Query Type | Example | Description | | |
| |------------|---------|-------------| | |
| | **IP Address** | `8.8.8.8` | Analyze IP reputation and threat status | | |
| | **Domain** | `malicious-domain.com` | Check domain for malicious activity | | |
| | **File Hash** | `44d88612fea8a8f36de82e1278abb02f` | Analyze file hash (MD5/SHA1/SHA256) | | |
| | **URL** | `https://suspicious-site.com` | Check URL for threats | | |
| | **APT Intelligence** | `What is APT29?` | Get threat actor information | | |
| | **Malware Research** | `Tell me about Lazarus Group` | Research threat groups | | |
| | **General Security** | `Explain ransomware attack vectors` | Security knowledge queries | | |
| ### π MCP Server Integration | |
| ThreatRadar automatically provides an MCP (Model Context Protocol) server through Gradio when deployed. This allows integration with MCP-compatible tools and IDEs. | |
| #### Available MCP Tool: | |
| - **`analyze_cyberthreat_query`**: Comprehensive cybersecurity analysis with automatic IOC detection and threat intelligence | |
| - **Handles**: IOCs (IPs, domains, URLs, hashes), APT groups, malware families, campaigns, tactics, and natural language queries | |
| - **Auto-detects**: Automatically identifies IOC types and routes to appropriate analysis engines | |
| - **Examples**: | |
| - "8.8.8.8" - IP analysis | |
| - "APT29 tactics" - Threat intelligence search | |
| - "What can you tell me about the IP 192.168.1.1 and APT29?" - Mixed analysis | |
| #### Using with Cursor IDE: | |
| 1. ThreatRadar automatically exposes MCP tools when running | |
| 2. Connect your Cursor IDE or other mcp compatible application to the ThreatRadar MCP server | |
| 3. Use the tools directly from your IDE for threat analysis | |
| ```bash | |
| # To use with locally cloned applicaiton | |
| Add the below to mcp.json file to use the mcp server. Replace the URL with one provided by GRADIO. | |
| Use it through locally run gradio_interface.py | |
| { | |
| "mcpServers": { | |
| "gradio": { | |
| "url": "http://127.0.0.1:7860/gradio_api/mcp/sse" | |
| } | |
| } | |
| } | |
| # Or through gradio spaces mcp url | |
| { | |
| "mcpServers": { | |
| "gradio": { | |
| "url": "https://agents-mcp-hackathon-threatradar.hf.space/gradio_api/mcp/sse" | |
| } | |
| } | |
| } | |
| ``` | |
| ## ποΈ Project Structure | |
| ``` | |
| ThreatRadar/ | |
| βββ π requirements.txt # Python dependencies | |
| βββ π src/ # Main source code | |
| βββ π gradio_interface.py # Web interface (Gradio) | |
| βββ π core/ # Core functionality modules | |
| βββ π§ base_client.py # Base client class | |
| βββ π‘οΈ virustotal_client.py # VirusTotal API integration | |
| βββ π€ nebius_llm_client.py # Nebius LLM integration | |
| ``` | |
| ## π Acknowledgments | |
| - **VirusTotal** for comprehensive malware detection | |
| - **Tavily** for enhanced threat intelligence search | |
| - **Nebius** for AI-powered analysis capabilities | |
| - **Gradio** for the intuitive web interface | |
| - **Hugging Face** for providing the Spaces platform | |
| --- | |