Update README.md

README.md

@@ -8,6 +8,8 @@ tags:
 license: apache-2.0
 language:
 - en
+datasets:
+- madox81/mittre_severity_ds
 ---
 
 # Uploaded finetuned  model
@@ -19,3 +21,80 @@ language:
 This llama model was trained 2x faster with [Unsloth](https://github.com/unslothai/unsloth) and Huggingface's TRL library.
 
 [<img src="https://raw.githubusercontent.com/unslothai/unsloth/main/images/unsloth%20made%20with%20love.png" width="200"/>](https://github.com/unslothai/unsloth)
+
+# Smollm2_Cyber_Insight
+
+## Model Overview
+
+**Smollm2_Cyber_Insight** is a lightweight domain-adapted language model fine-tuned for **cybersecurity threat analysis** tasks.  
+The model specializes in interpreting short textual descriptions of security incidents and producing structured (JSON) security insights.
+
+- **Base Model:** smollm2-1.7b-instruct
+- **Architecture:** SmolLM2
+- **Training Method:** LoRA fine-tuning
+- **Domain:** Cyber Threat Analysis
+- **Model Size:** ~1.7B parameters
+
+## Capabilities
+
+The model supports the following tasks:
+
+- Mapping incidents to **MITRE ATT&CK tactics**
+- Identifying possible **attack techniques**
+- Assessing **incident severity and potential business impact**
+- Assisting in structured cybersecurity analysis
+
+## Intended Use
+
+This model is suitable for:
+
+- Cyber threat intelligence experiments
+- NLP research in cybersecurity
+- Cybersecurity research
+- Prototyping AI-assisted SOC tools
+
+## Limitations
+
+- Predictions are probabilistic and may require analyst validation
+- Performance depends on similarity to training data
+- Not intended for autonomous security decision-making
+
+## Training Data
+
+The model was trained on a **specialized cybersecurity dataset** [madox81/mittre_severity_ds](https://huggingface.co/datasets/madox81/mittre_severity_ds) containing incident descriptions and structured labels including:
+
+- attack tactics
+- attack techniques
+- incident severity indicators.
+
+## Example Prompt
+
+
+```
+Map the following security event to MITRE ATT&CK tactics and techniques.
+Input: rule apt_lolbin { strings: $a = "certutil.exe" nocase; $b = "-urlfetch" nocase; condition: $a and $b }
+
+Identify the ATT&CK tactics and techniques in this data.
+Input: selection: EventName: 'UpdateDomainNameservers' AND SourceIPAddress not in ('aws-internal')
+
+Classify this cybersecurity event into MITRE ATT&CK framework.
+Input: rule apt_wasm { strings: $a = "WebAssembly.compile" nocase; $b = "fetch" nocase; condition: $a and $b }
+
+Map the following security event to MITRE ATT&CK tactics and techniques.
+Input: Incident Type: Data Breach
+Target: MongoDB Instance
+Vector: Weak Authentication
+
+Assess the severity and business risk of the following incident.
+Input: Incident: Phishing affecting HR Accounts.
+
+Analyze the business risk and severity for the input below.
+Input: Incident: Supply Chain Attack affecting CI/CD Pipeline.
+
+Rate the severity (Low/Medium/High/Critical) and impact of this event.
+Input: Incident: Credential Dumping affecting Windows Domain Controller.
+```
+
+## License
+
+Refer to the base model license.