aws-security-assistant
Be informed about the status of this staging model
Installation
ollama pull OpenNix/aws-security-assistant
Usage
# Interactive session
ollama run OpenNix/aws-security-assistant
# Analyze security log
ollama run OpenNix/aws-security-assistant "Analyze CloudTrail even: AttachUserPolicy with AdministratorAccess by root user"
# With API
curl http://localhost:11434/api/generate -d '{
"model": "OpenNix/aws-security-assistant",
"prompt": "Analyze this security event: Multiple failed login attempts detected",
"stream": false
}'
- GGUF: aws-security-complete-standalone-q4_0.gguf
- Quantization: Q4_0
- Size: 4.3 GB
AWS Security Analyst
Model Details
- Model Name: AWS Security Analyst
- Base Model: meta-llama/Llama-3.1-8B-Instruct
- License: llama3.1
- Model Type: Causal Language Model (Fine-tuned with LoRA for AWS Security)
- Architecture: 8B parameters
- Specialization: AWS Cloud Security Events Analysis
- Training Method: Supervised Fine-Tuning (SFT) with LoRA adapters
Model Description
LLaMA 3.1 8B Instruct model fine-tuned for AWS cloud security event analysis.
Analyzes events from 20+ AWS security sources including CloudTrail, GuardDuty, Security Hub, Macie, Inspector, Config, VPC Flow Logs, WAF, and more.
Key Features
- 20+ AWS Security Sources: CloudTrail, GuardDuty, SecurityHub, VPCFlow, WAF, Macie, Inspector, Config, etc.
- MITRE ATT&CK Mapping: 135 cloud techniques, 14 tactics
- Compliance Framework Support: 195 items (CIS, PCI-DSS, HIPAA, GDPR, FedRAMP, NIST)
- Attack Scenario Detection: 20 multi-step attack scenarios
- Severity Mapping: AWS native scales → Wazuh levels (0-15)
- Advanced Analysis: Threat assessment, incident response recommendations
Training Data
- Total Samples: 16448
- AWS Sources: 20 (CloudTrail, GuardDuty, SecurityHub, VPCFlow, WAF, Macie, Inspector, Config, etc.)
- Attack Scenarios: 20 multi-step scenarios
- MITRE Techniques: 135 cloud techniques
- Compliance Items: 195 (CIS 62, PCI-DSS 49, HIPAA 35, GDPR 15, FedRAMP 3, NIST 31)
Distribution:
- GuardDuty Findings: 86 types
- CloudTrail Events: 74 types
- Security Hub Findings: CIS, PCI-DSS, HIPAA compliance
- Attack Events: ~15%
Capabilities
Supported AWS Sources
- CloudTrail API calls
- GuardDuty threat findings
- Security Hub compliance findings
- VPC Flow Logs network traffic
- WAF web application attacks
- Macie data sensitivity findings
- Inspector vulnerability findings
- Config compliance events
- IAM Access Analyzer findings
- Route 53 DNS queries
- RDS database logs
- EKS Kubernetes audit logs
- CloudWatch alarms
- EventBridge events
- AWS Budgets alerts
- Threat Intelligence IOCs
Use Cases
- AWS security event triage and analysis
- GuardDuty finding interpretation
- CloudTrail event investigation
- Compliance violation detection (CIS, PCI-DSS, HIPAA, GDPR)
- MITRE ATT&CK technique mapping
- Multi-source event correlation
- Attack scenario detection
- Incident response planning
Limitations
- Trained on synthetic AWS security events
- May require validation on real-world data
- Performance depends on input quality
- Best used as assistant tool, not replacement for human analysis
Performance Metrics
Generated during training and included in model card:
- Generation Quality: 0.92
- Coherence Score: 0.94
- Response Relevance: 0.95
- Avg Generation Time: 1.2s
- Overall Score: 0.93
Acknowledgments
Built with:
- Base Model: Meta LLaMA 3.1 8B Instruct
- Framework: PyTorch, Transformers, PEFT, TRL
- Data: AWS security documentation, MITRE ATT&CK Cloud Matrix
License
This model inherits the LLaMA 3.1 Community License from the base model.
Disclaimer
This model is provided for research and educational purposes. Always validate outputs with human security expertise before taking action on security incidents.