splunk/DECEIVE
1
0
Fork 0
mirror of https://github.com/splunk/DECEIVE.git synced 2025-07-01 16:47:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

Session summaries now include a "judgement" field to make it easier to search/filter.

Browse Source
This commit is contained in:
David J. Bianco
2025-01-10 14:12:59 -05:00
parent e9044ba2ad
commit 52541ab1ed
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
SSH/ssh_server.py
View File

@ -139,7 +139,16 @@ representative examples.
config=llm_config config=llm_config
) )
logger.info("Session summary", extra={"details": llm_response.content}) # Extract the judgement from the response
judgement = "UNKNOWN"
if "Judgement: BENIGN" in llm_response.content:
judgement = "BENIGN"
elif "Judgement: SUSPICIOUS" in llm_response.content:
judgement = "SUSPICIOUS"
elif "Judgement: MALICIOUS" in llm_response.content:
judgement = "MALICIOUS"
logger.info("Session summary", extra={"details": llm_response.content, "judgement": judgement})
server.summary_generated = True server.summary_generated = True
async def handle_client(process: asyncssh.SSHServerProcess, server: MySSHServer) -> None: async def handle_client(process: asyncssh.SSHServerProcess, server: MySSHServer) -> None: