Response AI Documentation-V6

????? ??????? ?????? ?????????

DarkSpace Software & Security

? 2024 DarkSpace Software & Security. All rights reserved.

Author: Michael James Blenkinsop

Email: [email protected]

Phone: +447710669684

Website: darkspacesoftwareandsecurity.com

Introduction

Response AI is an advanced, AI-driven incident response tool designed to effectively monitor, block, and analyze unauthorized network activities. The system integrates various monitoring and response functionalities, such as Intrusion Detection System (IDS), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR) capabilities. Response AI provides a comprehensive solution for real-time threat detection, forensic analysis, and reporting, including features such as packet capture, image capture, and graphical visualization.

All the data gathered and generated by Response AI is organized automatically into folders, providing structured and easy access to forensic evidence. This makes it an ideal tool for cybersecurity professionals needing a unified response system.

Features Overview

• Dynamic Mode Switching (IDS, EDR, XDR): Easily switch between three modes - IDS, EDR, and XDR. Each mode provides distinct capabilities for monitoring, endpoint detection, and extended threat detection.
• Network Monitoring & Blocking: Monitor network traffic in real-time, identify and block suspicious IP addresses, and log activities for later forensic analysis.
• Packet Capture (PCAP): Capture network packets to analyze traffic for suspicious activities. Automatically saves the captured packets in .pcap format for detailed inspection.
• Attacker Image Capture: Uses the attacker's webcam (if accessible) to capture an image for forensic purposes, securely stored for use in reports.
• Generate Forensic Reports: Creates comprehensive forensic reports in DOCX and XLS formats, including attack data, packet captures, and captured images.
• Graphical Representation of Attack Patterns: Visualizes attack data using bar charts to better understand the frequency and origin of attacks.
• Console-Based User Interface: Interactive menu-based system where the user is addressed as 'Commander', and can easily navigate through options.
• Auto Folder Creation and Organization: Automatically creates folders (reports, logs, pcap) in the directory where the script is run, organizing generated data efficiently.

System Requirements

Operating System: Windows, Linux, or macOS. Python Version: Python 3.8 or later. Required Packages: opencv-python, python-docx, openpyxl, matplotlib, pyshark.

Installation and Setup

1. Download and Extract: - Download the response_ai.py file and any associated requirements. 2. Install Dependencies: - Run the script, which will automatically install all required dependencies using pip. 3. Directory Setup: - The script will create the following directories in the same location it is executed: - reports: For storing DOCX and XLS forensic reports. - logs: For storing network logs. - pcap: For storing captured packet files.

How to Use Response AI

• Step 1: Running the Script Navigate to the folder where response_ai.py is saved and run the script using the terminal: python response_ai.py
• Step 2: Interaction and Commands You will be greeted as Commander and provided with options for interaction. You can use the following commands: - 'show options': Displays a list of available actions. - 'clear' or 'cls': Clears the console screen and displays the menu again.
• Available Menu Options: 1. Switch Modes (IDS/EDR/XDR): Choose between three different monitoring modes. 2. Start Network Monitoring: Initiate real-time network monitoring and blocking of suspicious IP addresses. 3. Start Packet Capture: Capture live network packets. 4. Capture Attacker Image: Use the webcam to capture an image from the attacker's device. 5. Generate Forensic Report: Compile all attack-related data into comprehensive reports in DOCX and XLS formats. 6. View Attack Patterns (Demo): View a graphical representation of attack data. 7. Exit: Exit the program at any point.

Automated Folder Management

The script automatically generates folders (reports, logs, pcap) in the current directory. All output data will be saved in these folders for easy access and management.

Features in Detail

• Dynamic Mode Switching: Easily switch between IDS, EDR, and XDR modes to customize the monitoring experience.
• Real-Time Network Monitoring: Listens for suspicious IP addresses, blocking flagged IPs and logging the information for further analysis.
• Packet Capture for Forensic Analysis: Captures network traffic in .pcap format for detailed inspection.
• Capture Image from Attacker’s Camera: Attempts to access the attacker's webcam to gather visual evidence.
• Comprehensive Forensic Reports: Generates DOCX and XLS reports, including packet data, images, and attack information.
• Graphical Analysis of Attack Patterns: Visualizes attacks using bar charts to easily assess and identify suspicious activity.
• Interactive Console-Based User Interface: Engages the user by referring to them as 'Commander' and prompting for next actions.

Legal Disclaimer

Response AI is intended strictly for legitimate security purposes, including conducting incident response and forensic analysis within an environment where the user has proper authorization. The user must adhere to all relevant privacy laws and regulations when employing Response AI, particularly regarding accessing devices and capturing images.

Licensing and Copyright Information

Response AI is copyrighted by DarkSpace Software & Security. All rights are reserved. Unauthorized distribution, modification, or use for commercial purposes without explicit permission is strictly prohibited. ? 2024 DarkSpace Software & Security. All rights are reserved. Author: Michael James Blenkinsop Email: [email protected] Phone: +447710669684