# Taranis AI https://taranis.ai https://github.com/taranis-ai/taranis-ai <footer>© AIT - Benjamin Akhras</footer> Note: Inspired by Taranis-NG & Taranis3 --- ## Taranis AI Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis. <!-- .slide: data-transition="zoom" --> Note: Familiar Workflow for CERTs --- ## Notable Features <div class="s-list"> - Task queue via Celery for asynchronous news item processing - Modern NLP features like entity recognition and summary creation - Story clustering to reduce analyst workload - Keyword and tag dashboard visualization </div> ---- ## Notable Features <div class="s-list"> - Recognizes cybersecurity terms like APTs, CVEs, IoCs - Include/exclude lists for collection and tagging - Advanced search and filters for item management - Grouped sources for easier task application </div> --- <!-- .slide: data-background-image="static/workers.svg" data-background-size="contain" --> Note: RabbitMQ | Celery | Pipeline (bots calling bots) --- ## Natural Language Processing & AI-Assisted Analysis <div class="s-list"> - **Collection**: Gather articles from OSINT sources in raw format. - **Processing**: Each article triggers a complex NLP and AI pipeline. - **Analysis**: Makes articles easier for human analysts to digest. </div> --- ## NAMED ENTITY RECOGNITION - Locates and classifies entities - Beyond simple tagging - Enhances search precision Note: NER identifies specific entities like person names, organizations, and locations in unstructured text, going beyond basic tagging by associating each entity with a category, thus significantly enhancing the ability to search for relevant articles with precision. ---- ### NER's Advantage & Domain-Specific Concepts - Specificity and Context-aware - Topic modeling for Cybersecurity Note: NER provides specificity and context-aware analysis, distinguishing specific entities and terms within cybersecurity contexts, such as APT groups and IoCs over generic terms. Topic modeling extends this by recognizing domain-specific concepts, crucial for identifying cybersecurity threats and tailoring analysis to cybersecurity needs. ---- #### Enhancing NER - Lists and Regex - CVEs - APT - IoC Finder - Hashes - IPs - various URIs Note: Taranis AI further enhances NER with automatically generated lists for entities with stable attributes like countries and uses regular expressions for identifying specific cybersecurity markers such as CVE numbers and IoCs. The IoC Finder tool exemplifies Taranis AI's comprehensive approach to cyber threat identification and analysis. --- ## Summarization in OSINT Analysis - Streamlines analysis - Applies to news and stories - Facilitates report summaries Note: - Summarization via NLP significantly reduces analysis time, making lengthy texts manageable. - Effective for individual news, collective stories. - Improves information sharing with summaries for detailed reports, using AI for executive summaries and tailored reporting templates. --- ## TOPIC AND STORY CLUSTERING https://github.com/taranis-ai/story-clustering <div class="s-list"> - Reduces redundancy from multiple sources - Identifies stories on the same topic with varied titles and styles - Cuts article review volume by ~40-50% - Visualizes topic trends over time </div> Note: - Multiple sources often report the same events in similar ways, increasing analyst workload. - Taranis AI's story clustering recognizes these as a single story, despite differences, summarizing the main points and relevant publication dates. - This approach significantly reduces the articles an analyst must review and provides insights into publishing trends, aiding in efficient analysis. ---- <!-- .slide: data-background-image="static/cluster.png" data-background-size="contain" --> --- ## Future Directions - AI-assisted report templating - Learning from past reports - Enhanced classification management - Dynamic label assignment - Improved NLP & AI capabilities Note: The development of AI to map data to predefined report templates is underway, enhancing the customization of reports to meet specific needs. Additionally, leveraging recommender systems to suggest article inclusions based on past preferences represents a future direction for Taranis AI, aiming to further refine report relevance and content quality. Dynamically assign classification labels and enhancing NLP and AI-assisted features like keyword extraction, summary, and story clustering for better performance and quality. --- ## Demo <!-- .slide: data-background-image="static/screenshot.png" data-background-size="contain" -->