Ais1on

Ais1on / CTI-RAG

Public

CTI-RAG is a Retrieval-Augmented Generation (RAG) framework for Cyber Threat Intelligence (CTI), integrating knowledge graph and causal reasoning capabilities to provide security analysts with an intelligent threat intelligence analysis tool.

15
1
100% credibility
Found Apr 13, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

ThreatRAG is a specialized AI assistant for cyber threat intelligence that combines document search, knowledge graphs, and reasoning to help analysts understand attack patterns and relationships from reports.

How It Works

1
🔍 Discover ThreatRAG

You hear about a smart tool that helps security analysts make sense of threat reports by connecting facts into clear pictures.

2
🚀 Launch with one click

Download and run the ready-to-go setup that brings all the smart analysis tools online in minutes.

3
📤 Upload your reports

Drop in your PDF threat intelligence files, and watch them get organized into searchable knowledge.

4
💬 Ask natural questions

Chat with the assistant about attacks, actors, or vulnerabilities, getting answers pulled straight from your reports.

5
🕸️ Explore threat connections

See a visual map of how threats link together—who's behind them, what tools they use, and how they spread.

6
🔄 Refine and dig deeper

Follow up with more questions or zoom into relationships for deeper insights on campaigns and risks.

Threat intelligence unlocked

You now have clear, connected understanding of cyber threats, ready to inform your security decisions.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 15 to 15 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is CTI-RAG?

CTI-RAG is a Python-based Retrieval-Augmented Generation framework tailored for Cyber Threat Intelligence analysis. It ingests threat reports to build knowledge graphs and apply causal reasoning, letting security analysts query intel via a chat API or graph explorer. Deployed via Docker Compose with vector search, graph DB, and LLM support, it provides intelligent CTI insights without manual graph building.

Why is it gaining traction?

This CTI RAG stands out by integrating knowledge graphs and causal capabilities into standard generation workflows, enabling analysts to uncover threat relationships beyond basic search. The full-stack setup—FastAPI endpoints for chat, data upload, and graph queries—delivers quick value for CTI teams, with hybrid retrieval and reranking boosting accuracy on unstructured reports.

Who should use this?

Security analysts sifting threat feeds for attack patterns, or CTI teams correlating IOCs across reports. Ideal for ops centers building custom intel tools, or red teams simulating causal threat chains without starting from scratch.

Verdict

With 15 stars and 1.0% credibility, CTI-RAG is early-stage—docs are bilingual but sparse, no extensive tests—but its focused CTI features make it worth forking for niche analysis. Prototype it if generic RAG falls short on cyber graphs.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.