CloudSecGPT super-charges raw cloud-security findings with AI. Analyzes OCSF/Parquet exports and live data from AWS Security Hub, GCP Security Command Center, and Azure Defender to provide risk scores, summaries, remediation steps, alert clustering, and interactive chat capabilities.
Project description
CloudSecGPT super‑charges raw cloud‑security findings with AI. Give it an OCSF/ASFF/Parquet export – or pull live from AWS Security Hub, GCP Security Command Center, or Azure Defender – and it spits out:
- Risk score (1‑10) for every finding
- One‑line summary, business impact & concise remediation
- Copy‑‑pasteable CLI fix command
- Groups to slash alert fatigue
- A gorgeous self‑contained HTML report
- An interactive chat so you can ask “why?” & “how do I fix this?” on the fly
✨ Feature Matrix
| Pillar | Highlights |
|---|---|
| Sources | • JSON-OCSF/JSON-ASFF/Parquet • --security-hub live pull• --gcp-scc org / folder / project• --azure-defender subscription |
| Analyze | Enriches every finding → risk_score, summary, why, cli_fix, remediation |
| Groups | Groups by resource_type + summary → noise ↓, signal ↑ |
| Outputs | 3 artefacts in --out dir:analyzed.csv · grouped.csv · report.html |
| Chat | cloudsecgpt chat → conversational Q&A with full context |
| LLM back‑ends | openai · bedrock · ollama (local) · MCP client |
| Smart cache | File + prompt hashed (BLAKE2b) → no double billing |
| Progress UI | Tidy Rich bar with live findings counter |
📦 Install
pip install cloudsecgpt
(Requires Python ≥ 3.9)
Developers:
git clone https://github.com/MrCloudSec/CloudSecGPT.git
cd CloudSecGPT && poetry install
⚙️ Quick start
export OPENAI_API_KEY=...
cloudsecgpt analyze --file path/to/JSON-OCSF/JSON-ASFF/Parquet \
[--provider openai] [--model gpt-4o-mini] \
[--batch 20] [--workers 8] \
[--out ./out]
./out/analyzed_<timestamp>.csv– full table sorted by highest risk./out/grouped_<timestamp>.csv– de‑duplicated view./out/report_<timestamp>.html– share‑ready report (logo, chart, sticky headers)
Live pulls
# AWS Security Hub via AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and optional AWS_SESSION_TOKEN env vars
cloudsecgpt analyze --security-hub [-o out/]
# GCP SCC (auto‑detect single org) via GOOGLE_APPLICATION_CREDENTIALS env var or gcloud auth application-default login
cloudsecgpt analyze --gcp-scc [org/folder/projectID] [-o out/]
# Azure Defender (single subscription auto) via AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID env vars or az login
cloudsecgpt analyze --azure-defender [subscriptionID] [-o out/]
Chat mode
# Chat with the context of a file
cloudsecgpt chat findings.json
# Chat with the context of Security Hub via AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and optional AWS_SESSION_TOKEN env vars
cloudsecgpt chat --security-hub
# Chat with the context of GCP SCC via GOOGLE_APPLICATION_CREDENTIALS env var or gcloud auth application-default login
cloudsecgpt chat --gcp-scc
# Chat with the context of Azure Defender via AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID env vars or az login
cloudsecgpt chat --azure-defender
Ask anything – context is streamed from the analyzed findings.
🐳 Docker
# Pull and run
docker run --rm -v $(pwd):/data -e OPENAI_API_KEY=your_key \
mrcloudsec/cloudsecgpt:latest analyze /data/findings.parquet -o /data/out
# Build locally
git clone https://github.com/MrCloudSec/CloudSecGPT.git
cd CloudSecGPT && docker build -t cloudsecgpt .
docker run --rm -v $(pwd):/data cloudsecgpt analyze /data/findings.parquet -o /data/out
🔌 Providers
| Flag | Notes |
|---|---|
| openai | OPENAI_API_KEY env var |
| bedrock | standard AWS creds via AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and optional AWS_SESSION_TOKEN env vars |
| ollama | ollama serve on localhost:11434 |
| mcp | Any Model‑Context‑Protocol host (--host + optional --api-key) |
🧑💻 Extend
class MyModel:
def call(self, messages: list[dict[str, str]]) -> str:
...
Register it in core.get_model() – done.
🛡️ Why CloudSecGPT?
- 👀 Single‑pane view across AWS / Azure / GCP / K8s
- ⚡ Cut triage time with instant clustering
- 🧠 Explain why it matters – not just “what”
- 🗣️ Talk to your findings like ChatGPT
- 👐 Open‑source, pluggable, works offline with local LLMs
🤝 Contributing
PRs & issues welcome! Pre‑commit hooks run Black, Flake8 & Bandit.
📜 License
Apache‑2.0 © 2025 @MrCloudSec
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cloudsecgpt-0.1.0.tar.gz.
File metadata
- Download URL: cloudsecgpt-0.1.0.tar.gz
- Upload date:
- Size: 959.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8a220c1617b3605204f115e7aed20d50e3525c516c3b91172744a9736a8de78d
|
|
| MD5 |
bb7403ef0f7b65f601d78fc6cc8a3020
|
|
| BLAKE2b-256 |
23155bc62f08d2c9a3e1e181f3857e0381a0d497f87445f82c707eeb4928cdac
|
File details
Details for the file cloudsecgpt-0.1.0-py3-none-any.whl.
File metadata
- Download URL: cloudsecgpt-0.1.0-py3-none-any.whl
- Upload date:
- Size: 965.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
820c820338b83edff16ad96638450b36262a3ad611f98ead63b54f4502e1eec7
|
|
| MD5 |
cebabdb2f2d47c25057aeef12bb00131
|
|
| BLAKE2b-256 |
993c7cdf66c1dd37148bf8e049aa41f0ff050885bbfe69302140c91c92384663
|
