Hugging Face's logo

Spaces:
Agents-MCP-Hackathon
/
TDAgentTools
Runtime error

App Files Community
13
TDAgentTools
File size: 7,000 Bytes 
252b40c
dbdd109
252b40c
 
 
 
481cde4
252b40c
 
e30962b
546187f
 
5ac086f
252b40c
 
f34a923
1d0b288
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
f34a923
 
331c344
 
 
1d0b288
 
f34a923
1d0b288
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
331c344
 
1d0b288
 
 
 
 
 
 
 
 
e30962b
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
 
---
title: TDAgentTools
emoji: 💬
colorFrom: yellow
colorTo: purple
sdk: gradio
sdk_version: 5.32.1
app_file: app.py
pinned: false
license: apache-2.0
tags:
 - mcp-server-track
short_description: Cybersecurity MCP tools to enhance threat insights
---


# TDAgentTools & TDAgent: Empowering Cybersecurity with Agentic AI

Welcome to TDAgentTools & TDAgent, our innovative proof of concept (PoC) crafted for the Agents-MCP Hackathon. Our initiatives focus on leveraging Agentic AI to enhance cybersecurity threat analysis, providing robust tools for data enrichment and strategic advice for incident handling.

## Team Introduction

We are an AI-focused team within a company, dedicated to empowering other teams by implementing AI solutions. Our expertise lies in automating processes to enhance productivity and tackle complex tasks that AI excels in. Our hackathon team members include:

- Pedro Completo Bento
- Josep Pon Farreny
- Sofia Jeronimo dos Santos
- Rodrigo Dominguez Sanz
- Miguel Rodin

## Project Overview

### Track 1: MCP Tool - TDAgentTools

TDAgentTools serves as an MCP server built using Gradio, offering a wide array of cybersecurity intelligence tools. These tools enable users to augment their LLMs' capabilities by integrating with various publicly available cybersecurity intel resources. Our TDAgentTools are accessible via the following link: [TDAgentTools Space](https://huggingface.co/spaces/Agents-MCP-Hackathon/TDAgentTools).

#### Available Tools:
1. **TDAgentTools_get_url_http_content**: Retrieve URL content through an HTTP GET request.
2. **TDAgentTools_query_abuseipdb**: Query AbuseIPDB to check if an IP is reported for abusive behavior.
3. **TDAgentTools_query_rdap**: Gather information about internet resources such as domain names and IP addresses.
4. **TDAgentTools_get_virus_total_url_info**: Fetch URL information using VirusTotal URL Scanner.
5. **TDAgentTools_get_geolocation**: Obtain location details from an IP address.
6. **TDAgentTools_enumerate_dns**: Access DNS configuration details for a given domain.
7. **TDAgentTools_scrap_subdomains_for_domain**: Retrieve subdomains related to a domain.
8. **TDAgentTools_retrieve_ioc_from_threatfox**: Get potential IoC information from ThreatFox.
9. **TDAgentTools_get_stix_object_of_attack_id**: Access a STIX object using an ATT&CK ID.
10. **TDAgentTools_lookup_user**: Seek user details from the Company User Lookup System.
11. **TDAgentTools_lookup_cloud_account**: Investigate cloud account information.
12. **TDAgentTools_send_email**: Simulate emailing from cert@company.com.

> **Note:** TDAgentTools rely on publicly provided APIs and some of which require API keys. If any of these API keys are revoked, certain tools may not function as intended.

[Track1 Demo link](https://youtu.be/c7Yg_jOD6J0)


### Track 3: Agentic Demo Showcase - TDAgent

TDAgent is an adaptive and interactive AI agent. This agent facilitates a dynamic AI experience, allowing users to switch the LLM used and adjust the system prompt to refine the agent’s behavior and objectives. It uses TDAgentTools to enrich threat data. Explore it here: [TDAgent Space](https://huggingface.co/spaces/Agents-MCP-Hackathon/TDAgent).

#### Key Features:
- **Intelligent API Interactions**: The agent autonomously interacts with APIs for data enrichment and analysis without explicit user guidance.
- **Enhanced Data Enrichment**: Automatically enriches initial incident data, providing deeper insights.
- **Actionable Intelligence**: Suggests actions based on enriched data and analysis, displaying concise outputs for clearer communication.
- **Versatile Adaptability**: Capable of switching LLMs for varied results and enhanced debugging.

## Motivation and Goals

Our primary motivation is to explore Agentic AI applications in the cybersecurity realm, focusing on AI agent support for:
1. Enriching reported threat data.
2. Assisting analysts in threat analysis.

We aimed to:
- Explore Agentic AI technologies like Gradio and MCP.
- Enhance AI agent data enrichment with custom tools.
- Enable agent autonomy in API interaction and threat assessment.
- Equip the agent to propose specific incident response actions.

[Track3 Demo link](https://youtu.be/C6Z9EOW-3lE)

## Insights & Conclusions

- **Agent's Autonomy**: Demonstrated autonomous API interactions and data enrichment capabilities.
- **Enhanced Decision-Making**: The agent suggests data-driven insights beyond API outputs.
- **Future Improvements**: Plan to fine-tune threat escalation logic and introduce additional decision layers for enhanced threat management.

Our projects successfully demonstrated rapid prototyping with Gradio and Hugging Face Spaces, achieving all intended objectives while providing an engaging and rewarding experience for our team. This PoC shows the potential for future expansions and refinements in the realm of cybersecurity AI support!


# TDA Agent Tools

# Development setup

To start developing you need the following tools:

 * [uv](https://docs.astral.sh/uv/)

To start, sync all the dependencies with `uv sync --all-groups`.
Then, install the pre-commit hooks (`uv run pre-commit install`) to
ensure that future commits comply with the bare minimum to keep
code _readable_.

Once `uv` has installed all the dependencies, install the `pre-commit`
hooks to run linting and requirement files update, etc., before creating
new commits:

```bash
uv run pre-commit install
```

# Adding new tools

For the sake of clarity, we organize tools under the directory
`tdagent/tools/`, and then add them to the `app.py` list of
interfaces.

As an example, let's create a tool that adds up two numbers. First,
we create a new file `tdagent/tools/calc_tool.py` with the following
content:

```Python
import gradio as gr


def add_numbers(num1: float, num2: str) -> float:
    """Compute the addition of two numbers `num1 + num2`.

    Args:
        num1: First number to add.
        num2: Second number to add.

    Returns:
        The result of computing `num1 + num2`.
    """
    return num1 + num2


gr_add_numbers = gr.Interface(
    fn=add_numbers,
    inputs=["number", "number"],
    outputs="number",
    title="Add two numbers",
    description="Compute the addition of two numbers",
)
```

Naming the file `calc_tool.py` is convenient as it let us add
additional tools to calculate operations inside the same Python
module.

Then, we modify the `app.py` file to include our new tool.

```Python
import gradio as gr

from tdagent.tools.get_url_content import gr_get_url_http_content
...  # Other tools already present before
from tdagent.tools.calc_tool import gr_add_numbers


gr_app = gr.TabbedInterface(
    [
        gr_get_url_http_content,
        ...,  # Other tools already present before
        gr_add_numbers
    ],
)

if __name__ == "__main__":
    gr_app.launch(mcp_server=True)
```

In future updates we might change the `app.py` to automatically
include any `gr.Interface`, but for now this works just fine.