Hugging Face's logo

Spaces:
Agents-MCP-Hackathon
/
TDAgentTools
Runtime error

App Files Community
13
TDAgentTools / README.md
pedrobento988's picture
pedrobento988
Update README.md
331c344 verified
preview code
|
raw
history blame
7 kB
metadata
title: TDAgentTools
emoji: 💬
colorFrom: yellow
colorTo: purple
sdk: gradio
sdk_version: 5.32.1
app_file: app.py
pinned: false
license: apache-2.0
tags:
  - mcp-server-track
short_description: Cybersecurity MCP tools to enhance threat insights

TDAgentTools & TDAgent: Empowering Cybersecurity with Agentic AI

Welcome to TDAgentTools & TDAgent, our innovative proof of concept (PoC) crafted for the Agents-MCP Hackathon. Our initiatives focus on leveraging Agentic AI to enhance cybersecurity threat analysis, providing robust tools for data enrichment and strategic advice for incident handling.

Team Introduction

We are an AI-focused team within a company, dedicated to empowering other teams by implementing AI solutions. Our expertise lies in automating processes to enhance productivity and tackle complex tasks that AI excels in. Our hackathon team members include:

  • Pedro Completo Bento
  • Josep Pon Farreny
  • Sofia Jeronimo dos Santos
  • Rodrigo Dominguez Sanz
  • Miguel Rodin

Project Overview

Track 1: MCP Tool - TDAgentTools

TDAgentTools serves as an MCP server built using Gradio, offering a wide array of cybersecurity intelligence tools. These tools enable users to augment their LLMs' capabilities by integrating with various publicly available cybersecurity intel resources. Our TDAgentTools are accessible via the following link: TDAgentTools Space.

Available Tools:

  1. TDAgentTools_get_url_http_content: Retrieve URL content through an HTTP GET request.
  2. TDAgentTools_query_abuseipdb: Query AbuseIPDB to check if an IP is reported for abusive behavior.
  3. TDAgentTools_query_rdap: Gather information about internet resources such as domain names and IP addresses.
  4. TDAgentTools_get_virus_total_url_info: Fetch URL information using VirusTotal URL Scanner.
  5. TDAgentTools_get_geolocation: Obtain location details from an IP address.
  6. TDAgentTools_enumerate_dns: Access DNS configuration details for a given domain.
  7. TDAgentTools_scrap_subdomains_for_domain: Retrieve subdomains related to a domain.
  8. TDAgentTools_retrieve_ioc_from_threatfox: Get potential IoC information from ThreatFox.
  9. TDAgentTools_get_stix_object_of_attack_id: Access a STIX object using an ATT&CK ID.
  10. TDAgentTools_lookup_user: Seek user details from the Company User Lookup System.
  11. TDAgentTools_lookup_cloud_account: Investigate cloud account information.
  12. TDAgentTools_send_email: Simulate emailing from cert@company.com.

Note: TDAgentTools rely on publicly provided APIs and some of which require API keys. If any of these API keys are revoked, certain tools may not function as intended.

Track1 Demo link

Track 3: Agentic Demo Showcase - TDAgent

TDAgent is an adaptive and interactive AI agent. This agent facilitates a dynamic AI experience, allowing users to switch the LLM used and adjust the system prompt to refine the agent’s behavior and objectives. It uses TDAgentTools to enrich threat data. Explore it here: TDAgent Space.

Key Features:

  • Intelligent API Interactions: The agent autonomously interacts with APIs for data enrichment and analysis without explicit user guidance.
  • Enhanced Data Enrichment: Automatically enriches initial incident data, providing deeper insights.
  • Actionable Intelligence: Suggests actions based on enriched data and analysis, displaying concise outputs for clearer communication.
  • Versatile Adaptability: Capable of switching LLMs for varied results and enhanced debugging.

Motivation and Goals

Our primary motivation is to explore Agentic AI applications in the cybersecurity realm, focusing on AI agent support for:

  1. Enriching reported threat data.
  2. Assisting analysts in threat analysis.

We aimed to:

  • Explore Agentic AI technologies like Gradio and MCP.
  • Enhance AI agent data enrichment with custom tools.
  • Enable agent autonomy in API interaction and threat assessment.
  • Equip the agent to propose specific incident response actions.

Track3 Demo link

Insights & Conclusions

  • Agent's Autonomy: Demonstrated autonomous API interactions and data enrichment capabilities.
  • Enhanced Decision-Making: The agent suggests data-driven insights beyond API outputs.
  • Future Improvements: Plan to fine-tune threat escalation logic and introduce additional decision layers for enhanced threat management.

Our projects successfully demonstrated rapid prototyping with Gradio and Hugging Face Spaces, achieving all intended objectives while providing an engaging and rewarding experience for our team. This PoC shows the potential for future expansions and refinements in the realm of cybersecurity AI support!

TDA Agent Tools

Development setup

To start developing you need the following tools:

To start, sync all the dependencies with uv sync --all-groups. Then, install the pre-commit hooks (uv run pre-commit install) to ensure that future commits comply with the bare minimum to keep code readable.

Once uv has installed all the dependencies, install the pre-commit hooks to run linting and requirement files update, etc., before creating new commits:

uv run pre-commit install

Adding new tools

For the sake of clarity, we organize tools under the directory tdagent/tools/, and then add them to the app.py list of interfaces.

As an example, let's create a tool that adds up two numbers. First, we create a new file tdagent/tools/calc_tool.py with the following content:

import gradio as gr


def add_numbers(num1: float, num2: str) -> float:
    """Compute the addition of two numbers `num1 + num2`.

    Args:
        num1: First number to add.
        num2: Second number to add.

    Returns:
        The result of computing `num1 + num2`.
    """
    return num1 + num2


gr_add_numbers = gr.Interface(
    fn=add_numbers,
    inputs=["number", "number"],
    outputs="number",
    title="Add two numbers",
    description="Compute the addition of two numbers",
)

Naming the file calc_tool.py is convenient as it let us add additional tools to calculate operations inside the same Python module.

Then, we modify the app.py file to include our new tool.

import gradio as gr

from tdagent.tools.get_url_content import gr_get_url_http_content
...  # Other tools already present before
from tdagent.tools.calc_tool import gr_add_numbers


gr_app = gr.TabbedInterface(
    [
        gr_get_url_http_content,
        ...,  # Other tools already present before
        gr_add_numbers
    ],
)

if __name__ == "__main__":
    gr_app.launch(mcp_server=True)

In future updates we might change the app.py to automatically include any gr.Interface, but for now this works just fine.