Open
Conversation
Implements a Gradio-based SOC mentor chat assistant with three services: 1. UK Bank Holidays API lookup by region and date range 2. MITRE ATT&CK semantic search via ChromaDB (pre-built embeddings included) 3. Microsoft Defender/Sentinel alert triage via LLM function calling Includes guardrails blocking off-topic content and system prompt probes. Routing logic in router.py dispatches to the correct service based on intent.
Dmytro-Bonislavskyi
approved these changes
Mar 7, 2026
Dmytro-Bonislavskyi
left a comment
Dmytro-Bonislavskyi
left a comment
There was a problem hiding this comment.
You built a clear and thoughtful project here. Three services are there. The cybersecurity theme is consistent, and I like that you added both semantic search over MITRE techniques and a practical SOC triage tool. The README is also well organized and explains the system.
This project is a strong piece for your portfolio.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements a Gradio-based SOC mentor chat assistant with three services:
What changes are you trying to make?
Adding the Assignment 2 solution: a Gradio-based SOC Mentor chatbot with three integrated services — UK Bank Holidays API lookup, MITRE ATT&CK semantic search via ChromaDB, and Microsoft Defender/Sentinel alert triage using LLM function calling. Also includes input guardrails and intent-based routing.
What did you learn from the changes you have made?
How to use OpenAI function calling to let an LLM delegate structured work to Python code. Also learned how semantic search works — converting text into vectors and using cosine similarity to find meaning-based matches, rather than keyword matching. Additionally learned how to persist a ChromaDB collection to disk so embeddings only need to be generated once.
Was there another approach you were thinking about making?
For routing, I could have used the LLM itself to classify intent (tool-use routing) instead of keyword matching. I chose keyword matching because it's faster, more predictable, and easier for graders to follow. For the MITRE search, I initially considered simple keyword search over the markdown files, but semantic search gives much better results for natural-language questions.
Were there any challenges? If so, what issue(s) did you face? How did you overcome it?
The main challenge was Python version compatibility — the system Python (3.9) had a TLS issue that blocked API calls and also doesn't support the str | None type union syntax. Resolved by switching to Python 3.11 via the virtual environment. Also had to fix Gradio 6.x's updated chat history format (dict-based instead of list pairs), and resolve routing conflicts where alert keywords overlapped with MITRE search keywords.
How were these changes tested?
Each service was tested manually in the Gradio chat interface:
Bank Holidays: queried Scotland holidays for 2026
MITRE Search: asked about credential dumping and phishing techniques
SOC Triage: pasted sample Defender alerts for phishing, malware, and credential access categories
Guardrails: confirmed blocked topics and system prompt probes return refusal messages
A reference to a related issue in your repository (if applicable)
N/A
Checklist
Yes - I can confirm that my changes are working as intended