In [15]:
#log cell code 1
import os
from typing import List, Tuple
from langchain_openai import ChatOpenAI, OpenAIEmbeddings
from langchain_neo4j.vectorstores.neo4j_vector import Neo4jVector
from langchain_neo4j.vectorstores.neo4j_vector import remove_lucene_chars
from langchain_neo4j import Neo4jGraph
from pydantic import BaseModel, Field
from langchain_core.prompts import ChatPromptTemplate, PromptTemplate
from langchain_core.messages import HumanMessage, AIMessage
from langchain_core.runnables import RunnablePassthrough, RunnableLambda, RunnableBranch, RunnableParallel
from langchain_core.output_parsers.string import StrOutputParser
from langchain_huggingface import HuggingFaceEmbeddings

In [16]:
#log cell code 2
OPENAI_API_KEY = os.environ.get("OPENAI_API_KEY")
neo4j_uri = os.environ.get("NEO4J_AURA")
neo4j_username = os.environ.get("NEO4J_AURA_USERNAME")
neo4j_password = os.environ.get("NEO4J_AURA_PASSWORD")
neo4j_database = os.environ.get("NEO4J_AURA_DATABASE")

print(neo4j_database, neo4j_uri, neo4j_username, neo4j_password, neo4j_database)

neo4j neo4j+s://79145028.databases.neo4j.io neo4j ujlntHOo0EriMmGelWeqh7FaVpr4craydlioxDdxtTk neo4j


In [17]:
#log cell code 3
graph = Neo4jGraph(
    url=neo4j_uri,
    username=neo4j_username,
    password=neo4j_password,
    database=neo4j_database
)
llm = ChatOpenAI(temperature=0, model_name="gpt-4o")

VECTOR_INDEX_NAME = "vector"
KEYWORD_INDEX_NAME = "keyword"

model_name = "sentence-transformers/all-MiniLM-L6-v2"

embeddings = HuggingFaceEmbeddings(model_name=model_name)

  from .autonotebook import tqdm as notebook_tqdm
To support symlinks on Windows, you either need to activate Developer Mode or to run Python as an administrator. In order to activate developer mode, see this article: https://docs.microsoft.com/en-us/windows/apps/get-started/enable-your-device-for-development
Xet Storage is enabled for this repo, but the 'hf_xet' package is not installed. Falling back to regular HTTP download. For better performance, install the package with: `pip install huggingface_hub[hf_xet]` or `pip install hf_xet`


In [9]:
#log cell code 4
vector_index = Neo4jVector.from_existing_index(
    OpenAIEmbeddings(),
    url=neo4j_uri,
    username=neo4j_username,
    password=neo4j_password,
    index_name=VECTOR_INDEX_NAME,
    keyword_index_name=KEYWORD_INDEX_NAME,
    search_type="hybrid"
)

ValueError: The provided embedding function and vector index dimensions do not match.
Embedding function dimension: 1536
Vector index dimension: 384

In [None]:
query_text = "Cari user yang gagal melakukan autentikasi"
results = vector_index.similarity_search(
    query_text, 
    k=5
)

In [None]:
#log cell code 5
class Entities(BaseModel):
    """Identifying information about resources."""

    names: List[str] = Field(
        ...,
        description="All the tactics, techniques, or software entities that "
        "appear in the text",
    )
    
entity_prompt = ChatPromptTemplate.from_messages(
    [
        (
            "system",
            "You are extracting user names, host names, or process names from the text.",
        ),
        (
            "human",
            "Use the given format to extract information from the following "
            "input: {question}",
        ),
    ]
)

entity_chain = entity_prompt | llm.with_structured_output(Entities) #Pokoknya buat entity extraction

In [26]:
#log cell code 6
def generate_full_text_query(input: str) -> str:
    """
    Generate a full-text search query for a given input string.

    This function constructs a query string suitable for a full-text search.
    It processes the input string by splitting it into words and appending a
    similarity threshold (~2 changed characters) to each word, then combines
    them using the AND operator. Useful for mapping entities from user questions
    to database values, and allows for some misspelings.
    """
    full_text_query = ""
    words = [el for el in remove_lucene_chars(input).split() if el]
    for word in words[:-1]:
        full_text_query += f" {word}~2 AND"
    full_text_query += f" {words[-1]}~2"
    return full_text_query.strip()


def structured_retriever(question: str) -> str:
    """
    Collects the neighborhood of resources mentioned
    in the question
    """
    result = ""
    entities = entity_chain.invoke({"question": question})

    print(f"\n--- Extracted Entities: {entities.names} ---")

    for entity in entities.names:
        response = graph.query(
            """
            MATCH (user:ns0__User)
            WHERE toLower(user.`ns0__user.name`) CONTAINS toLower($entity)
            MATCH (user)<-[:ns0__hasUser]-(event:ns0__Event)
            RETURN "User '" + user.`ns0__user.name` + "' performed action '" + event.ns0__msg + 
                   "' with process '" + event.ns0__pname + "' (PID: " + event.ns0__pid + ") at time " + event.ns0__time AS output
            LIMIT 10
            """,
            {"entity": entity},
        )
        result += "\n".join([el['output'] for el in response])
    return result

In [None]:
#log cell code 7
def hybrid_retriever(question: str):
    """Combines structured and unstructured data retrieval based on the question."""
    print(f"Search query: {question}")
    structured_data = structured_retriever(question)

    print("\n--- Structured Data Retrieved ---")
    print(structured_data)
    print("---------------------------------\n")

    unstructured_data = [
        el.page_content for el in vector_index.similarity_search(question)]

    print("\n--- Unstructured Data Retrieved ---")
    print(unstructured_data)
    print("-----------------------------------\n")

    final_data = f"""Structured data:
    {structured_data}
    Unstructured data:
    {"#Resource ". join(unstructured_data)}
    """
    return final_data

In [None]:
#log cell code 8
_template = """Given the following conversation and a follow up question, rephrase the follow up question to be a standalone question,
in its original language.
Chat History:
{chat_history}
Follow Up Input: {question}
Standalone question:"""  
CONDENSE_QUESTION_PROMPT = PromptTemplate.from_template(_template)

In [None]:
#log cell code 9
def _format_chat_history(chat_history: List[Tuple[str, str]]) -> List:
    buffer = []
    for human, ai in chat_history:
        buffer.append(HumanMessage(content=human))
        buffer.append(AIMessage(content=ai))
    return buffer

In [None]:
#log cell code 10
_search_query = RunnableBranch(
    # If input includes chat_history, we condense it with the follow-up question
    (
        RunnableLambda(lambda x: bool(x.get("chat_history"))).with_config(
            run_name="HasChatHistoryCheck"
        ),  # Condense follow-up question and chat into a standalone_question
        RunnablePassthrough.assign(
            chat_history=lambda x: _format_chat_history(x["chat_history"])
        )
        | CONDENSE_QUESTION_PROMPT
        | ChatOpenAI(temperature=0)
        | StrOutputParser(),
    ),
    # Else, we have no chat history, so just pass through the question
    RunnableLambda(lambda x : x["question"]),
)

In [None]:
#log cell code 11
template = """Answer the question based only on the following context:
{context}

Question: {question}
Use natural language and be concise.
Answer:"""
prompt = ChatPromptTemplate.from_template(template)

In [None]:
#log cell code 12
final_chain = (
    RunnableParallel(
        {
            "context": _search_query | hybrid_retriever,
            "question": RunnablePassthrough(),
        }
    )
    | prompt
    | llm
    | StrOutputParser()
)

In [27]:
#log cell code 13
def query_agent(question: str) :
    """
    Query the graph and vector index using a hybrid approach.
    """
    return final_chain.invoke({"question": question})

In [28]:
#log cell code 14
query1 = "Who is daryl, and what does he do in system?"

In [30]:
#log cell code 15
response1 = query_agent(query1)
print("Answer:\n")
print(response1)

Search query: Who is daryl, and what does he do in system?

--- Extracted Entities: ['daryl'] ---

--- Structured Data Retrieved ---
User 'daryl' performed action 'pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daryl rhost=127.0.0.1  user=daryl' with process 'auth' (PID: ) at time 2021-03-05T07:28:23
User 'daryl' performed action 'pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daryl rhost=127.0.0.1  user=daryl' with process 'auth' (PID: ) at time 2021-03-05T07:26:39
User 'daryl' performed action 'pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daryl rhost=127.0.0.1  user=daryl' with process 'auth' (PID: ) at time 2021-03-05T07:27:44
User 'daryl' performed action 'pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daryl rhost=127.0.0.1  user=daryl' with process 'auth' (PID: ) at time 2021-03-05T07:29:28
User 'daryl' performed acti