Spaces:
Sleeping
Sleeping
| version: "1.0" | |
| name: "soc-analyst-simulator" | |
| title: "Automated SOC Analyst: Incident Response" | |
| description: "A simulated Security Operations Center (SOC) environment. The agent must triage alerts, analyze synthetic SIEM logs, and execute incident response actions (e.g., isolate, block) while balancing threat mitigation with critical system uptime." | |
| # Define the 3 required tasks and their difficulty scaling | |
| tasks: | |
| - id: "task_1_triage" | |
| name: "High-Confidence Threat Triage" | |
| difficulty: "easy" | |
| description: "Identify and execute a BLOCK_IP action on the single glaringly obvious malicious IP from a batch of standard background noise alerts." | |
| - id: "task_2_false_positive" | |
| name: "The False Positive Trap" | |
| difficulty: "medium" | |
| description: "Investigate an anomalous exfiltration alert originating from the backup server during its scheduled window. Correctly execute DISMISS_ALERT without causing system downtime." | |
| - id: "task_3_kill_chain" | |
| name: "Multi-Step Incident Response" | |
| difficulty: "hard" | |
| description: "Detect lateral movement from a compromised host. The agent must sequentially INVESTIGATE the logs and ISOLATE_HOST before the simulated malware reaches the core database." | |
| # Environment metadata for the HF Space | |
| metadata: | |
| tags: | |
| - "cybersecurity" | |
| - "siem" | |
| - "incident-response" | |
| license: "mit" | |