securitylogai 0.1.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- securitylogai/__init__.py +13 -0
- securitylogai/ai.py +8 -0
- securitylogai/detector.py +13 -0
- securitylogai/parser.py +11 -0
- securitylogai/reporter.py +12 -0
- securitylogai/utils.py +2 -0
- securitylogai-0.1.0.dist-info/METADATA +87 -0
- securitylogai-0.1.0.dist-info/RECORD +11 -0
- securitylogai-0.1.0.dist-info/WHEEL +5 -0
- securitylogai-0.1.0.dist-info/licenses/LICENSE +1 -0
- securitylogai-0.1.0.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
from .parser import parse_apache_log
|
|
2
|
+
from .detector import detect_bruteforce
|
|
3
|
+
from .reporter import generate_report
|
|
4
|
+
from .ai import explain_attack
|
|
5
|
+
from .utils import normalize_ip
|
|
6
|
+
|
|
7
|
+
__all__ = [
|
|
8
|
+
"parse_apache_log",
|
|
9
|
+
"detect_bruteforce",
|
|
10
|
+
"generate_report",
|
|
11
|
+
"explain_attack",
|
|
12
|
+
"normalize_ip",
|
|
13
|
+
]
|
securitylogai/ai.py
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
def explain_attack(data):
|
|
2
|
+
return {
|
|
3
|
+
"attack_type": data.get("attack_type", "Brute Force"),
|
|
4
|
+
"risk": data.get("risk", "High"),
|
|
5
|
+
"mitre_attack": data.get("mitre_attack", "T1110"),
|
|
6
|
+
"recommendation": data.get("recommendation", ["Enable MFA", "Block IP", "Monitor Login Attempts"]),
|
|
7
|
+
"summary": f"Potential {data.get('attack_type', 'Brute Force').lower()} activity detected from {data.get('ip', 'unknown IP')}."
|
|
8
|
+
}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
def detect_bruteforce(events, threshold=20):
|
|
2
|
+
counts = {}
|
|
3
|
+
for event in events:
|
|
4
|
+
ip = event.get("ip")
|
|
5
|
+
if not ip:
|
|
6
|
+
continue
|
|
7
|
+
counts[ip] = counts.get(ip, 0) + 1
|
|
8
|
+
|
|
9
|
+
suspicious = []
|
|
10
|
+
for ip, count in counts.items():
|
|
11
|
+
if count > threshold:
|
|
12
|
+
suspicious.append({"ip": ip, "count": count, "risk": "HIGH", "attack_type": "Brute Force"})
|
|
13
|
+
return suspicious
|
securitylogai/parser.py
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
def generate_report(findings):
|
|
2
|
+
sections = []
|
|
3
|
+
for item in findings:
|
|
4
|
+
sections.append(
|
|
5
|
+
f"""
|
|
6
|
+
IP: {item['ip']}
|
|
7
|
+
Attempts: {item['count']}
|
|
8
|
+
Risk: {item['risk']}
|
|
9
|
+
Attack Type: {item.get('attack_type', 'Unknown')}
|
|
10
|
+
""".strip()
|
|
11
|
+
)
|
|
12
|
+
return "\n\n".join(sections)
|
securitylogai/utils.py
ADDED
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: securitylogai
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: AI-powered security log analysis toolkit
|
|
5
|
+
Author: Isaac Talb
|
|
6
|
+
License-Expression: MIT
|
|
7
|
+
Project-URL: Homepage, https://github.com/IsaacTalb/securitylogai
|
|
8
|
+
Project-URL: Repository, https://github.com/IsaacTalb/securitylogai
|
|
9
|
+
Project-URL: Issues, https://github.com/IsaacTalb/securitylogai/issues
|
|
10
|
+
Keywords: security,logs,ai,cybersecurity,fastapi
|
|
11
|
+
Classifier: Development Status :: 3 - Alpha
|
|
12
|
+
Classifier: Intended Audience :: Developers
|
|
13
|
+
Classifier: Programming Language :: Python :: 3
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
17
|
+
Classifier: Topic :: Security
|
|
18
|
+
Classifier: Topic :: Software Development :: Libraries :: Python Modules
|
|
19
|
+
Requires-Python: >=3.10
|
|
20
|
+
Description-Content-Type: text/markdown
|
|
21
|
+
License-File: LICENSE
|
|
22
|
+
Dynamic: license-file
|
|
23
|
+
|
|
24
|
+
# securitylogai
|
|
25
|
+
|
|
26
|
+
Reusable Python engine for parsing logs, detecting suspicious activity, generating reports, and producing AI explanations.
|
|
27
|
+
|
|
28
|
+
## What it does
|
|
29
|
+
|
|
30
|
+
- Parse Apache-style logs
|
|
31
|
+
- Detect brute-force style patterns
|
|
32
|
+
- Generate readable reports
|
|
33
|
+
- Produce AI-ready summaries
|
|
34
|
+
|
|
35
|
+
## Install from PyPI
|
|
36
|
+
|
|
37
|
+
```bash
|
|
38
|
+
pip install securitylogai
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
## Install from TestPyPI
|
|
42
|
+
|
|
43
|
+
```bash
|
|
44
|
+
pip install -i https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple securitylogai
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
## Usage
|
|
48
|
+
|
|
49
|
+
```python
|
|
50
|
+
from securitylogai import parse_apache_log, detect_bruteforce, generate_report, explain_attack
|
|
51
|
+
|
|
52
|
+
log = "127.0.0.1 - - [30/May/2026:12:00:00 +0630] \"POST /login HTTP/1.1\" 401 532"
|
|
53
|
+
event = parse_apache_log(log)
|
|
54
|
+
findings = detect_bruteforce([event] * 25)
|
|
55
|
+
report = generate_report(findings)
|
|
56
|
+
summary = explain_attack(findings[0]) if findings else None
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
## Build and publish
|
|
60
|
+
|
|
61
|
+
```bash
|
|
62
|
+
python -m pip install --upgrade build twine
|
|
63
|
+
python -m build
|
|
64
|
+
python -m twine check dist/*
|
|
65
|
+
python -m twine upload dist/*
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
## Publish to TestPyPI first
|
|
69
|
+
|
|
70
|
+
```bash
|
|
71
|
+
python -m twine upload --repository testpypi dist/*
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
## Package structure
|
|
75
|
+
|
|
76
|
+
- `parser.py` - parse log lines
|
|
77
|
+
- `detector.py` - detect suspicious patterns
|
|
78
|
+
- `reporter.py` - create text reports
|
|
79
|
+
- `ai.py` - AI explanation layer
|
|
80
|
+
- `utils.py` - shared helpers
|
|
81
|
+
|
|
82
|
+
## Roadmap
|
|
83
|
+
|
|
84
|
+
- add Nginx / SSH / Windows parsing
|
|
85
|
+
- add provider adapters for OpenAI, Gemini, Ollama
|
|
86
|
+
- add CLI and JSON output
|
|
87
|
+
- add tests and release workflow
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
securitylogai/__init__.py,sha256=cR0d2UIEzaE-Idluv4SlHGAihznffkg6GzFxffohP3o,308
|
|
2
|
+
securitylogai/ai.py,sha256=dpxYL7OsYEnCeURMiQ4wU_Rt_dx0gJ01gAULZhHtonw,454
|
|
3
|
+
securitylogai/detector.py,sha256=JOSxn-FV5ngRhsZAm3yDJokx4MKFwX7Rgtiqgc-Fnk0,413
|
|
4
|
+
securitylogai/parser.py,sha256=t03xVeJz3bePHbl6zhqAnJTdGQa0VWx-617v0TyF40c,228
|
|
5
|
+
securitylogai/reporter.py,sha256=QIB7tnssd8I0FE-okMmAAOivQKyVwFiaBV39uwFAH8Y,287
|
|
6
|
+
securitylogai/utils.py,sha256=Vn6L0rKThX7jpiI5rMOu7nLIzNLm2F30-U2TZCDWbKk,76
|
|
7
|
+
securitylogai-0.1.0.dist-info/licenses/LICENSE,sha256=Ac3lhgXOLBB_KEvJcLxqE8Xo_gBpyJrVVRS_grOdU8A,13
|
|
8
|
+
securitylogai-0.1.0.dist-info/METADATA,sha256=BYpHFsGbKSJ3adtGev7fStS1kuIIXSWhOGpF9O0DQbM,2452
|
|
9
|
+
securitylogai-0.1.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
|
|
10
|
+
securitylogai-0.1.0.dist-info/top_level.txt,sha256=f6MNe09RexBOybRbUVsdpLMVM3wdJ-vSjLrW6ScyeVM,14
|
|
11
|
+
securitylogai-0.1.0.dist-info/RECORD,,
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
MIT License
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
securitylogai
|