Welcome to TI MINDMAP GPT, an AI-powered tool designed to help produce Threat Intelligence Mindmaps.
Introducing TI Mindmap Navigating through lengthy blog posts, threat intelligence articles, or write-ups can be daunting, especially for cyber threat intelligence teams aiming to extract key insights efficiently. Enter TI Mindmap, a tool accessible through the Streamlit app platform. This service harnesses the power of OpenAI, Azure OpenAI, and MistralAI to transform cumbersome content from URLs, uploaded PDFs, or direct text input into concise, actionable summaries. But it doesn't stop there. Utilizing sophisticated algorithms, TI Mindmap goes beyond mere text reduction, providing users with insightful encapsulations of crucial points and themes.
TI Mindmap is a tool developed using Large Language Models (LLMs). It's designed to assist cyber threat intelligence teams in quickly synthesizing and visualizing key information from various Threat Intelligence sources.
The app operates on a 'Bring Your Own (LLM) Key' model, allowing users to leverage their own Large Language Models keys for personalized and efficient information processing.
This tool aims to streamline the data analysis process, enabling teams to focus more on strategic decision-making and less on the cumbersome task of data mining.
Streamlit App (BYOK - Bring Your Own Key): Launch App
TI Mindmap HUB - A fully hosted, advanced threat intelligence platform with automated OSINT processing, real-time analysis, and enterprise features:
- 100% GenAI-Automated processing of threat intelligence reports
- 24/7 Real-Time monitoring and analysis from curated OSINT sources
- STIX 2.1 Export for seamless integration with SIEMs, SOARs, and Threat Intelligence Platforms (TIPs)
- Weekly Intelligence Briefing with multi-agent AI system analyzing trends, top TTPs, and targeted sectors
- IOC Search Engine - Fast lookup across all processed reports for IP addresses, domains, file hashes, and other indicators
- Article Submissions for community-driven intelligence enrichment
- Platform Statistics - Real-time analytics dashboard with processing metrics and threat trends
- Coming Soon: MCP Server integration, Knowledge Graph visualization, PDF report generation, and Knowledge Base GenAI Chat
Perfect for security teams looking for automated, continuous threat intelligence processing without managing infrastructure or API keys. Accelerates workflows for Threat Analysts, SOC Teams, Incident Responders, and Security Leadership.
Learn more about TI Mindmap HUB →
If you find TI MINDMAP useful, please consider starring the repository on GitHub.
- Multiple Input Sources: Analyze content from URLs, uploaded PDF files, or direct text input.
- LLM Supported: OpenAI, Azure OpenAI, MistralAI.
- Comprehensive Summarization: AI-generated summaries in markdown format.
- Versatile Mindmapping:
- Generate mind maps using Mermaid.js or MarkMap.
- Special "Tweet Mindmap" for concise social media sharing.
- Actionable Intelligence Extraction:
- IOCs Extraction: Identify Indicators of Compromise with VirusTotal enrichment.
- TTPs Analysis:
- Extract adversary Tactics, Techniques, and Procedures (TTPs) into an overview table.
- List TTPs ordered by perceived execution time with improved formatting.
- Visualize TTPs with a graphic timeline (Mermaid.js).
- Threat Scope Report: Generate a "5 Whats" report, presented as a table, to understand threat scope.
- Interactive Visualizations:
- Embedded MITRE ATT&CK® Navigator layer generation and visualization.
- Mermaid.live editor integration for mind maps and timelines.
- AI-Powered Chat: Engage in a conversation with your Threat Intelligence article/data (based on the processed text, which may be truncated for very long inputs).
- Detailed PDF Reporting:
- Export comprehensive PDF reports of your analysis.
- Includes: Source information (URL, PDF name, or "Pasted Text"), website screenshot (for URLs), AI summary, main mind map, IOCs table, TTPs overview table, TTPs by execution time, TTPs graphic timeline, and 5 Whats report table.
- Option for portrait or landscape orientation.
- Content Management & Handling:
- Flexible Input: Accepts content via URL scraping, PDF file uploads (text extraction via PyPDF2), and direct text pasting.
- Enhanced Web Scraping: Improved HTTP headers and User-Agent rotation to minimize 403 errors and bypass basic bot detection on threat intelligence blogs.
- Original Content Access: View and download the full, original input content in a dedicated tab, even if a shortened version was used for AI processing due to length.
- Large Input Management: For very long inputs, the application processes a significant portion of the text for AI analysis to manage performance and token limits, while still providing access to the full original text.
- Screenshot Capture: For URL analysis, capture a screenshot of the source webpage.
- STIX 2.1 Reporting: Generate STIX 2.1 bundles (SDOs, SCOs, SROs) with visualization (beta). (The dedicated project GenAI-STIX2.1-Generator has been merged.)
- Enhanced Browser Simulation: Updated User-Agent to modern Chrome version (120.0.0.0) with comprehensive HTTP headers including
Accept,Accept-Language,Accept-Encoding, and security-focused headers (Sec-Fetch-*,DNT) - Improved Success Rate: Better handling of websites with bot protection mechanisms, reducing 403 Forbidden errors
- Human-Like Behavior: Added 1-second delay before requests and automatic redirect following to mimic natural browsing patterns
- Better Error Handling: Specific error messages for different HTTP status codes, making troubleshooting easier
- PDF Text Extraction: Currently, PDF text extraction is performed using PyPDF2. This method does not support Optical Character Recognition (OCR), so text cannot be extracted from image-based PDFs or scanned documents. The quality of extracted text can also vary depending on the PDF's structure.
- Web Scraping Limitations: While the improved scraping functionality handles most threat intelligence blogs effectively, some websites with advanced anti-bot protection (e.g., Cloudflare, aggressive WAFs) may still block automated access. For such cases, manual copy-paste or PDF upload is recommended.
- Streamlit
st.download_buttonBehavior: In some Streamlit versions (e.g., 1.35 and potentially others), clicking thest.download_button(used for PDF report downloads) can trigger a full app rerun. This might lead to the loss of previously generated on-screen output if the app's state isn't fully preserved and reloaded. While Streamlit has been working on improving such behaviors, it's advisable to test this with your current Streamlit version. The generated PDF itself should download correctly. - Large Language Model (LLM) Context Windows: While the app attempts to manage very long inputs by processing a truncated version for AI analysis, the effectiveness of analysis on extremely large documents depends on the context window and capabilities of the selected LLM and its specific model (e.g., GPT-4 series, Mistral Large).
- Introducing TI Mindmap GPT
- Enhancing Cyber Threat Intelligence with TI Mindmap GPT: Integration of Azure OpenAI and advanced features
- What's new in TI Mindmap | Feb 2024
- What's new in TI Mindmap | Mar 2024
- What's new in TI Mindmap | April 2024
- What's new in TI Mindmap | May 2024
- What's new in TI Mindmap | Sep 2024
The project is open to external contributions. Pull requests are welcome. Here's how you can help:
- Testing and Feedback: Try the tool with various input types (URLs, PDFs, pasted text) and share your insights to improve its performance and usability.
- Improving Prompts: Help refine the AI prompts for better extraction and accuracy of unstructured cyber threat intelligence data.
- Extending Functionality: Build additional features, or improve existing workflows (e.g., enhancing PDF text extraction with OCR, supporting more input formats, advanced handling of very large documents, implementing advanced web scraping with browser automation for heavily protected sites).
- Open Discussions: Join the conversation to explore innovative use cases and share your ideas.
Your contributions will help make this project more robust and impactful. Thank you for your support!