AI-driven Incident Response assistant built using Retrieval-Augmented Generation (RAG), NIST SP 800-61, and NIST CSF mapping.
Generates the best possible recommended actions aligned with cybersecurity frameworks.
git clone https://github.com/ad15401/IR--GPT.git cd IR--GPT
python3 -m venv .venv source .venv/bin/activate
pip install -r requirements.txt
ollama pull mistral
export IRGPT_MODEL="mistral"
cd app streamlit run app.py
Typically: http://localhost:8501
🧩 Tech Stack
- Python
- Streamlit
- ChromaDB (Vector Database)
- SentenceTransformers
- Ollama (Local LLMs)
- NIST SP 800-61 & NIST CSF
🧠 Architecture Overview
- Retrieves relevant content from NIST-based playbooks via ChromaDB
- Embeds text using SentenceTransformers
- Feeds context + scenario into a local Ollama LLM
- Produces structured recommendations (JSON) and analyst narrative
🧠 Example Use Case Scenario: "Multiple failed logins followed by one success; file permissions modified on host."
IR-GPT retrieves guidance from NIST-aligned playbooks and provides:
- Analysis of event patterns
- Recommended containment and response actions
- Structured JSON fields for incident tracking systems
🧰 Governance & Framework Mapping
- NIST SP 800-61: Detection, Analysis, Containment, Recovery phases
- NIST CSF: Identify, Protect, Detect, Respond, Recover
- Designed for GRC analysts, SOC teams, and IR consultants
👤 Author Anirudh Diwakar Security+ Certified | M.S. Cybersecurity Risk Management | Indiana University LinkedIn: https://www.linkedin.com/in/anirudhdiwakar15/ Email: anirudhdiwakar15@gmail.com
🖼️ Demo
⭐ Contribute