iflow-mcp-m507_ai-soc-agent 1.0.0__py3-none-any.whl

iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/METADATA

@@ -0,0 +1,410 @@
+Metadata-Version: 2.4
+Name: iflow-mcp-m507_ai-soc-agent
+Version: 1.0.0
+Summary: AI-powered security investigation and incident response platform through MCP
+Author: M507
+License: MIT
+Project-URL: Homepage, https://github.com/M507/ai-soc-agent
+Project-URL: Documentation, https://github.com/M507/ai-soc-agent#readme
+Project-URL: Repository, https://github.com/M507/ai-soc-agent
+Project-URL: Issues, https://github.com/M507/ai-soc-agent/issues
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Systems Administration
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests>=2.31.0
+Requires-Dist: fastapi>=0.104.0
+Requires-Dist: uvicorn[standard]>=0.24.0
+Requires-Dist: python-multipart>=0.0.6
+Requires-Dist: websockets>=12.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.4.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.1.0; extra == "dev"
+Dynamic: license-file
+
+# SamiGPT
+
+**SamiGPT** is an AI-powered security investigation and incident response platform that provides security operations teams with intelligent automation for case management, SIEM analysis, and CTI enrichment through the Model Context Protocol (MCP).
+
+> **Note:** This project is currently under active development. Features, APIs, and documentation may change as development progresses.
+
+## Demo
+
+Watch the demo video to see SamiGPT in action:
+
+[Demo Video](https://youtu.be/usd8ed-7AQg)
+
+### Performance & Cost
+
+**Key Metrics:**
+- ~ $0.18 per alert
+- ~ 50 seconds to investigate an alert per agent/tab
+
+For detailed cost and usage data, see: [Cost Data CSV](usage-events/cost_all.csv)
+
+For detailed documentation and presentation materials:
+
+[AI Agents Presentation PDF](demo/BHMEA25_AI_Agents.pdf)
+
+### Quick Start
+
+SamiGPT can be used in two ways:
+
+#### Method 1: AI Controller (Web Interface)
+
+The AI Controller provides a web-based interface and uses the Cursor IDE `cursor-agent` binary for command execution.
+
+**Prerequisites:**
+- Cursor IDE must be installed (download from [cursor.sh](https://cursor.sh))
+- Verify `cursor-agent` binary is available:
+  ```bash
+  which cursor-agent
+  # Should show path like: /usr/local/bin/cursor-agent or ~/.local/bin/cursor-agent
+  ```
+
+**Steps:**
+
+1. **Activate virtual environment:**
+   ```bash
+   source venv/bin/activate  # On Windows: venv\Scripts\activate
+   ```
+
+2. **Start the AI Controller web interface:**
+   ```bash
+   python3 cursor_agent.py --web --port 8081 --host 127.0.0.1
+   ```
+
+3. **Open your browser:**
+   Navigate to `http://127.0.0.1:8081` to access the web interface.
+
+#### Method 2: MCP Server (Direct Integration)
+
+Use the MCP server directly to connect SamiGPT tools to Cursor, Claude Desktop, or other MCP-compatible tools.
+
+**Steps:**
+
+1. **Activate virtual environment:**
+   ```bash
+   source venv/bin/activate  # On Windows: venv\Scripts\activate
+   ```
+
+2. **Start the MCP server:**
+   ```bash
+   python -m src.mcp.mcp_server
+   ```
+
+3. **Configure your AI tool** (see "Connect MCP Server to AI Tools" section below for detailed instructions)
+
+**Note:** The MCP server method doesn't require the Cursor IDE `cursor-agent` binary - it works directly with any MCP-compatible tool.
+
+## Overview
+
+SamiGPT acts as an MCP server that exposes security investigation and response capabilities as tools that can be used by AI agents, LLM tools, and automated workflows. It provides a unified, vendor-neutral API layer that connects to:
+
+- **Case Management Systems** (TheHive, IRIS)
+- **SIEM Platforms** (Elastic)
+- **EDR Solutions** (Elastic Defend)
+- **Threat Intelligence** (OpenCTI, Local TIP)
+
+The platform enables automated triage, investigation, correlation, and response workflows through intelligent agent profiles organized by SOC tier (SOC1, SOC2).
+
+## Features
+
+### Core Capabilities
+
+- **Automated Alert Triage**: Intelligent initial assessment and classification of security alerts
+- **Case Management**: Create, update, and manage security cases with observables, comments, and timeline tracking
+- **SIEM Integration**: Search security events, pivot on indicators, and correlate activities across environments
+- **EDR Response**: Endpoint isolation, process termination, and forensic artifact collection
+- **Threat Intelligence**: IOC enrichment and reputation analysis
+- **Multi-Tier SOC Workflows**: Structured workflows for SOC1 (triage) and SOC2 (investigation)
+
+### Agent Profiles & Runbooks
+
+SamiGPT includes pre-configured agent profiles with specialized runbooks:
+
+- **SOC1 Agents**: Initial alert triage, enrichment, and false positive identification
+- **SOC2 Agents**: Deep investigation, correlation, and case analysis
+
+## Workflows
+
+SamiGPT uses structured workflows organized by SOC tier. The following diagrams illustrate the execution flow:
+
+### Agent Profiles Flow
+
+This diagram shows how agent profiles are organized and how routing rules direct cases to the appropriate SOC tier agents.
+
+![Agent Profiles Flow](execution_flow/agent_profiles_flow.svg)
+
+### Initial Alert Triage (SOC1)
+
+The initial alert triage workflow handles new security alerts, performs quick assessment, enrichment, and determines whether to create a case or close as false positive.
+
+![Initial Alert Triage](execution_flow/initial_alert_triage.svg)
+
+### Case Analysis (SOC2)
+
+The SOC2 case analysis workflow performs deep investigation, SIEM analysis, CTI enrichment, correlation, and prepares cases for SOC3 escalation.
+
+![Case Analysis](execution_flow/case_analysis.svg)
+
+## Installation
+
+### Prerequisites
+
+- Python 3.9 or higher
+- pip package manager
+
+### Setup
+
+1. **Clone the repository**:
+   ```bash
+   git clone <repository-url>
+   cd SamiGPT
+   ```
+
+2. **Create and activate virtual environment**:
+   ```bash
+   python3 -m venv venv
+   source venv/bin/activate  # On Windows: venv\Scripts\activate
+   ```
+
+3. **Install dependencies**:
+   ```bash
+   pip install --upgrade pip
+   pip install -r requirements.txt
+   ```
+
+4. **Configure integrations** (see Configuration section below)
+
+### Connect MCP Server to AI Tools
+
+If you're using **Method 2: MCP Server** (see Quick Start above), configure your AI tool to connect to the MCP server:
+
+#### Cursor Integration
+
+1. Open Cursor Settings → Features → Model Context Protocol
+2. Add SamiGPT server configuration:
+   ```json
+   {
+     "mcpServers": {
+       "sami-gpt": {
+         "command": "python",
+         "args": ["-m", "src.mcp.mcp_server"],
+         "cwd": "/absolute/path/to/SamiGPT"
+       }
+     }
+   }
+   ```
+3. Restart Cursor and start using SamiGPT tools in chat
+
+#### Claude Desktop Integration
+
+Edit `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
+
+```json
+{
+  "mcpServers": {
+    "sami-gpt": {
+      "command": "python",
+      "args": ["-m", "src.mcp.mcp_server"],
+      "cwd": "/absolute/path/to/SamiGPT"
+    }
+  }
+}
+```
+
+#### Other MCP-Compatible Tools
+
+The MCP server can also be connected to:
+- **Open WebUI** (via MCP configuration)
+- **Other LLM tools** that support the Model Context Protocol
+
+## Architecture
+
+### Infrastructure Overview
+
+![Infrastructure Diagram](execution_flow/infrastructure_diagram.png)
+
+### Directory Structure
+
+```
+SamiGPT/
+├── src/
+│   ├── api/              # Generic interfaces (CaseManagementClient, SIEMClient, EDRClient)
+│   ├── core/             # Configuration, logging, errors, DTOs
+│   ├── integrations/     # Vendor-specific implementations
+│   │   ├── case_management/  # TheHive, IRIS integrations
+│   │   ├── siem/             # Elastic integration
+│   │   ├── edr/              # EDR platform integrations
+│   │   ├── cti/              # Threat intelligence integrations
+│   │   └── eng/              # Engineering board integrations
+│   ├── mcp/              # MCP server, runbook manager, agent profiles
+│   ├── orchestrator/     # Workflow orchestration
+│   └── web/              # Web UI for configuration
+├── run_books/            # SOC tier runbooks and workflows
+├── config/               # Agent profiles and configuration
+└── client_env/           # Client-specific infrastructure data
+```
+
+### Design Principles
+
+- **Vendor-Neutral APIs**: All integrations implement generic interfaces, allowing easy swapping of security tools
+- **Separation of Concerns**: AI/orchestrator layer only interacts with generic APIs, never vendor-specific code
+- **Modular Integration**: Each vendor integration is self-contained with HTTP client, models, mappers, and client implementation
+
+## Configuration
+
+Configuration is managed through `config.json` and can be edited via the web interface or directly.
+
+
+### Configuration File Structure
+
+See `config.json.example` for the complete configuration schema. Key sections:
+
+- `iris` / `thehive`: Case management configuration
+- `elastic`: SIEM configuration
+- `edr`: EDR platform configuration
+- `cti`: Threat intelligence configuration
+- `eng`: Engineering board configuration (ClickUp, Trello, GitHub)
+- `ai_controller`: AI controller web interface settings
+- `logging`: Logging configuration
+
+## Usage Examples
+
+### Basic Case Operations
+
+```python
+# List all open cases
+cases = list_cases(status="open")
+
+# Review a specific case
+case = review_case(case_id="123")
+
+# Add an observable to a case
+attach_observable_to_case(
+    case_id="123",
+    observable_type="ip",
+    observable_value="192.168.1.100",
+    description="Suspicious source IP"
+)
+```
+
+### SIEM Investigation
+
+```python
+# Search for security events
+events = search_security_events(
+    query="source.ip: 192.168.1.100",
+    hours_back=24
+)
+
+# Get file report
+report = get_file_report(file_hash="abc123...")
+
+# Pivot on an indicator
+related_events = pivot_on_indicator("192.168.1.100")
+```
+
+### EDR Response
+
+```python
+# Get endpoint summary
+endpoint = get_endpoint_summary(endpoint_id="host-123")
+
+# Isolate an endpoint
+isolate_endpoint(endpoint_id="host-123")
+
+# Collect forensic artifacts
+collect_forensic_artifacts(
+    endpoint_id="host-123",
+    artifact_types=["processes", "network", "filesystem"]
+)
+```
+
+### Agent Profile Execution
+
+```python
+# Execute as SOC1 triage agent
+execute_as_agent(
+    agent_id="soc1_triage_agent",
+    alert_id="alert-123"
+)
+
+# Execute specific runbook
+execute_runbook(
+    runbook_name="initial_alert_triage",
+    alert_id="alert-123",
+    case_id="case-456"
+)
+```
+
+## Logging
+
+SamiGPT provides comprehensive logging:
+
+- **MCP Server Logs**: `logs/mcp/mcp_all.log`, `mcp_requests.log`, `mcp_responses.log`, `mcp_errors.log`
+- **Application Logs**: `logs/debug.log`, `logs/error.log`, `logs/warning.log`
+
+## Development
+
+### Adding a New Integration
+
+1. **Create integration directory** under `src/integrations/`
+2. **Implement generic interface** from `src/api/`
+3. **Add HTTP client, models, and mappers**
+4. **Register in configuration**
+
+Example structure:
+```
+src/integrations/case_management/new_vendor/
+├── __init__.py
+├── client.py          # HTTP client
+├── models.py          # Vendor-specific models
+├── mapper.py          # Vendor ↔ Generic DTO mapping
+└── case_client.py     # Implements CaseManagementClient
+```
+
+### Running Tests
+
+```bash
+# Run all tests
+pytest tests/
+
+# Run specific integration tests
+pytest tests/integrations/case_management/
+```
+
+## Contributing
+
+When contributing:
+
+1. Keep all vendor-specific code under `src/integrations/`
+2. Ensure all integrations implement the generic APIs in `src/api/`
+3. Add tests for new integrations
+4. Update documentation as needed
+
+## License
+
+MIT
+
+## Support
+
+For issues, questions, or contributions, please open an issue on the repository.
+
+## Acknowledgments
+
+The following projects helped and inspired us during the literature review:
+
+- [AI-Powered SOC Detection System](https://github.com/cyberarber/ai-soc-detection-system/tree/main) - ML-powered SOC platform with autonomous threat detection
+- [ADK Runbooks](https://github.com/dandye/adk_runbooks/tree/main) - Security investigation runbooks and workflows

iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/RECORD

@@ -0,0 +1,85 @@
+iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/licenses/LICENSE,sha256=6Faa4UyQBk9ogkuttSn8dyg85s4W7_BXUsC_2THsX20,1059
+src/__init__.py,sha256=H9OmLj0fzL4TOXMKUS6yOTSvKhutygz2avvu2vpQ5u4,169
+src/ai_controller/README.md,sha256=D5QasBEKcocL4k7CF5JkiPAVqYMTJ6TK75erqytW2mw,4179
+src/ai_controller/__init__.py,sha256=MHeuEv5FqmwhOYMXzPRLU2QYtHKZd-1xR2sFvv2UEVQ,329
+src/ai_controller/agent_executor.py,sha256=iYOJoQ03B0smefrRbt8cerzTcVIg9fnA-_9leiIq7Gk,23146
+src/ai_controller/session_manager.py,sha256=Ue3msGlyPt9WfYrIMS0evTV76t1c9ONvmuIcbsnrhQI,15101
+src/ai_controller/cli/__init__.py,sha256=hxZHL-ilgUNHmTQYMJLEVrhd0BjGZ9ep-CddbEMLOzc,30
+src/ai_controller/cli/main.py,sha256=QK8xuW0ey94llkYg_a3RLZ2eURSUnz5GNuGAGye-Zuc,7844
+src/ai_controller/web/__init__.py,sha256=no2bfNr99wBisJoRt8Xpd2c0QGJyV-3Rvmin5_31D2s,37
+src/ai_controller/web/server.py,sha256=hXeeWysdK9XhHqxRMoHXqPb6Aq6hWnTDIRgfxudWVoc,51469
+src/ai_controller/web/static/css/README.md,sha256=R4J96jMMQvDfX_oEIJMEfVWYl2GcPEdhG5UITwQMYbA,3639
+src/api/__init__.py,sha256=aPyU4qJOTH-536On6lC6q71lGhlPiuOGmHrUC-4lC_o,277
+src/api/case_management.py,sha256=I_vu6sZRyHPzfKxJoIMuJvFYss-Ytm4JumtS-dmF2gk,5859
+src/api/edr.py,sha256=BwcRqyqmEjhRyJyVoWK5LuSMPrOQ56QNddp9E7URPXg,3978
+src/api/kb.py,sha256=LvQfnqJ-5MI898ULPJcvNzW_vNkRGrYTNSMtxzNe-U4,3671
+src/api/siem.py,sha256=oy5jVeqEQGJQPrl28XVZ8P2t_fFBqTL2vm947y9ojlA,7442
+src/core/__init__.py,sha256=geOghYrbqKR1dSbAFowV11PItE0r7OB8vaDfe8eSY5o,165
+src/core/config.py,sha256=KkKGd0rM2xGPZUlI6EFt55_w4_AZfQBg9ffpnpAEoBg,6195
+src/core/config_storage.py,sha256=OU4KnSOqtcUlvMK8GQKsDVFRycvBxEtxpBBkH6K-1QE,25575
+src/core/dto.py,sha256=-0YqXp6MhCFz0LHsBSJkwxSksygSCcXKPy2qDjz9jXc,1301
+src/core/errors.py,sha256=PeTEoCcvnxIkLBUCuwCBoCiWt8msKEDOh7qVSBTq3_E,757
+src/core/logging.py,sha256=CRqo-J05Xn6khkB9NO-8hXXPe1dbx5g5VyxE-GaZ44U,4423
+src/integrations/__init__.py,sha256=8A-XzrgC-PrK4lr5z6arrk57M9SyINCz9lHWgfakuyI,180
+src/integrations/case_management/__init__.py,sha256=9L99pAyRBycps5q_fz1HhuBwTjzkexvxKccz9rIENHo,74
+src/integrations/case_management/iris/__init__.py,sha256=NztGqgyBNuPdOImp84B6mE26y_3STLE1bupA4BCSznY,286
+src/integrations/case_management/iris/iris_client.py,sha256=VftbiHAG77OcW3WxUOaXaL0HtUV83MgqYHZkpJ898Hs,32978
+src/integrations/case_management/iris/iris_http.py,sha256=EEJ0Fq1WBv7Fzx7KOmEmkuy3OynCacDkH-RKCpC1OCE,9930
+src/integrations/case_management/iris/iris_mapper.py,sha256=3mldhZ9qvDEJxrXDxp0uuqHAeC1OKgfCg6lX1YAbe0g,8163
+src/integrations/case_management/iris/iris_models.py,sha256=lwUJfkOARv1q62eY2eG0U10qPDFkk2MP9V5pHB9aRlU,3758
+src/integrations/case_management/thehive/__init__.py,sha256=qhXsaDQKBJxF8ico2sDfWwisMrrKY3QCxnLB28HB7bk,199
+src/integrations/case_management/thehive/thehive_client.py,sha256=r7ni9veLXGs8VcknV_zeuEoqv9TOcoWvkdht_2XC304,5998
+src/integrations/case_management/thehive/thehive_http.py,sha256=wUvfSxHYz0zUA7fHgk2Pfg4ctYC7caGu7qQMlhbmjxw,3627
+src/integrations/case_management/thehive/thehive_mapper.py,sha256=u_thp8Rvp1NZM1fwHxwqu3hoHsIUSqQOboX76tbnwrI,5271
+src/integrations/case_management/thehive/thehive_models.py,sha256=cTy9P08H9_gicXrDN8YATpL9sAsyAuM-PxYQmkTHBdg,2997
+src/integrations/cti/__init__.py,sha256=AU5V9ss9CdPKr8RD2jWG-u2Za8LxxGSXlZuthTGC5y4,127
+src/integrations/cti/local_tip/__init__.py,sha256=UfIBwHUSTwXnvfLpDICWa9fusaapiZBEMS8oaG8g0o0,214
+src/integrations/cti/local_tip/local_tip_client.py,sha256=1gPUOFabZNzC3B05KJOeK02VfXRxGKWjp5Ti1CC9vJE,2754
+src/integrations/cti/local_tip/local_tip_http.py,sha256=WG9Pf0GDM_ofJbcJOSDc8QwuxLcLHix3ylQpQZRI61g,3523
+src/integrations/cti/opencti/__init__.py,sha256=WQyZobvE-h2TiJUzrWGVM6AVQ6wsMcrY7p1f5FAtF98,233
+src/integrations/cti/opencti/opencti_client.py,sha256=FNOD_lBcaiqcSl2uevVXKkx3lzUmIFKikoZgk579dvA,3146
+src/integrations/cti/opencti/opencti_http.py,sha256=riHhbWk0xRv5eb3K2QLsreOz4zkAUfCeU9Xa_venGGk,16500
+src/integrations/edr/__init__.py,sha256=K0I_pMj7iwSWN0rKxoqGo07YixCFbn7XyzYvHn2QDzk,149
+src/integrations/edr/elastic_defend/__init__.py,sha256=-ywxadkvpGVv47cNXOQcULUiKeN9Gv-oMDgGVSztUFY,136
+src/integrations/edr/elastic_defend/elastic_defend_client.py,sha256=DFMUDRJHVxw5OcM8shgsr8sKNoaXeQPbQuZPhwVR6ug,13332
+src/integrations/edr/elastic_defend/elastic_defend_http.py,sha256=AYxp2sUFJ9ZsUP-TGkh6wsXjWVyi08eWqJZ_vUk6o5w,5070
+src/integrations/eng/__init__.py,sha256=pUjFb2zmiL8qlwEbFGx2-pgPGesXk7KHm-KX9oNzJYs,273
+src/integrations/eng/clickup/__init__.py,sha256=w7EmZS5uyxnDidX78UchMfQEKdtpo5ocOO0R7pfS4IM,134
+src/integrations/eng/clickup/clickup_client.py,sha256=1LgvSZNgPGTUpXxQZRYD-ZQ9bymqOooKV3PrPM3rMSM,18665
+src/integrations/eng/clickup/clickup_http.py,sha256=hjQeEDk209YBbrsNHs-xNKWXdfuROy1NfgK7fPNbRyU,5010
+src/integrations/eng/github/__init__.py,sha256=khch8ivfdXCgeldrLFb7wpvK_nC1XKeb0qNgYVRAFvo,130
+src/integrations/eng/github/github_client.py,sha256=vcGJsJgqbvsllq25GgIZubYcHzUbQyEya8IGorQOMHg,5576
+src/integrations/eng/github/github_http.py,sha256=G4uyH_FpZlsWLyn_FhEJ4mf4xZwLpKS1hImQgBmLHPU,5059
+src/integrations/eng/trello/__init__.py,sha256=DiKZZvko2a7fimAs3X_N36cIlhV-D2XfZZxOxiflW7c,130
+src/integrations/eng/trello/trello_client.py,sha256=DXueB5pMWh8eBFGDrLRAyaoHNm73OtzSaaH6sWPCu88,7451
+src/integrations/eng/trello/trello_http.py,sha256=08iR21tjtra4sFbkHTs0h9aHGT6FeW5zqkAHUnfiTlw,5127
+src/integrations/kb/__init__.py,sha256=XdR6ks65N7DrsR5ou92_cwZHivJCqNcO30oLZojXp8I,275
+src/integrations/kb/fs_kb_client.py,sha256=0RQv_nwiUvTILdbHckFS-kG79t68MyltXdUaICsYX1s,11345
+src/integrations/siem/__init__.py,sha256=S4hN0IkAvEXgTdqDyzWfvZikSzeX68vK0uYWV3mfTOM,126
+src/integrations/siem/elastic/__init__.py,sha256=xEl3BU3kDwTT9RheGMOq_eNQ2n-DhdYrzzvPlIVzOu8,113
+src/integrations/siem/elastic/elastic_client.py,sha256=zZIq-mJSF01uFGTvwaLJzKgUhYbtvP-pyo1EuM-1-0A,145498
+src/integrations/siem/elastic/elastic_http.py,sha256=mldvzRmpykPMwnjB6w6Pd7CTMRKcA6-AeZuuvn7Zuew,5253
+src/mcp/README.md,sha256=w4RHz2R74vGDUb0txPeGziaHLeXxt7DgKuRIoPbGFuQ,5517
+src/mcp/TOOLS.md,sha256=gIP0eVQR5mj3WMogwP8K-1Hs9hAm90Ew9OBhuS3IQyY,94635
+src/mcp/__init__.py,sha256=Vz4r7lPnsjsIDe591w-U_EJpUr5Gl1jtOj4COquH0sQ,424
+src/mcp/__main__.py,sha256=jsazaLTcHkOTsAnHGp1iCI7LYtfob2DoFIVAZv3NQR8,287
+src/mcp/agent_profiles.py,sha256=jov0zCC2gm5tVaKwu8myOZI4lskNWIqI6NtbASzyvZ8,16351
+src/mcp/flow_agent_profiles.py,sha256=dhBWLw6XxjKq8pPQcSfX-DnRuES3ou2_jeL0drn35Q0,16031
+src/mcp/mcp_server.py,sha256=NpjMPlJC8RM39BQiyxMvBnD3jQrEUZEn3FcognJ7W_8,179580
+src/mcp/rules_engine.py,sha256=seVx47MqyXbFE2mU932KOtEgImJ3pF4GgiSOuvrAbJM,17572
+src/mcp/runbook_manager.py,sha256=l8QgliBNDWdX_GYxeFsYDQN4cxAVJxox8xjdcDn0_8U,9701
+src/orchestrator/__init__.py,sha256=TMqPpBL_SFwfV66jFuV24b8Kozsn6QaxQjSW_WK-AtI,380
+src/orchestrator/incident_workflow.py,sha256=A1aBX8h8tjmwEBTQYceuEArfHXWDOBdMzPHqilYTt8U,8164
+src/orchestrator/tools_case.py,sha256=kv00QRwPIpF-DuEV14dCqMgJjO4BZ4KgPtC2pgVpXgs,35091
+src/orchestrator/tools_cti.py,sha256=XCMLZ_Pk2SxXuLvy2ZQ_br74dFKriU-sgXNSw12Rnpc,14065
+src/orchestrator/tools_edr.py,sha256=Rhilxsp0sRBOc1vh8Z1nwCu7qC4dQRzCPmZ2PkEDZAM,9546
+src/orchestrator/tools_eng.py,sha256=2rmCplXpzLnn7y5TdhAy1CJctFnLEzvCQvmaxH-C2Hs,14022
+src/orchestrator/tools_kb.py,sha256=UkBraiRf8MzvMi4J32N70jjETXw8oUMagi5kSOYx3Ac,5145
+src/orchestrator/tools_siem.py,sha256=YlIxz2eY7bsRYAqWFxbPx7vRCX7uRXX5wD8pPTa6szM,58919
+src/web/__init__.py,sha256=A8n7SXh086W7X3WQIkY96D_7DjF89MoAdIMq_b-sLWk,222
+src/web/config_server.py,sha256=KsCq4ISckC4Cb_DbI6_ooTdlYMYV5L17pEUgDsxlQ9g,17826
+iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/METADATA,sha256=cS_JAvTa-udnGRFwUNzAPEjyuUyJapac5cRoqQqZUyc,12549
+iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/entry_points.txt,sha256=rVtm8hiOwU96BAY4RURxnVfPtrW13JLAYdUsqqY2O_I,60
+iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/top_level.txt,sha256=74rtVfumQlgAPzR5_2CgYN24MB0XARCg0t-gzk6gTrM,4
+iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/RECORD,,

iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.10.2)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+samigpt-mcp-server = src.mcp.__main__:cli

iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 M 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

iflow_mcp_m507_ai_soc_agent-1.0.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+src

src/__init__.py

@@ -0,0 +1,8 @@
+"""
+Top-level package for SamiGPT.
+
+This package contains the core, API, integration, orchestrator, and web
+modules used to implement the incident response agent.
+"""
+
+

src/ai_controller/README.md

@@ -0,0 +1,139 @@
+# AI Controller
+
+Web-based controller for managing and executing SamiGPT agent commands.
+
+## Setup
+
+```bash
+# Create and activate virtual environment
+python3 -m venv venv
+source venv/bin/activate  # On Windows: venv\Scripts\activate
+
+# Install dependencies (includes websockets for WebSocket support)
+pip install -r requirements.txt
+```
+
+The `cursor-agent` wrapper script in `venv/bin/cursor-agent` passes commands directly to the Cursor IDE `cursor-agent` binary. When the venv is activated, use:
+```bash
+# With venv activated - passes through to Cursor IDE cursor-agent
+venv/bin/cursor-agent "your prompt here"
+venv/bin/cursor-agent --help
+
+# Or add to PATH explicitly
+export PATH="venv/bin:$PATH"
+cursor-agent "your prompt"
+```
+
+**Note:** For the SamiGPT AI Controller web interface, use `python cursor_agent.py --web` (not the wrapper).
+
+## Features
+
+- **Web Interface**: Modern web UI with tabs for managing sessions and autoruns
+- **CLI Interface**: Command-line interface for executing commands directly
+- **Session Management**: Track and manage agent execution sessions
+- **Autorun Support**: Structure ready for scheduled/recurring agent executions
+- **Real-time Updates**: WebSocket support for live command output
+- **Terminal-like UI**: Terminal-style interface for viewing command results
+
+## Structure
+
+```
+src/ai_controller/
+├── __init__.py          # Package initialization
+├── agent_executor.py    # Command parsing and execution
+├── session_manager.py   # Session and autorun storage management
+├── cli/
+│   ├── __init__.py
+│   └── main.py          # CLI entry point
+└── web/
+    ├── __init__.py
+    ├── server.py        # FastAPI web server
+    ├── templates/
+    │   └── index.html   # Web UI
+    └── static/
+        ├── app.js       # Frontend JavaScript
+        └── css/         # Frontend styles (organized by purpose)
+            ├── base.css         # Base styles, reset, body
+            ├── layout.css       # Main layout, sidebar, header
+            ├── buttons.css      # Button components
+            ├── tabs.css         # Tab components
+            ├── status.css       # Status badges
+            ├── terminal.css     # Terminal display
+            ├── autorun.css      # Autorun-specific styles
+            ├── modal.css        # Modal dialogs
+            ├── settings.css     # Settings page
+            └── scrollbar.css   # Custom scrollbar
+```
+
+## Usage
+
+### CLI Usage
+
+Execute commands directly from the command line:
+
+```bash
+# With venv activated
+python cursor_agent.py "run lookup_hash_ti on 973f777723d315e0bee0fb9e81e943bb3440be7d2de7bf582419ae47479bc15d"
+
+# With session tracking
+python cursor_agent.py "run get_security_alerts" --session "Alert Check"
+
+# Start web server
+python cursor_agent.py --web
+
+# Specify port/host
+python cursor_agent.py --web --port 8081 --host 0.0.0.0
+```
+
+### Web Interface
+
+```bash
+# Start web server (with venv activated)
+python cursor_agent.py --web
+```
+
+Open browser to `http://localhost:8081` (or configured port).
+
+### Command Format
+
+Commands follow a simple format:
+
+- `run <tool_name> on <value>` - Execute a tool with a single value
+- `run <tool_name> with <key>=<value>` - Execute a tool with named parameters
+- `run <agent_name> agent on <target>` - Execute an agent (future)
+- `run <runbook_name> runbook on <target>` - Execute a runbook (future)
+
+Examples:
+- `run lookup_hash_ti on 973f777723d315e0bee0fb9e81e943bb3440be7d2de7bf582419ae47479bc15d`
+- `run get_security_alerts`
+- `run get_ip_address_report with ip=10.10.10.1`
+
+## Configuration
+
+Add the following to `config.json`:
+
+```json
+{
+  "ai_controller": {
+    "storage_dir": "data/ai_controller",
+    "web_port": 8081,
+    "web_host": "0.0.0.0"
+  }
+}
+```
+
+## Storage
+
+Sessions and autoruns stored as JSON in `storage_dir`:
+
+- `sessions/` - Session files
+- `autoruns/` - Autorun configs
+
+## Future Enhancements
+
+- Autorun scheduling and execution
+- Agent and runbook execution support
+- Session sharing and collaboration
+- Command history and favorites
+- Advanced filtering and search
+