AI-powered cybersecurity analyst β maps your attack surface using MITRE ATT&CK knowledge graphs, real-time CVE correlation, and agentic reasoning
LangGraph multi-step agent classifies your question, queries the knowledge graph, synthesizes threat assessments, and generates remediation playbooks with Sigma detection rules.
Maps complete attack chains: asset β software β CVE β technique β threat group. Identifies which hacker groups can reach your servers through known vulnerabilities.
Computes risk scores per asset using CVSS severity, asset criticality multipliers, and CISA KEV bonus for actively exploited vulnerabilities.
Full kill chain visualization with 14 tactics, 691+ techniques, top threat groups, and most commonly used attack software β mapped to your infrastructure.
Identifies unmitigated ATT&CK techniques by checking which techniques lack corresponding MITRE mitigations in your defense posture.
Scans your codebase for dependencies (requirements.txt, package.json), maps them to software versions in the KG, and identifies vulnerable code paths.
ThreatGraph connects threat intelligence to your actual infrastructure through a multi-layer SurrealDB knowledge graph.
-- Find every CVE affecting your web server
SELECT hostname,
->runs->software_version.name AS software,
->runs->software_version->has_cve->cve.cve_id AS cves,
->runs->software_version->has_cve->cve.cvss_score AS scores
FROM asset WHERE hostname = 'web-server-01';
curl -sSf https://install.surrealdb.com | shsurreal start --user root --pass root --bind 0.0.0.0:8000 memorygit clone https://github.com/fcistud/ThreatGraph.git
cd langchain
pip install -r requirements.txt
# Edit .env with your keys
ANTHROPIC_API_KEY=sk-ant-...
NVD_API_KEY=your-nvd-key
LANGSMITH_API_KEY=lsv2_pt_...
python3 ingest.py # ~60s β loads 1,854 nodes + 20,377 edges
streamlit run app.py # β http://localhost:8501| Tab | Module | Description |
|---|---|---|
| π Analyst | AI Security Analyst | Natural language queries β classified β KG traversal β Claude synthesis β remediation playbook |
| π Exposure | Exposure Dashboard | Risk scores per asset with CVSS severity bars, KEV indicators, and total org score |
| π Attack Graph | Interactive Visualization | pyvis/NetworkX graph: 161 nodes, 156 edges with legend, stats overlay, CVSS-scaled nodes |
| π₯οΈ Asset Intel | Asset Deep Dive | Per-asset profiles with software inventory, CVE tables, CVSS distribution charts |
| βοΈ ATT&CK Matrix | Kill Chain Heatmap | 14 tactic cards, top threat groups (Kimsuky: 109 techniques), attack software rankings |
| π‘οΈ Gaps | Coverage Analysis | Unmitigated ATT&CK techniques identified via reverse mitigation traversal |
| π» Code | Codebase Scanner | Dependency analysis β cross-reference with KG software β vulnerability mapping |
| π Guide | Tutorial & Glossary | Architecture overview, step-by-step tutorial, cybersecurity glossary for beginners |
Traverses assetβrunsβsoftware_versionβhas_cveβcve to discover complete attack chains. Filter by hostname.
Calculates risk: (Ξ£CVSS Γ criticality_mult) + (KEV_count Γ 20). Returns sorted assets with scores.
Finds unmitigated techniques via βmitigatesβmitigation reverse traversal. Returns top 50 gaps.
Fuzzy semantic search with keyword expansion. Queries like "privilege escalation" expand to related terms across all tables.
For a given CVE, finds all affected software versions, all assets running that software, and their criticality.
Full agent pipeline: classify β query KG β synthesize with Claude β generate playbook with Sigma rules.
Multi-model database for graph + document storage
Stateful multi-step agent orchestration
LLM synthesis and playbook generation
Dashboard with neon-on-dark cyberpunk HUD
Interactive attack graph visualization
Real-time vulnerability and exploitation data