From 52541ab1ed08bcbb8342752ed67dc54ff98fd751 Mon Sep 17 00:00:00 2001
From: "David J. Bianco" <dbianco@splunk.com>
Date: Fri, 10 Jan 2025 14:12:59 -0500
Subject: [PATCH] Session summaries now include a "judgement" field to make it
 easier to search/filter.

---
 SSH/ssh_server.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/SSH/ssh_server.py b/SSH/ssh_server.py
index e82516a..7963e31 100755
--- a/SSH/ssh_server.py
+++ b/SSH/ssh_server.py
@@ -139,7 +139,16 @@ representative examples.
             config=llm_config
     )
 
-    logger.info("Session summary", extra={"details": llm_response.content})
+    # Extract the judgement from the response
+    judgement = "UNKNOWN"
+    if "Judgement: BENIGN" in llm_response.content:
+        judgement = "BENIGN"
+    elif "Judgement: SUSPICIOUS" in llm_response.content:
+        judgement = "SUSPICIOUS"
+    elif "Judgement: MALICIOUS" in llm_response.content:
+        judgement = "MALICIOUS"
+
+    logger.info("Session summary", extra={"details": llm_response.content, "judgement": judgement})
     server.summary_generated = True
 
 async def handle_client(process: asyncssh.SSHServerProcess, server: MySSHServer) -> None: