securitylogai 0.1.0__tar.gz

securitylogai-0.1.0/LICENSE

@@ -0,0 +1 @@
+MIT License

securitylogai-0.1.0/PKG-INFO

@@ -0,0 +1,87 @@
+Metadata-Version: 2.4
+Name: securitylogai
+Version: 0.1.0
+Summary: AI-powered security log analysis toolkit
+Author: Isaac Talb
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/IsaacTalb/securitylogai
+Project-URL: Repository, https://github.com/IsaacTalb/securitylogai
+Project-URL: Issues, https://github.com/IsaacTalb/securitylogai/issues
+Keywords: security,logs,ai,cybersecurity,fastapi
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+# securitylogai
+
+Reusable Python engine for parsing logs, detecting suspicious activity, generating reports, and producing AI explanations.
+
+## What it does
+
+- Parse Apache-style logs
+- Detect brute-force style patterns
+- Generate readable reports
+- Produce AI-ready summaries
+
+## Install from PyPI
+
+```bash
+pip install securitylogai
+```
+
+## Install from TestPyPI
+
+```bash
+pip install -i https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple securitylogai
+```
+
+## Usage
+
+```python
+from securitylogai import parse_apache_log, detect_bruteforce, generate_report, explain_attack
+
+log = "127.0.0.1 - - [30/May/2026:12:00:00 +0630] \"POST /login HTTP/1.1\" 401 532"
+event = parse_apache_log(log)
+findings = detect_bruteforce([event] * 25)
+report = generate_report(findings)
+summary = explain_attack(findings[0]) if findings else None
+```
+
+## Build and publish
+
+```bash
+python -m pip install --upgrade build twine
+python -m build
+python -m twine check dist/*
+python -m twine upload dist/*
+```
+
+## Publish to TestPyPI first
+
+```bash
+python -m twine upload --repository testpypi dist/*
+```
+
+## Package structure
+
+- `parser.py` - parse log lines
+- `detector.py` - detect suspicious patterns
+- `reporter.py` - create text reports
+- `ai.py` - AI explanation layer
+- `utils.py` - shared helpers
+
+## Roadmap
+
+- add Nginx / SSH / Windows parsing
+- add provider adapters for OpenAI, Gemini, Ollama
+- add CLI and JSON output
+- add tests and release workflow

securitylogai-0.1.0/README.md

@@ -0,0 +1,64 @@
+# securitylogai
+
+Reusable Python engine for parsing logs, detecting suspicious activity, generating reports, and producing AI explanations.
+
+## What it does
+
+- Parse Apache-style logs
+- Detect brute-force style patterns
+- Generate readable reports
+- Produce AI-ready summaries
+
+## Install from PyPI
+
+```bash
+pip install securitylogai
+```
+
+## Install from TestPyPI
+
+```bash
+pip install -i https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple securitylogai
+```
+
+## Usage
+
+```python
+from securitylogai import parse_apache_log, detect_bruteforce, generate_report, explain_attack
+
+log = "127.0.0.1 - - [30/May/2026:12:00:00 +0630] \"POST /login HTTP/1.1\" 401 532"
+event = parse_apache_log(log)
+findings = detect_bruteforce([event] * 25)
+report = generate_report(findings)
+summary = explain_attack(findings[0]) if findings else None
+```
+
+## Build and publish
+
+```bash
+python -m pip install --upgrade build twine
+python -m build
+python -m twine check dist/*
+python -m twine upload dist/*
+```
+
+## Publish to TestPyPI first
+
+```bash
+python -m twine upload --repository testpypi dist/*
+```
+
+## Package structure
+
+- `parser.py` - parse log lines
+- `detector.py` - detect suspicious patterns
+- `reporter.py` - create text reports
+- `ai.py` - AI explanation layer
+- `utils.py` - shared helpers
+
+## Roadmap
+
+- add Nginx / SSH / Windows parsing
+- add provider adapters for OpenAI, Gemini, Ollama
+- add CLI and JSON output
+- add tests and release workflow

securitylogai-0.1.0/pyproject.toml

@@ -0,0 +1,31 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "securitylogai"
+version = "0.1.0"
+description = "AI-powered security log analysis toolkit"
+readme = "README.md"
+requires-python = ">=3.10"
+license = "MIT"
+authors = [{name = "Isaac Talb"}]
+keywords = ["security", "logs", "ai", "cybersecurity", "fastapi"]
+classifiers = [
+  "Development Status :: 3 - Alpha",
+  "Intended Audience :: Developers",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+  "Topic :: Security",
+  "Topic :: Software Development :: Libraries :: Python Modules",
+]
+
+[project.urls]
+Homepage = "https://github.com/IsaacTalb/securitylogai"
+Repository = "https://github.com/IsaacTalb/securitylogai"
+Issues = "https://github.com/IsaacTalb/securitylogai/issues"
+
+[tool.setuptools]
+packages = ["securitylogai"]

securitylogai-0.1.0/securitylogai/__init__.py

@@ -0,0 +1,13 @@
+from .parser import parse_apache_log
+from .detector import detect_bruteforce
+from .reporter import generate_report
+from .ai import explain_attack
+from .utils import normalize_ip
+
+__all__ = [
+    "parse_apache_log",
+    "detect_bruteforce",
+    "generate_report",
+    "explain_attack",
+    "normalize_ip",
+]

securitylogai-0.1.0/securitylogai/ai.py

@@ -0,0 +1,8 @@
+def explain_attack(data):
+    return {
+        "attack_type": data.get("attack_type", "Brute Force"),
+        "risk": data.get("risk", "High"),
+        "mitre_attack": data.get("mitre_attack", "T1110"),
+        "recommendation": data.get("recommendation", ["Enable MFA", "Block IP", "Monitor Login Attempts"]),
+        "summary": f"Potential {data.get('attack_type', 'Brute Force').lower()} activity detected from {data.get('ip', 'unknown IP')}."
+    }

securitylogai-0.1.0/securitylogai/detector.py

@@ -0,0 +1,13 @@
+def detect_bruteforce(events, threshold=20):
+    counts = {}
+    for event in events:
+        ip = event.get("ip")
+        if not ip:
+            continue
+        counts[ip] = counts.get(ip, 0) + 1
+
+    suspicious = []
+    for ip, count in counts.items():
+        if count > threshold:
+            suspicious.append({"ip": ip, "count": count, "risk": "HIGH", "attack_type": "Brute Force"})
+    return suspicious

securitylogai-0.1.0/securitylogai/parser.py

@@ -0,0 +1,11 @@
+import re
+
+IP_RE = re.compile(r"(\d{1,3}(?:\.\d{1,3}){3})")
+
+
+def parse_apache_log(log_line):
+    match = IP_RE.search(log_line)
+    if not match:
+        return None
+
+    return {"ip": match.group(1), "raw": log_line.strip()}

securitylogai-0.1.0/securitylogai/reporter.py

@@ -0,0 +1,12 @@
+def generate_report(findings):
+    sections = []
+    for item in findings:
+        sections.append(
+            f"""
+IP: {item['ip']}
+Attempts: {item['count']}
+Risk: {item['risk']}
+Attack Type: {item.get('attack_type', 'Unknown')}
+""".strip()
+        )
+    return "\n\n".join(sections)

securitylogai-0.1.0/securitylogai/utils.py

@@ -0,0 +1,2 @@
+def normalize_ip(ip):
+    return ip.strip() if isinstance(ip, str) else ip

securitylogai-0.1.0/securitylogai.egg-info/PKG-INFO

@@ -0,0 +1,87 @@
+Metadata-Version: 2.4
+Name: securitylogai
+Version: 0.1.0
+Summary: AI-powered security log analysis toolkit
+Author: Isaac Talb
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/IsaacTalb/securitylogai
+Project-URL: Repository, https://github.com/IsaacTalb/securitylogai
+Project-URL: Issues, https://github.com/IsaacTalb/securitylogai/issues
+Keywords: security,logs,ai,cybersecurity,fastapi
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+# securitylogai
+
+Reusable Python engine for parsing logs, detecting suspicious activity, generating reports, and producing AI explanations.
+
+## What it does
+
+- Parse Apache-style logs
+- Detect brute-force style patterns
+- Generate readable reports
+- Produce AI-ready summaries
+
+## Install from PyPI
+
+```bash
+pip install securitylogai
+```
+
+## Install from TestPyPI
+
+```bash
+pip install -i https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple securitylogai
+```
+
+## Usage
+
+```python
+from securitylogai import parse_apache_log, detect_bruteforce, generate_report, explain_attack
+
+log = "127.0.0.1 - - [30/May/2026:12:00:00 +0630] \"POST /login HTTP/1.1\" 401 532"
+event = parse_apache_log(log)
+findings = detect_bruteforce([event] * 25)
+report = generate_report(findings)
+summary = explain_attack(findings[0]) if findings else None
+```
+
+## Build and publish
+
+```bash
+python -m pip install --upgrade build twine
+python -m build
+python -m twine check dist/*
+python -m twine upload dist/*
+```
+
+## Publish to TestPyPI first
+
+```bash
+python -m twine upload --repository testpypi dist/*
+```
+
+## Package structure
+
+- `parser.py` - parse log lines
+- `detector.py` - detect suspicious patterns
+- `reporter.py` - create text reports
+- `ai.py` - AI explanation layer
+- `utils.py` - shared helpers
+
+## Roadmap
+
+- add Nginx / SSH / Windows parsing
+- add provider adapters for OpenAI, Gemini, Ollama
+- add CLI and JSON output
+- add tests and release workflow

securitylogai-0.1.0/securitylogai.egg-info/SOURCES.txt

@@ -0,0 +1,14 @@
+LICENSE
+README.md
+pyproject.toml
+securitylogai/__init__.py
+securitylogai/ai.py
+securitylogai/detector.py
+securitylogai/parser.py
+securitylogai/reporter.py
+securitylogai/utils.py
+securitylogai.egg-info/PKG-INFO
+securitylogai.egg-info/SOURCES.txt
+securitylogai.egg-info/dependency_links.txt
+securitylogai.egg-info/top_level.txt
+tests/test_package.py

securitylogai-0.1.0/securitylogai.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

securitylogai-0.1.0/securitylogai.egg-info/top_level.txt

@@ -0,0 +1 @@
+securitylogai

securitylogai-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

securitylogai-0.1.0/tests/test_package.py

@@ -0,0 +1,17 @@
+from securitylogai import parse_apache_log, detect_bruteforce, generate_report
+
+
+def test_parse_apache_log_extracts_ip():
+    event = parse_apache_log('127.0.0.1 - - [30/May/2026:12:00:00 +0630] "POST /login HTTP/1.1" 401 532')
+    assert event['ip'] == '127.0.0.1'
+
+
+def test_detect_bruteforce_flags_threshold():
+    events = [{'ip': '10.0.0.1'}] * 21
+    findings = detect_bruteforce(events, threshold=20)
+    assert findings and findings[0]['risk'] == 'HIGH'
+
+
+def test_generate_report_contains_ip():
+    report = generate_report([{'ip': '10.0.0.1', 'count': 21, 'risk': 'HIGH', 'attack_type': 'Brute Force'}])
+    assert '10.0.0.1' in report