In [None]:
# Cell 1: Setup
import sys
sys.path.append('../src')

import pandas as pd
import numpy as np
import matplotlib.pyplot as plt

from src.unified_platform.platform import UnifiedThreatPlatform
from src.utils.data_loader import create_sample_email_data

%matplotlib inline
print("‚úÖ Setup complete!")

In [None]:
# Cell 2: Initialize Platform
platform = UnifiedThreatPlatform()

# Prepare data
emails_df = create_sample_email_data()
labels = emails_df['label'].tolist()

sample_logs = [
    {'ip': '203.0.113.45', 'timestamp': '20/Sep/2025:14:01:01 +0200', 
     'method': 'POST', 'path': '/admin/login', 'status': '401', 
     'user_agent': 'Python-urllib/3.6'},
    {'ip': '192.168.1.100', 'timestamp': '20/Sep/2025:13:55:36 +0200',
     'method': 'GET', 'path': '/', 'status': '200',
     'user_agent': 'Mozilla/5.0'}
]

logs_df = pd.DataFrame(sample_logs)

# Initialize
print("üöÄ Initializing Unified Threat Detection Platform...")
platform.initialize(
    email_data=(emails_df, labels),
    web_logs=logs_df
)

In [None]:
# Cell 3: Test Unified Analysis - Scenario 1
print("\n" + "="*60)
print("üìã SCENARIO 1: Coordinated Phishing Attack")
print("="*60)

email_data = {
    'body': '''URGENT: Your PayPal account will be suspended!
    
Click here to verify: http://paypal-fake.tk/verify
Provide your password and SSN immediately!''',
    'sender': 'security@paypal-scam.com',
    'subject': 'Account Suspension Warning'
}

web_logs = [
    {'ip': '203.0.113.45', 'timestamp': '20/Sep/2025:14:30:01 +0200',
     'method': 'POST', 'path': '/admin/login', 'status': '401',
     'user_agent': 'Python-urllib/3.6'},
    {'ip': '203.0.113.45', 'timestamp': '20/Sep/2025:14:30:02 +0200',
     'method': 'POST', 'path': '/admin/login', 'status': '401',
     'user_agent': 'Python-urllib/3.6'}
]

results = platform.analyze_unified_threat(
    email_data=email_data,
    web_logs=web_logs,
    ip_address='203.0.113.45'
)

print(f"\nüéØ ANALYSIS RESULTS:")
print(f"üìä Unified Risk Score: {results['unified_risk_score']}/100")
print(f"‚ö†Ô∏è  Threat Level: {results['threat_level']}")

if results['email_analysis']:
    print(f"\nüìß Email Analysis:")
    print(f"  Prediction: {results['email_analysis']['prediction']}")
    print(f"  Confidence: {results['email_analysis']['confidence']:.1f}%")

if results['web_analysis']:
    print(f"\nüåê Web Analysis:")
    print(f"  Risk Level: {results['web_analysis']['risk_level']}")
    print(f"  Attack Patterns: {len(results['web_analysis']['attack_patterns'])}")

if results['correlation_analysis']:
    print(f"\nüîó Correlation Analysis:")
    print(f"  Indicators Found: {len(results['correlation_analysis']['indicators'])}")
    for indicator in results['correlation_analysis']['indicators']:
        print(f"    ‚Ä¢ {indicator['type']}: {indicator['description']}")


In [None]:
# Cell 4: Test Unified Analysis - Scenario 2
print("\n" + "="*60)
print("üìã SCENARIO 2: Normal Traffic")
print("="*60)

email_data = {
    'body': 'Hi team, please find attached the meeting notes from yesterday.',
    'sender': 'colleague@company.com',
    'subject': 'Meeting Notes'
}

web_logs = [
    {'ip': '192.168.1.100', 'timestamp': '20/Sep/2025:15:00:00 +0200',
     'method': 'GET', 'path': '/dashboard', 'status': '200',
     'user_agent': 'Mozilla/5.0'}
]

results2 = platform.analyze_unified_threat(
    email_data=email_data,
    web_logs=web_logs,
    ip_address='192.168.1.100'
)

print(f"\nüéØ ANALYSIS RESULTS:")
print(f"üìä Unified Risk Score: {results2['unified_risk_score']}/100")
print(f"‚ö†Ô∏è  Threat Level: {results2['threat_level']}")


In [None]:
# Cell 5: Compare Results
print("\n" + "="*60)
print("üìä COMPARISON")
print("="*60)

comparison_df = pd.DataFrame({
    'Scenario': ['Coordinated Attack', 'Normal Traffic'],
    'Risk Score': [results['unified_risk_score'], results2['unified_risk_score']],
    'Threat Level': [results['threat_level'], results2['threat_level']]
})

print(comparison_df.to_string(index=False))

# Visualize
plt.figure(figsize=(10, 5))
plt.bar(comparison_df['Scenario'], comparison_df['Risk Score'], 
        color=['red', 'green'], alpha=0.7)
plt.ylabel('Risk Score')
plt.title('Unified Risk Score Comparison')
plt.ylim(0, 100)
plt.axhline(y=80, color='r', linestyle='--', label='Critical Threshold')
plt.axhline(y=60, color='orange', linestyle='--', label='High Threshold')
plt.axhline(y=40, color='yellow', linestyle='--', label='Medium Threshold')
plt.legend()
plt.tight_layout()
plt.show()

In [None]:
# Cell 6: Generate Report
from src.unified_platform.reporting import ReportGenerator

report_gen = ReportGenerator()

text_report = report_gen.generate_text_report(results)
print("\n" + "="*60)
print("üìÑ GENERATED REPORT")
print("="*60)
print(text_report)

# Save report
import os
os.makedirs('../reports', exist_ok=True)

report_path = '../reports/unified_threat_report.txt'
report_gen.save_report(text_report, report_path)

# Cell 7: Summary
print("\n" + "="*60)
print("‚úÖ UNIFIED ANALYSIS COMPLETE!")
print("="*60)

print("\nüéØ Platform Capabilities Demonstrated:")
print("  ‚úÖ Email phishing detection")
print("  ‚úÖ Web traffic anomaly detection")
print("  ‚úÖ Cross-platform correlation")
print("  ‚úÖ Unified risk scoring")
print("  ‚úÖ Automated reporting")

print("\nüìä Results:")
print(f"  ‚Ä¢ Detected {len(results['correlation_analysis']['indicators'])} correlation indicators")
print(f"  ‚Ä¢ Generated comprehensive threat report")
print(f"  ‚Ä¢ Platform ready for production use")

print("\nüéâ Project Complete!")
print("Next steps: Deploy dashboard, integrate real datasets, expand features")
