Spaces:
Sleeping
Sleeping
| from pydantic import BaseModel, Field | |
| from enum import Enum | |
| from typing import List, Dict, Any, Optional | |
| # --- ACTION SPACE --- | |
| class ActionType(str, Enum): | |
| INVESTIGATE = "INVESTIGATE" | |
| BLOCK_IP = "BLOCK_IP" | |
| ISOLATE_HOST = "ISOLATE_HOST" | |
| DISMISS_ALERT = "DISMISS_ALERT" | |
| ESCALATE_TO_HUMAN = "ESCALATE_TO_HUMAN" | |
| class Action(BaseModel): | |
| action_type: ActionType = Field( | |
| ..., | |
| description="The incident response action to execute." | |
| ) | |
| target_ip: Optional[str] = Field( | |
| None, | |
| description="The specific IP address to target (Required for BLOCK_IP, ISOLATE_HOST, and INVESTIGATE)." | |
| ) | |
| # --- OBSERVATION SPACE --- | |
| class LogEntry(BaseModel): | |
| timestamp: str | |
| log_type: str | |
| src_ip: str | |
| dest_ip: str | |
| severity: str | |
| context: str | |
| host_info: Optional[str] = None | |
| class Observation(BaseModel): | |
| current_time: str = Field( | |
| ..., | |
| description="The simulated current time in the SOC." | |
| ) | |
| active_alerts: List[LogEntry] = Field( | |
| default_factory=list, | |
| description="List of current SIEM logs and alerts requiring triage." | |
| ) | |
| system_status: Dict[str, Any] = Field( | |
| default_factory=dict, | |
| description="Health and uptime status of critical internal systems." | |
| ) | |
| # --- REWARD SPACE --- | |
| class Reward(BaseModel): | |
| score_delta: float = Field( | |
| ..., | |
| description="Change in score based on the effectiveness and safety of the last action. Ranges from -1.0 to 1.0." | |
| ) |