Update README.md

README.md

@@ -14,48 +14,69 @@ short_description: AI-driven TDAgent to automate threat analysis with MCP tools
 
 ---
 
-# Hackathon Participation: Cybersecurity AI Agents
+# TDAgentTools & TDAgent: Empowering Cybersecurity with Agentic AI
 
-This project is our contribution to Tracks 1 and 3 of the [Agents-MCP-Hackathon](https://huggingface.co/Agents-MCP-Hackathon), focused on applying AI technologies in the cybersecurity domain. Our aim is to develop solutions that improve the operational efficiency in cybersecurity through automation and data-driven insights.
+Welcome to TDAgentTools & TDAgent, our innovative proof of concept (PoC) crafted for the Agents-MCP Hackathon. Our initiatives focus on leveraging Agentic AI to enhance cybersecurity threat analysis, providing robust tools for data enrichment and strategic advice for incident handling.
 
-## Team Overview
+## Team Introduction
 
-Our team is part of the AI division in our company's cybersecurity department. We focus on implementing AI-based solutions to assist cybersecurity operations. Our team members include:
+We are an AI-focused team within a company, dedicated to empowering other teams by implementing AI solutions. Our expertise lies in automating processes to enhance productivity and tackle complex tasks that AI excels in. Our hackathon team members include:
 
-- **Pedro Completo Bento**
-- **Josep Pon Farreny**
-- **Sofia Jeronimo dos Santos**
-- **Rodrigo Dominguez Sanz**
-- **Miguel Rodin**
+- Pedro Completo Bento
+- Josep Pon Farreny
+- Sofia Jeronimo dos Santos
+- Rodrigo Dominguez Sanz
+- Miguel Rodin
 
-## Project Goals
+## Project Overview
 
-We are exploring the application of AI agents to aid cybersecurity analysts in threat data enrichment and threat analysis. Our main goals are:
+### Track 1: MCP Tool - TDAgentTools
 
-1. To experiment with agentic technologies like Gradio and MCP.
-2. To explore how AI can improve data enrichment capabilities in threat analysis.
-3. To develop autonomous agents capable of API interaction, data enrichment, and threat evaluation.
+TDAgentTools serves as an MCP server built using Gradio, offering a wide array of cybersecurity intelligence tools. These tools enable users to augment their LLMs' capabilities by integrating with various publicly available cybersecurity intel resources. Our TDAgentTools are accessible via the following link: [TDAgentTools Space](https://huggingface.co/spaces/Agents-MCP-Hackathon/TDAgentTools).
 
-## Track 1: MCP Tool / Server
+#### Available Tools:
+1. **TDAgentTools_get_url_http_content**: Retrieve URL content through an HTTP GET request.
+2. **TDAgentTools_query_abuseipdb**: Query AbuseIPDB to check if an IP is reported for abusive behavior.
+3. **TDAgentTools_query_rdap**: Gather information about internet resources such as domain names and IP addresses.
+4. **TDAgentTools_get_virus_total_url_info**: Fetch URL information using VirusTotal URL Scanner.
+5. **TDAgentTools_get_geolocation**: Obtain location details from an IP address.
+6. **TDAgentTools_enumerate_dns**: Access DNS configuration details for a given domain.
+7. **TDAgentTools_scrap_subdomains_for_domain**: Retrieve subdomains related to a domain.
+8. **TDAgentTools_retrieve_ioc_from_threatfox**: Get potential IoC information from ThreatFox.
+9. **TDAgentTools_get_stix_object_of_attack_id**: Access a STIX object using an ATT&CK ID.
+10. **TDAgentTools_lookup_user**: Seek user details from the Company User Lookup System.
+11. **TDAgentTools_lookup_cloud_account**: Investigate cloud account information.
+12. **TDAgentTools_send_email**: Simulate emailing from [email protected].
 
-In Track 1, we developed **TDAgentTools**, a Gradio-powered MCP server offering a set of public cybersecurity intelligence tools. This tool is designed to assist cybersecurity professionals in their threat analysis and response tasks.
+### Track 3: Agentic Demo Showcase - TDAgent
 
-Access TDAgentTools here: [TDAgentTools Space](https://huggingface.co/spaces/Agents-MCP-Hackathon/TDAgentTools)
+TDAgent is an adaptive and interactive AI agent, available on TDAgentTools. This agent facilitates a dynamic AI experience, allowing users to switch the LLM used and adjust the system prompt to refine the agent’s behavior and objectives. Explore it here: [TDAgent Space](https://huggingface.co/spaces/Agents-MCP-Hackathon/TDAgent).
 
-## Track 3: Agentic Demo Showcase
+#### Key Features:
+- **Intelligent API Interactions**: The agent autonomously interacts with APIs for data enrichment and analysis without explicit user guidance.
+- **Enhanced Data Enrichment**: Automatically enriches initial incident data, providing deeper insights.
+- **Actionable Intelligence**: Suggests actions based on enriched data and analysis, displaying concise outputs for clearer communication.
+- **Versatile Adaptability**: Capable of switching LLMs for varied results and enhanced debugging.
 
-For Track 3, we created **TDAgent**, an AI agent with a chat interface that connects to MCPs, defaulting to TDAgent MCP. The agent utilizes **TDAgentTools** or other MCP servers to gather additional threat intelligence, providing enriched data for more comprehensive threat evaluations.
+## Motivation and Goals
 
-## Usage and Purpose
+Our primary motivation is to explore Agentic AI applications in the cybersecurity realm, focusing on AI agent support for:
+1. Enriching reported threat data.
+2. Assisting analysts in threat analysis.
 
-- **TDAgentTools**: Provides cybersecurity professionals with essential analysis tools via a user-friendly interface.
-- **TDAgent**: Facilitates interactive AI-supported threat analysis, enhancing efficiency, by leveraging data from MCP servers for improved insights.
+We aimed to:
+- Explore Agentic AI technologies like Gradio and MCP.
+- Enhance AI agent data enrichment with custom tools.
+- Enable agent autonomy in API interaction and threat assessment.
+- Equip the agent to propose specific incident response actions.
 
-Our work aims to reduce the manual effort involved in threat analysis, allowing cybersecurity teams to focus on strategic activities by utilizing AI for operational tasks.
+## Insights & Conclusions
 
-## Conclusion
+- **Agent's Autonomy**: Demonstrated autonomous API interactions and data enrichment capabilities.
+- **Enhanced Decision-Making**: The agent suggests data-driven insights beyond API outputs.
+- **Future Improvements**: Plan to fine-tune threat escalation logic and introduce additional decision layers for enhanced threat management.
 
-This project seeks to demonstrate the practical applications of AI agents in cybersecurity, providing tools and frameworks to improve security operations.
+Our projects successfully demonstrated rapid prototyping with Gradio and Hugging Face Spaces, achieving all intended objectives while providing an engaging and rewarding experience for our team. This PoC shows the potential for future expansions and refinements in the realm of cybersecurity AI support!