CyberRisk Advisor

Inspiration

SOC analysts deal with an overwhelming volume of raw security logs every day — CloudTrail entries, Sysmon traces, failed logins, odd network patterns, and more. Manually reviewing all this noise is slow, draining, and prone to mistakes. CyberRisk Advisor was born from a simple thought: “What if analysts could paste raw logs and instantly get a clean incident summary, detections, and recommended actions — just like guidance from a senior SOC expert?” That idea evolved into my Vertical Agent: an AI-driven security copilot that transforms messy, unstructured logs into clear insights and risk-scored findings.

What it does

CyberRisk Advisor takes raw logs and automatically: Detects suspicious patterns (privilege misuse, failed logins, EC2 actions, crypto mining indicators, lateral movement, etc.) Assigns a 0–100 overall risk score Summarizes the incident Generates recommended actions for the SOC team Produces SIEM queries (SPL / KQL / SQL-like) to deepen investigation This replicates the reasoning process of a seasoned security analyst — entirely automated.

How we built it

1. Frontend (HTML + CSS + JS)- I designed a clean, modern UI inspired by real SOC dashboards: Environment selection Analyst concern dropdown Dynamic character counter Log input area “Analyze Logs” button with loading animation Elegant results panel (risk score, detections, actions, queries) Everything is built using pure HTML, CSS, and Vanilla JS to keep it fast and hackathon-friendly.

2. Backend (FastAPI + Python)- The backend exposes one core endpoint: POST /analyze_logs It performs: Prompt construction Schema enforcement Integration with the AGI API JSON model validation Error handling and fallback cleanup The agent is structured using Pydantic models for clean, predictable outputs.

3. AGI API Reasoning Layer- This is where the magic happens. The system prompt defines the AI’s role as a senior SOC analyst. The user prompt injects: environment analyst question raw logs The AGI model then returns strict JSON with detections, severity, actions, and queries. This is the true "Real Agent" component — autonomous reasoning over real-world data.

Challenges we ran into

1. Strict JSON Parsing- LLMs sometimes return: extra text Markdown formatting backticks or incomplete structures I had to implement response cleanup + JSON recovery logic to ensure consistent outputs.

2. API Endpoint Differences- The AGI API is similar to OpenAI but not identical. Figuring out: correct endpoint correct payload format correct model name required debugging and custom error tracing.

3. UI–Backend Coordination- Getting the UI’s “Analyze” button to properly call the backend and dynamically render: risk scores detections action lists queries required careful event handling and DOM updates.

Accomplishments that we're proud of

Built a working AI security copilot that takes raw logs and returns clear threat detections, a risk score, and incident recommendations. Designed a simple, clean UI where analysts can paste logs, select context, and instantly view structured results. Implemented a FastAPI backend that reliably communicates with the AGI API and enforces a strict JSON schema for consistent outputs. Created a realistic SOC-style workflow, including detections, severity levels, recommended actions, and SIEM query generation. Overcame challenges with LLM formatting, JSON parsing, and API debugging to ensure stable end-to-end performance under hackathon time pressure.

What we learned

What's next for CyberRisk Advisor

Built With

• api
• css
• fastapi
• frontend
• html
• javascript
• pycharm
• python
• typescript
• visualcode