# Enterprise Risk Assessment System - Interactive Demo

**Production Multi-Agent AI System for Automated Cybersecurity Risk Assessment**

This notebook demonstrates the complete capabilities of the system across Weeks 1-12:

- **Week 6:** Multi-agent orchestration (ServiceNow, Vulnerability, Threat, Risk Scoring, Report)
- **Week 7:** Advanced RAG pipeline and Document Intelligence
- **Week 9:** Control discovery and gap analysis
- **Week 10:** Tree of Thought (ToT) risk scoring
- **Week 11:** Markov Chain threat modeling
- **Week 12:** AWS deployment architecture

---

## Table of Contents
1. [Setup & Configuration](#setup)
2. [Week 6: Core Multi-Agent System](#week6)
3. [Week 7: RAG & Document Intelligence](#week7)
4. [Week 9: Control Discovery & Gap Analysis](#week9)
5. [Week 10: Tree of Thought Risk Scoring](#week10)
6. [Week 11: Markov Chain Threat Modeling](#week11)
7. [Visualizations & Insights](#visualizations)
8. [Complete Workflow Demo](#workflow)

<a id='setup'></a>
## 1. Setup & Configuration

First, let's install dependencies and configure the environment.

In [None]:
# Install required packages (uncomment if needed)
# !pip install -r ../requirements.txt

import sys
import os
from pathlib import Path

# Add project root to path
project_root = Path.cwd().parent
sys.path.insert(0, str(project_root))

# Load environment variables
from dotenv import load_dotenv
load_dotenv(project_root / '.env')

# Verify key environment variables
required_vars = ['ANTHROPIC_API_KEY', 'SERVICENOW_INSTANCE']
missing = [v for v in required_vars if not os.getenv(v)]
if missing:
    print(f"‚ö†Ô∏è  Missing environment variables: {missing}")
    print("Please configure .env file with required API keys")
else:
    print("‚úÖ Environment configured successfully")

In [None]:
# Import visualization libraries
import matplotlib.pyplot as plt
import seaborn as sns
import pandas as pd
import numpy as np
from datetime import datetime, timedelta
import warnings
warnings.filterwarnings('ignore')

# Configure matplotlib for notebook
%matplotlib inline
plt.style.use('seaborn-v0_8-darkgrid')
sns.set_palette("husl")

print("‚úÖ Visualization libraries loaded")

<a id='week6'></a>
## 2. Week 6: Core Multi-Agent System

Demonstrates the 6 core agents:
1. ServiceNow Agent - Query incidents and assets
2. Vulnerability Agent - Analyze CVEs with NVD, VirusTotal, CISA KEV
3. Threat Agent - MITRE ATT&CK and AlienVault OTX intelligence
4. Risk Scoring Agent - FAIR-based 5√ó5 matrix
5. Report Agent - Professional DOCX generation
6. Document Agent - RAG-based policy/procedure queries

### 2.1 ServiceNow Agent - Query Incidents

In [None]:
from src.agents.servicenow_agent import ServiceNowAgent

# Initialize agent
snow_agent = ServiceNowAgent()

# Query high-priority incidents
incidents = snow_agent.get_incidents_for_analysis(
    priority="1",
    limit=5
)

print(f"Found {len(incidents)} high-priority incidents:")
for inc in incidents:
    print(f"  ‚Ä¢ {inc.number}: {inc.short_description} (Priority {inc.priority})")

### 2.2 Vulnerability Agent - CVE Analysis

In [None]:
from src.agents.vulnerability_agent import VulnerabilityAgent

vuln_agent = VulnerabilityAgent()

# Analyze critical CVEs
cve_ids = ["CVE-2024-3400", "CVE-2024-21762"]
analyses = vuln_agent.analyze_cves(cve_ids)

for analysis in analyses:
    cve = analysis.cve_detail
    exp = analysis.exploitation_status
    
    print(f"\n{'='*70}")
    print(f"CVE: {cve.cve_id}")
    print(f"CVSS: {cve.cvss_score} ({cve.cvss_severity})")
    print(f"Priority Score: {analysis.priority_score}/100")
    print(f"CISA KEV: {'YES ‚ö†Ô∏è' if exp.in_cisa_kev else 'No'}")
    print(f"VirusTotal Detections: {exp.vt_detections}")
    print(f"\nDescription: {cve.description[:200]}...")

### 2.3 Threat Agent - MITRE ATT&CK Mapping

In [None]:
from src.agents.threat_agent import ThreatAgent

threat_agent = ThreatAgent()

# Analyze threat landscape for CVE-2024-3400 (Palo Alto PAN-OS)
threat_intel = threat_agent.analyze_cve_threat(
    cve_id="CVE-2024-3400",
    vulnerability_type="OS command injection"
)

print(f"Threat Intelligence for CVE-2024-3400:")
print(f"\nMapped MITRE ATT&CK Techniques ({len(threat_intel.techniques)}):")
for tech in threat_intel.techniques[:5]:
    print(f"  ‚Ä¢ {tech.technique_id}: {tech.name}")

print(f"\nIndicators of Compromise ({len(threat_intel.iocs)}):")
for ioc in threat_intel.iocs[:3]:
    print(f"  ‚Ä¢ {ioc.type}: {ioc.value}")

print(f"\nThreat Narrative:\n{threat_intel.narrative[:300]}...")

### 2.4 Risk Scoring Agent - FAIR 5√ó5 Matrix

In [None]:
from src.agents.risk_scoring_agent import RiskScoringAgent

risk_agent = RiskScoringAgent()

# Calculate risk for CVE-2024-3400 on production firewall
risk_rating = risk_agent.calculate_risk(
    cve_id="CVE-2024-3400",
    asset_name="firewall-prod-01",
    cvss_score=10.0,
    in_cisa_kev=True,
    asset_criticality=5,
    data_sensitivity=5,
    business_impact=5,
    compliance_impact=4
)

print(f"\nRisk Assessment Results:")
print(f"{'='*70}")
print(f"Asset: {risk_rating.asset_name}")
print(f"CVE: {risk_rating.cve_id}")
print(f"\nLikelihood: {risk_rating.likelihood}/5")
print(f"Impact: {risk_rating.impact}/5")
print(f"\nRisk Score: {risk_rating.score}/25")
print(f"Risk Level: {risk_rating.level} {'üî¥' if risk_rating.level == 'Critical' else 'üü°'}")
print(f"\nJustification:\n{risk_rating.justification}")

<a id='week7'></a>
## 3. Week 7: RAG & Document Intelligence

Demonstrates advanced RAG pipeline and document processing capabilities:
- Semantic chunking (5 strategies)
- Hybrid retrieval (BM25 + semantic)
- Query optimization
- OCR processing
- Table extraction
- Document classification
- Entity extraction

### 3.1 Semantic Chunking Strategies

In [None]:
from src.tools.semantic_chunker import SemanticChunker

# Sample policy document
sample_policy = """
Access Control Policy v2.1

1. Purpose
This policy establishes requirements for managing user access to information systems.

2. Scope
Applies to all employees, contractors, and third-party users accessing company systems.

3. Authentication Requirements
3.1 Multi-Factor Authentication (MFA)
All users must enable MFA for access to production systems. MFA must use at least two 
of the following factors: something you know (password), something you have (token), 
something you are (biometric).

3.2 Password Requirements
Passwords must be at least 12 characters, including uppercase, lowercase, numbers, 
and special characters. Passwords expire every 90 days.

4. Authorization
Access is granted based on principle of least privilege. Managers must review user 
access quarterly and certify appropriateness.
"""

chunker = SemanticChunker()

# Compare chunking strategies
strategies = ['fixed', 'sentence', 'paragraph', 'semantic']
results = {}

for strategy in strategies:
    chunks = chunker.chunk_text(sample_policy, strategy=strategy, chunk_size=200)
    results[strategy] = chunks
    print(f"\n{strategy.upper()} Strategy: {len(chunks)} chunks")
    print(f"Sample chunk: {chunks[0]['text'][:100]}...")

# Visualize chunk sizes
fig, ax = plt.subplots(figsize=(10, 6))
for strategy, chunks in results.items():
    sizes = [len(c['text']) for c in chunks]
    ax.plot(sizes, marker='o', label=strategy)

ax.set_xlabel('Chunk Index')
ax.set_ylabel('Chunk Size (characters)')
ax.set_title('Chunking Strategy Comparison')
ax.legend()
ax.grid(True, alpha=0.3)
plt.tight_layout()
plt.show()

### 3.2 Hybrid Retrieval (BM25 + Semantic)

In [None]:
from src.tools.hybrid_retriever import HybridRetriever

# Initialize retriever and add document chunks
retriever = HybridRetriever()
semantic_chunks = results['semantic']
retriever.add_documents(semantic_chunks)

# Test queries
queries = [
    "What are the MFA requirements?",
    "How often should passwords be changed?",
    "Who needs to review user access?"
]

print("Hybrid Retrieval Results (0.9 semantic + 0.1 BM25):\n")
for query in queries:
    results = retriever.retrieve(
        query=query,
        top_k=2,
        semantic_weight=0.9,
        keyword_weight=0.1
    )
    
    print(f"Query: '{query}'")
    print(f"Top result (score: {results[0]['score']:.3f}):")
    print(f"  {results[0]['text'][:150]}...\n")

### 3.3 Query Optimization

In [None]:
from src.tools.query_optimizer import QueryOptimizer

optimizer = QueryOptimizer()

# Original query
original = "authentication controls"

# Expand query with synonyms
expanded = optimizer.expand_query(original)
print(f"Original: {original}")
print(f"Expanded: {expanded}")

# Rewrite query for better retrieval
rewritten = optimizer.rewrite_query(
    original,
    "You are searching a cybersecurity policy database"
)
print(f"\nRewritten: {rewritten}")

# Generate hypothetical document (HyDE)
hyde = optimizer.generate_hypothetical_document(original)
print(f"\nHyDE (Hypothetical Document):")
print(f"{hyde[:200]}...")

### 3.4 Document Classification & Entity Extraction

In [None]:
from src.tools.document_classifier import DocumentClassifier
from src.tools.entity_extractor import EntityExtractor

# Classify document type
classifier = DocumentClassifier()
classifier.train([{
    'text': sample_policy,
    'category': 'policy_document'
}])
doc_type = classifier.classify(sample_policy)
print(f"Document Type: {doc_type}")

# Extract entities
extractor = EntityExtractor()

# Sample text with entities
entity_text = """
Critical vulnerability CVE-2024-3400 affects asset firewall-prod-01.
NIST control AC-2 (Account Management) is not properly implemented.
Risk rating: HIGH - requires immediate remediation per NIST 800-53.
"""

entities = extractor.extract_entities(entity_text)

print("\nExtracted Entities:")
for entity_type, items in entities.items():
    if items:
        print(f"  {entity_type}: {items}")

<a id='week9'></a>
## 4. Week 9: Control Discovery & Gap Analysis

Demonstrates automated control discovery from multiple sources and gap analysis against risk requirements.

In [None]:
from src.agents.control_discovery_agent import ControlDiscoveryAgent
from src.tools.gap_analyzer import GapAnalyzer

# Initialize control discovery agent
control_agent = ControlDiscoveryAgent()

# Discover controls from multiple sources
discovered_controls = control_agent.discover_controls(
    sources=['servicenow_grc', 'confluence', 'filesystem'],
    control_frameworks=['NIST_800_53', 'ISO_27001']
)

print(f"Discovered {len(discovered_controls)} controls:")
for ctrl in discovered_controls[:5]:
    print(f"  ‚Ä¢ {ctrl['control_id']}: {ctrl['title']}")
    print(f"    Source: {ctrl['source']} | Status: {ctrl['implementation_status']}")

# Gap analysis
gap_analyzer = GapAnalyzer()

# Required controls for high-risk CVE
required_controls = [
    'AC-2',  # Account Management
    'AC-3',  # Access Enforcement
    'SI-2',  # Flaw Remediation
    'RA-5',  # Vulnerability Scanning
    'CA-7',  # Continuous Monitoring
]

gaps = gap_analyzer.analyze_gaps(
    required_controls=required_controls,
    implemented_controls=[c['control_id'] for c in discovered_controls]
)

print(f"\nGap Analysis Results:")
print(f"  Coverage: {gaps['coverage_percentage']:.1f}%")
print(f"  Missing Controls: {gaps['missing_controls']}")
print(f"  Partially Implemented: {gaps['partial_controls']}")

### Control Coverage Heatmap

In [None]:
# Create control coverage visualization
control_families = {
    'AC': 'Access Control',
    'AU': 'Audit and Accountability',
    'CA': 'Assessment and Authorization',
    'SI': 'System and Information Integrity',
    'RA': 'Risk Assessment',
    'SC': 'System and Communications Protection'
}

# Simulate coverage data
coverage_data = pd.DataFrame({
    'Family': list(control_families.values()),
    'Implemented': [12, 8, 6, 10, 7, 9],
    'Partial': [3, 4, 2, 3, 2, 3],
    'Missing': [2, 3, 4, 2, 3, 2]
})

fig, ax = plt.subplots(figsize=(12, 6))
coverage_data.set_index('Family')[['Implemented', 'Partial', 'Missing']].plot(
    kind='bar',
    stacked=True,
    ax=ax,
    color=['#2ecc71', '#f39c12', '#e74c3c']
)
ax.set_title('NIST 800-53 Control Coverage by Family', fontsize=14, fontweight='bold')
ax.set_xlabel('Control Family')
ax.set_ylabel('Number of Controls')
ax.legend(title='Status')
plt.xticks(rotation=45, ha='right')
plt.tight_layout()
plt.show()

# Calculate overall coverage percentage
total = coverage_data[['Implemented', 'Partial', 'Missing']].sum().sum()
implemented = coverage_data['Implemented'].sum() + coverage_data['Partial'].sum() * 0.5
coverage_pct = (implemented / total) * 100
print(f"\nOverall Control Coverage: {coverage_pct:.1f}%")

<a id='week10'></a>
## 5. Week 10: Tree of Thought (ToT) Risk Scoring

Demonstrates multi-branch risk evaluation using Tree of Thought reasoning.

In [None]:
from src.agents.tot_risk_scorer import ToTRiskScorer

tot_scorer = ToTRiskScorer()

# Evaluate risk using ToT with multiple reasoning paths
tot_result = tot_scorer.evaluate_risk_with_tot(
    cve_id="CVE-2024-3400",
    asset_name="firewall-prod-01",
    cvss_score=10.0,
    in_cisa_kev=True,
    asset_criticality=5,
    num_thoughts=3,  # Generate 3 reasoning paths
    depth=2  # 2-level reasoning tree
)

print("Tree of Thought Risk Scoring Results:")
print(f"{'='*70}\n")
print(f"Evaluated {len(tot_result['thoughts'])} reasoning paths:\n")

for i, thought in enumerate(tot_result['thoughts'], 1):
    print(f"Path {i}: {thought['path']}")
    print(f"  Risk Score: {thought['risk_score']}/25")
    print(f"  Confidence: {thought['confidence']:.2f}")
    print(f"  Reasoning: {thought['reasoning'][:100]}...\n")

print(f"Final Aggregated Risk Score: {tot_result['final_score']}/25")
print(f"Recommendation: {tot_result['recommendation']}")

### ToT Reasoning Tree Visualization

In [None]:
# Visualize ToT reasoning paths
thoughts_df = pd.DataFrame([
    {'Path': t['path'], 'Score': t['risk_score'], 'Confidence': t['confidence']}
    for t in tot_result['thoughts']
])

fig, (ax1, ax2) = plt.subplots(1, 2, figsize=(14, 5))

# Risk scores by path
thoughts_df.plot(x='Path', y='Score', kind='bar', ax=ax1, legend=False, color='coral')
ax1.set_title('Risk Scores by Reasoning Path', fontweight='bold')
ax1.set_ylabel('Risk Score (0-25)')
ax1.set_xlabel('Reasoning Path')
ax1.axhline(y=tot_result['final_score'], color='red', linestyle='--', label='Final Score')
ax1.legend()
ax1.grid(True, alpha=0.3)

# Confidence levels
thoughts_df.plot(x='Path', y='Confidence', kind='bar', ax=ax2, legend=False, color='skyblue')
ax2.set_title('Confidence by Reasoning Path', fontweight='bold')
ax2.set_ylabel('Confidence (0-1)')
ax2.set_xlabel('Reasoning Path')
ax2.set_ylim(0, 1)
ax2.grid(True, alpha=0.3)

plt.tight_layout()
plt.show()

<a id='week11'></a>
## 6. Week 11: Markov Chain Threat Modeling

Demonstrates probabilistic threat scenario generation using Markov Chains based on MITRE ATT&CK.

In [None]:
from src.agents.threat_scenario_agent import ThreatScenarioAgent
from src.tools.attack_transition_builder import AttackTransitionBuilder

# Initialize threat scenario agent
scenario_agent = ThreatScenarioAgent()

# Generate attack scenarios using Markov Chain
scenarios = scenario_agent.generate_scenarios(
    initial_technique="T1190",  # Exploit Public-Facing Application
    num_scenarios=3,
    max_steps=5
)

print("Markov Chain Threat Scenarios:")
print(f"{'='*70}\n")

for i, scenario in enumerate(scenarios, 1):
    print(f"Scenario {i}: {scenario['name']}")
    print(f"Probability: {scenario['probability']:.2%}")
    print(f"Attack Path:")
    
    for step in scenario['attack_path']:
        print(f"  {step['step']}. {step['technique_id']}: {step['technique_name']}")
        print(f"     Tactic: {step['tactic']} | Transition Prob: {step['transition_prob']:.2%}")
    
    print(f"\nNarrative: {scenario['narrative'][:200]}...")
    print(f"\nRecommended Controls: {', '.join(scenario['recommended_controls'][:3])}")
    print(f"\n{'‚îÄ'*70}\n")

### Attack Path Visualization

In [None]:
import networkx as nx

# Build attack graph from scenarios
G = nx.DiGraph()

for scenario in scenarios:
    path = scenario['attack_path']
    for i in range(len(path) - 1):
        current = path[i]['technique_id']
        next_tech = path[i + 1]['technique_id']
        prob = path[i + 1]['transition_prob']
        G.add_edge(current, next_tech, weight=prob)

# Visualize attack graph
fig, ax = plt.subplots(figsize=(14, 10))
pos = nx.spring_layout(G, k=2, iterations=50)

# Draw nodes
nx.draw_networkx_nodes(G, pos, node_color='lightcoral', 
                       node_size=3000, alpha=0.9, ax=ax)

# Draw edges with varying thickness based on probability
edges = G.edges()
weights = [G[u][v]['weight'] * 5 for u, v in edges]
nx.draw_networkx_edges(G, pos, width=weights, alpha=0.6, 
                       edge_color='gray', arrows=True, 
                       arrowsize=20, ax=ax)

# Draw labels
nx.draw_networkx_labels(G, pos, font_size=10, font_weight='bold', ax=ax)

# Draw edge labels (probabilities)
edge_labels = {(u, v): f"{G[u][v]['weight']:.0%}" for u, v in edges}
nx.draw_networkx_edge_labels(G, pos, edge_labels, font_size=8, ax=ax)

ax.set_title('Markov Chain Attack Path Probabilities', 
             fontsize=16, fontweight='bold', pad=20)
ax.axis('off')
plt.tight_layout()
plt.show()

print(f"Attack graph contains {G.number_of_nodes()} techniques and {G.number_of_edges()} transitions")

<a id='visualizations'></a>
## 7. Visualizations & Insights

Comprehensive visualizations of risk assessment data.

### 7.1 Risk Heatmap (5√ó5 Matrix)

In [None]:
# Generate sample risk data
np.random.seed(42)
risk_matrix = np.zeros((5, 5))

# Simulate risk distribution (higher concentration in high-impact, high-likelihood)
sample_risks = [
    (4, 4, 5),  # CVE-2024-3400: High likelihood, High impact, 5 risks
    (3, 4, 3),  # Medium-high likelihood, High impact, 3 risks
    (2, 3, 4),  # Medium likelihood, Medium impact, 4 risks
    (1, 2, 2),  # Low likelihood, Low-medium impact, 2 risks
]

for lik, imp, count in sample_risks:
    risk_matrix[lik, imp] += count

# Create heatmap
fig, ax = plt.subplots(figsize=(10, 8))
sns.heatmap(risk_matrix, annot=True, fmt='.0f', cmap='YlOrRd', 
            cbar_kws={'label': 'Number of Risks'},
            xticklabels=['Very Low', 'Low', 'Medium', 'High', 'Very High'],
            yticklabels=['Very Low', 'Low', 'Medium', 'High', 'Very High'],
            ax=ax, linewidths=0.5, linecolor='gray')

ax.set_title('Risk Heatmap: Likelihood vs Impact', fontsize=16, fontweight='bold', pad=20)
ax.set_xlabel('Impact', fontsize=12, fontweight='bold')
ax.set_ylabel('Likelihood', fontsize=12, fontweight='bold')

# Add risk level boundaries
ax.plot([0, 2], [3, 5], 'w--', linewidth=2, alpha=0.7)  # Critical boundary
ax.plot([2, 4], [2, 4], 'w--', linewidth=2, alpha=0.7)  # High boundary

plt.tight_layout()
plt.show()

# Risk distribution summary
total_risks = risk_matrix.sum()
critical = risk_matrix[3:, 3:].sum()  # Top-right quadrant
high = risk_matrix[2:, 2:].sum() - critical
medium = total_risks - critical - high

print(f"\nRisk Distribution:")
print(f"  Critical: {int(critical)} ({critical/total_risks*100:.1f}%)")
print(f"  High: {int(high)} ({high/total_risks*100:.1f}%)")
print(f"  Medium: {int(medium)} ({medium/total_risks*100:.1f}%)")

### 7.2 Vulnerability Timeline

In [None]:
# Simulate vulnerability discovery timeline
dates = pd.date_range(start='2024-01-01', end='2024-11-18', freq='W')
vulnerabilities = pd.DataFrame({
    'Date': dates,
    'Critical': np.random.poisson(2, len(dates)),
    'High': np.random.poisson(5, len(dates)),
    'Medium': np.random.poisson(8, len(dates)),
    'Low': np.random.poisson(12, len(dates))
})

fig, ax = plt.subplots(figsize=(14, 6))
vulnerabilities.plot(x='Date', y=['Critical', 'High', 'Medium', 'Low'], 
                     kind='area', stacked=True, ax=ax,
                     color=['#e74c3c', '#e67e22', '#f39c12', '#95a5a6'],
                     alpha=0.7)

ax.set_title('Vulnerability Discovery Timeline (2024)', fontsize=14, fontweight='bold')
ax.set_xlabel('Date')
ax.set_ylabel('Number of Vulnerabilities')
ax.legend(title='Severity', loc='upper left')
ax.grid(True, alpha=0.3)
plt.tight_layout()
plt.show()

# Summary statistics
total_vulns = vulnerabilities[['Critical', 'High', 'Medium', 'Low']].sum()
print("\nVulnerability Summary (2024):")
for severity in ['Critical', 'High', 'Medium', 'Low']:
    print(f"  {severity}: {total_vulns[severity]}")

### 7.3 MITRE ATT&CK Coverage

In [None]:
# Simulate MITRE ATT&CK tactic coverage
tactics = [
    'Initial Access', 'Execution', 'Persistence', 'Privilege Escalation',
    'Defense Evasion', 'Credential Access', 'Discovery', 'Lateral Movement',
    'Collection', 'Exfiltration', 'Command & Control', 'Impact'
]

coverage = pd.DataFrame({
    'Tactic': tactics,
    'Detected': [8, 6, 5, 7, 4, 6, 9, 5, 3, 4, 7, 6],
    'Mitigated': [6, 5, 4, 5, 3, 4, 7, 4, 2, 3, 5, 4],
    'Total': [12, 10, 9, 11, 8, 10, 12, 9, 7, 8, 11, 10]
})

coverage['Detection %'] = (coverage['Detected'] / coverage['Total'] * 100).round(1)
coverage['Mitigation %'] = (coverage['Mitigated'] / coverage['Total'] * 100).round(1)

fig, ax = plt.subplots(figsize=(14, 8))
x = np.arange(len(tactics))
width = 0.35

bars1 = ax.bar(x - width/2, coverage['Detection %'], width, label='Detection Coverage', color='#3498db')
bars2 = ax.bar(x + width/2, coverage['Mitigation %'], width, label='Mitigation Coverage', color='#2ecc71')

ax.set_xlabel('MITRE ATT&CK Tactic', fontweight='bold')
ax.set_ylabel('Coverage Percentage', fontweight='bold')
ax.set_title('MITRE ATT&CK Tactic Coverage', fontsize=14, fontweight='bold')
ax.set_xticks(x)
ax.set_xticklabels(tactics, rotation=45, ha='right')
ax.legend()
ax.grid(True, alpha=0.3, axis='y')
ax.set_ylim(0, 100)

# Add value labels on bars
for bars in [bars1, bars2]:
    for bar in bars:
        height = bar.get_height()
        ax.text(bar.get_x() + bar.get_width()/2., height,
                f'{height:.0f}%', ha='center', va='bottom', fontsize=8)

plt.tight_layout()
plt.show()

# Overall coverage
avg_detection = coverage['Detection %'].mean()
avg_mitigation = coverage['Mitigation %'].mean()
print(f"\nAverage Detection Coverage: {avg_detection:.1f}%")
print(f"Average Mitigation Coverage: {avg_mitigation:.1f}%")

<a id='workflow'></a>
## 8. Complete Workflow Demo

End-to-end demonstration of the complete risk assessment workflow using the LangGraph supervisor.

In [None]:
from src.supervisor.supervisor import RiskAssessmentSupervisor
import time

# Initialize supervisor
supervisor = RiskAssessmentSupervisor()

print("Starting Complete Risk Assessment Workflow...\n")
print("="*70)

# Run complete assessment
start_time = time.time()

result = supervisor.run_assessment(
    query="Assess critical vulnerabilities affecting production firewalls",
    cve_ids=["CVE-2024-3400", "CVE-2024-21762"]
)

elapsed_time = time.time() - start_time

print(f"\n{'='*70}")
print(f"Assessment completed in {elapsed_time:.2f} seconds\n")

# Display results
print("Results Summary:")
print(f"  ServiceNow Incidents: {len(result.get('incidents', []))}")
print(f"  Vulnerabilities Analyzed: {len(result.get('vulnerabilities', []))}")
print(f"  Threat Intelligence Reports: {len(result.get('threats', []))}")
print(f"  Risk Ratings Generated: {len(result.get('risk_ratings', []))}")
print(f"  Report Generated: {result.get('report_path', 'N/A')}")

# Show risk ratings
if result.get('risk_ratings'):
    print("\nRisk Ratings:")
    for rating in result['risk_ratings']:
        print(f"  ‚Ä¢ {rating['cve_id']} on {rating['asset_name']}")
        print(f"    Score: {rating['score']}/25 ({rating['level']})")
        print(f"    Likelihood: {rating['likelihood']}/5 | Impact: {rating['impact']}/5")

print(f"\n{'='*70}")
print("‚úÖ Workflow demonstration complete!")

### Workflow Performance Metrics

In [None]:
# Simulate performance metrics
metrics = pd.DataFrame({
    'Agent': ['ServiceNow', 'Vulnerability', 'Threat', 'Document', 'Risk Scoring', 'Report'],
    'Avg Time (ms)': [450, 1200, 800, 950, 300, 600],
    'P95 Time (ms)': [850, 2500, 1500, 1800, 600, 1100],
    'Success Rate (%)': [99.5, 98.2, 97.8, 99.1, 100, 99.8]
})

fig, (ax1, ax2) = plt.subplots(1, 2, figsize=(14, 5))

# Response times
x = np.arange(len(metrics['Agent']))
ax1.bar(x, metrics['Avg Time (ms)'], alpha=0.7, label='Average', color='skyblue')
ax1.bar(x, metrics['P95 Time (ms)'], alpha=0.5, label='P95', color='coral')
ax1.set_xlabel('Agent')
ax1.set_ylabel('Response Time (ms)')
ax1.set_title('Agent Response Times', fontweight='bold')
ax1.set_xticks(x)
ax1.set_xticklabels(metrics['Agent'], rotation=45, ha='right')
ax1.legend()
ax1.grid(True, alpha=0.3, axis='y')

# Success rates
ax2.bar(x, metrics['Success Rate (%)'], color='mediumseagreen')
ax2.set_xlabel('Agent')
ax2.set_ylabel('Success Rate (%)')
ax2.set_title('Agent Success Rates', fontweight='bold')
ax2.set_xticks(x)
ax2.set_xticklabels(metrics['Agent'], rotation=45, ha='right')
ax2.set_ylim(95, 100)
ax2.grid(True, alpha=0.3, axis='y')

# Add value labels
for i, v in enumerate(metrics['Success Rate (%)']):
    ax2.text(i, v + 0.1, f'{v}%', ha='center', va='bottom', fontsize=9)

plt.tight_layout()
plt.show()

print("\nSystem Performance Summary:")
print(f"  Average Response Time: {metrics['Avg Time (ms)'].mean():.0f} ms")
print(f"  P95 Response Time: {metrics['P95 Time (ms)'].mean():.0f} ms")
print(f"  Overall Success Rate: {metrics['Success Rate (%)'].mean():.2f}%")

## Conclusion

This notebook demonstrated the complete capabilities of the Enterprise Risk Assessment System:

‚úÖ **Week 6:** Multi-agent orchestration with 6 specialized agents  
‚úÖ **Week 7:** Advanced RAG pipeline and document intelligence  
‚úÖ **Week 9:** Control discovery and gap analysis  
‚úÖ **Week 10:** Tree of Thought multi-branch risk scoring  
‚úÖ **Week 11:** Markov Chain probabilistic threat modeling  
‚úÖ **Visualizations:** Risk heatmaps, attack paths, control coverage  
‚úÖ **Complete Workflow:** End-to-end risk assessment with LangGraph  

### Next Steps

1. **Customize for Your Environment:** Update `.env` with your API keys and ServiceNow instance
2. **Run Individual Agents:** Test each agent independently using the examples
3. **Deploy to Production:** Follow `docs/DEPLOYMENT_GUIDE.md` for AWS deployment
4. **Monitor Performance:** Use LangSmith tracing for observability
5. **Extend Capabilities:** Add custom agents or integrate additional APIs

### Resources

- **Documentation:** `docs/API_REFERENCE.md`
- **Deployment Guide:** `docs/DEPLOYMENT_GUIDE.md`
- **Source Code:** `src/agents/`, `src/tools/`
- **Tests:** `tests/` (812 passing tests)
- **Examples:** `examples/basic_usage.py`

---

**Production Status:** Weeks 1-7 complete ‚úÖ | 812 tests passing ‚úÖ | 67% coverage ‚úÖ