Update app.py

app.py

@@ -1,1153 +1,311 @@
 import gradio as gr
 import spaces
-import json
-import datetime
-import random
-from transformers import AutoModelForCausalLM, AutoTokenizer, pipeline
+from transformers import pipeline
 import torch
 import time
-import warnings
 
-# Suppress warnings for cleaner output
-warnings.filterwarnings("ignore")
-
-# Enhanced CSS for beautiful design
-beautiful_css = """
-/* Import Google Fonts */
-@import url('https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap');
-
-/* Global Styles */
+# Simple CSS for clean design
+simple_css = """
 .gradio-container {
-    max-width: 1400px !important;
+    max-width: 900px !important;
     margin: 0 auto !important;
-    font-family: 'Inter', sans-serif !important;
-    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%) !important;
-    min-height: 100vh;
-}
-
-/* Header Styling */
-.header-container {
-    background: rgba(255, 255, 255, 0.95);
-    backdrop-filter: blur(10px);
-    border-radius: 20px;
-    padding: 2rem;
-    margin: 1rem;
-    box-shadow: 0 20px 40px rgba(0, 0, 0, 0.1);
-    border: 1px solid rgba(255, 255, 255, 0.2);
-}
-
-/* Main Content Cards */
-.content-card {
-    background: rgba(255, 255, 255, 0.98);
-    backdrop-filter: blur(15px);
-    border-radius: 16px;
-    padding: 1.5rem;
-    margin: 0.5rem;
-    box-shadow: 0 10px 30px rgba(0, 0, 0, 0.08);
-    border: 1px solid rgba(255, 255, 255, 0.3);
-    transition: all 0.3s ease;
-}
-
-.content-card:hover {
-    transform: translateY(-2px);
-    box-shadow: 0 15px 40px rgba(0, 0, 0, 0.12);
-}
-
-/* Status Indicators */
-.status-success {
-    background: linear-gradient(135deg, #4CAF50, #45a049);
-    color: white;
-    padding: 12px 20px;
-    border-radius: 12px;
-    font-weight: 500;
-    box-shadow: 0 4px 15px rgba(76, 175, 80, 0.3);
-    border: none;
-}
-
-.status-warning {
-    background: linear-gradient(135deg, #FF9800, #F57C00);
-    color: white;
-    padding: 12px 20px;
-    border-radius: 12px;
-    font-weight: 500;
-    box-shadow: 0 4px 15px rgba(255, 152, 0, 0.3);
-}
-
-.status-error {
-    background: linear-gradient(135deg, #f44336, #d32f2f);
-    color: white;
-    padding: 12px 20px;
-    border-radius: 12px;
-    font-weight: 500;
-    box-shadow: 0 4px 15px rgba(244, 67, 54, 0.3);
+    font-family: 'Arial', sans-serif;
 }
 
-/* GPT-OSS Badge */
-.gpt-oss-badge {
-    background: linear-gradient(135deg, #667eea, #764ba2);
-    color: white;
-    padding: 8px 16px;
-    border-radius: 20px;
-    font-weight: 600;
-    font-size: 0.9rem;
-    display: inline-block;
-    box-shadow: 0 4px 15px rgba(102, 126, 234, 0.3);
-    margin: 0.5rem 0;
+.threat-input {
+    border-radius: 8px !important;
+    border: 2px solid #e0e0e0 !important;
+    padding: 15px !important;
+    font-size: 14px !important;
 }
 
-/* Alert Severity Badges */
-.severity-critical {
-    background: linear-gradient(135deg, #dc3545, #c82333);
-    color: white;
-    padding: 4px 12px;
-    border-radius: 20px;
-    font-weight: 600;
-    font-size: 0.8rem;
-    display: inline-block;
-    box-shadow: 0 2px 8px rgba(220, 53, 69, 0.3);
-}
-
-.severity-high {
-    background: linear-gradient(135deg, #fd7e14, #e8680a);
-    color: white;
-    padding: 4px 12px;
-    border-radius: 20px;
-    font-weight: 600;
-    font-size: 0.8rem;
-    display: inline-block;
-    box-shadow: 0 2px 8px rgba(253, 126, 20, 0.3);
-}
-
-.severity-medium {
-    background: linear-gradient(135deg, #ffc107, #e0a800);
-    color: #212529;
-    padding: 4px 12px;
-    border-radius: 20px;
-    font-weight: 600;
-    font-size: 0.8rem;
-    display: inline-block;
-    box-shadow: 0 2px 8px rgba(255, 193, 7, 0.3);
+.threat-input:focus {
+    border-color: #667eea !important;
 }
 
-/* Button Styling */
-.primary-button {
-    background: linear-gradient(135deg, #667eea, #764ba2) !important;
+.analyze-btn {
+    background: #667eea !important;
     border: none !important;
-    border-radius: 12px !important;
-    padding: 12px 24px !important;
+    border-radius: 8px !important;
+    padding: 12px 30px !important;
+    font-size: 16px !important;
     font-weight: 600 !important;
-    font-size: 1rem !important;
-    transition: all 0.3s ease !important;
-    box-shadow: 0 6px 20px rgba(102, 126, 234, 0.4) !important;
-}
-
-.primary-button:hover {
-    transform: translateY(-2px) !important;
-    box-shadow: 0 8px 25px rgba(102, 126, 234, 0.5) !important;
-}
-
-.secondary-button {
-    background: linear-gradient(135deg, #6c757d, #5a6268) !important;
-    border: none !important;
-    border-radius: 12px !important;
-    padding: 10px 20px !important;
-    font-weight: 500 !important;
     color: white !important;
-    transition: all 0.3s ease !important;
-}
-
-/* Input Styling */
-.custom-input {
-    border-radius: 12px !important;
-    border: 2px solid #e9ecef !important;
-    padding: 12px !important;
-    transition: all 0.3s ease !important;
-    background: rgba(255, 255, 255, 0.9) !important;
-}
-
-.custom-input:focus {
-    border-color: #667eea !important;
-    box-shadow: 0 0 0 3px rgba(102, 126, 234, 0.1) !important;
-}
-
-/* Section Headers */
-.section-header {
-    font-size: 1.5rem;
-    font-weight: 700;
-    color: #2d3436;
-    margin-bottom: 1rem;
-    padding-bottom: 0.5rem;
-    border-bottom: 3px solid #667eea;
-    display: flex;
-    align-items: center;
-    gap: 0.5rem;
-}
-
-/* Alert Timeline */
-.timeline-item {
-    background: rgba(102, 126, 234, 0.05);
-    border-left: 4px solid #667eea;
-    padding: 1rem;
-    margin: 0.5rem 0;
-    border-radius: 0 8px 8px 0;
-    transition: all 0.3s ease;
 }
 
-.timeline-item:hover {
-    background: rgba(102, 126, 234, 0.1);
-    transform: translateX(4px);
-}
-
-/* Analysis Output Styling */
-.analysis-container {
-    background: linear-gradient(135deg, #f8f9fa, #e9ecef);
-    border-radius: 16px;
-    padding: 1.5rem;
-    border: 1px solid #dee2e6;
-    box-shadow: inset 0 2px 10px rgba(0, 0, 0, 0.05);
-}
-
-/* Confidence Meter */
-.confidence-meter {
-    height: 8px;
-    background: #e9ecef;
-    border-radius: 10px;
-    overflow: hidden;
-    margin: 0.5rem 0;
-}
-
-.confidence-fill {
-    height: 100%;
-    background: linear-gradient(90deg, #28a745, #20c997, #17a2b8);
-    border-radius: 10px;
-    transition: width 0.5s ease;
-}
-
-/* Responsive Design */
-@media (max-width: 768px) {
-    .gradio-container {
-        padding: 0.5rem;
-    }
-    
-    .content-card {
-        margin: 0.25rem;
-        padding: 1rem;
-    }
-    
-    .section-header {
-        font-size: 1.25rem;
-    }
+.analysis-output {
+    background: #f8f9fa !important;
+    border-radius: 8px !important;
+    border: 1px solid #e0e0e0 !important;
+    padding: 20px !important;
+    line-height: 1.6 !important;
 }
 
-/* Loading Animation */
-.loading-spinner {
-    border: 3px solid #f3f3f3;
-    border-top: 3px solid #667eea;
-    border-radius: 50%;
-    width: 20px;
-    height: 20px;
-    animation: spin 1s linear infinite;
-    display: inline-block;
-    margin-right: 0.5rem;
-}
-
-@keyframes spin {
-    0% { transform: rotate(0deg); }
-    100% { transform: rotate(360deg); }
-}
-
-/* Alert Cards */
-.alert-card {
-    background: white;
-    border-radius: 12px;
-    padding: 1.5rem;
-    margin: 0.5rem 0;
-    box-shadow: 0 4px 12px rgba(0, 0, 0, 0.08);
-    border-left: 5px solid #667eea;
-    transition: all 0.3s ease;
-}
-
-.alert-card:hover {
-    transform: translateY(-2px);
-    box-shadow: 0 6px 20px rgba(0, 0, 0, 0.12);
-}
-
-/* Network Flow Visualization */
-.network-flow {
-    display: flex;
-    align-items: center;
-    gap: 1rem;
-    padding: 1rem;
-    background: rgba(102, 126, 234, 0.05);
-    border-radius: 12px;
-    margin: 0.5rem 0;
-}
-
-.network-node {
-    background: #667eea;
-    color: white;
-    padding: 0.5rem 1rem;
-    border-radius: 8px;
-    font-weight: 500;
-    font-size: 0.9rem;
-}
-
-.network-arrow {
-    color: #667eea;
-    font-size: 1.5rem;
-    font-weight: bold;
-}
-
-/* MITRE ATT&CK Styling */
-.mitre-tag {
-    background: linear-gradient(135deg, #e74c3c, #c0392b);
-    color: white;
-    padding: 6px 12px;
-    border-radius: 20px;
-    font-size: 0.85rem;
-    font-weight: 600;
-    display: inline-block;
-    box-shadow: 0 3px 10px rgba(231, 76, 60, 0.3);
-}
-
-/* Custom Scrollbar */
-::-webkit-scrollbar {
-    width: 8px;
-}
-
-::-webkit-scrollbar-track {
-    background: #f1f1f1;
-    border-radius: 10px;
-}
-
-::-webkit-scrollbar-thumb {
-    background: linear-gradient(135deg, #667eea, #764ba2);
-    border-radius: 10px;
-}
-
-::-webkit-scrollbar-thumb:hover {
-    background: linear-gradient(135deg, #5a6fd8, #6a4c93);
-}
-
-/* Statistics Cards */
-.stat-card {
-    background: white;
-    border-radius: 12px;
-    padding: 1.5rem;
-    text-align: center;
-    box-shadow: 0 4px 12px rgba(0, 0, 0, 0.08);
-    transition: all 0.3s ease;
-    border-top: 4px solid #667eea;
-}
-
-.stat-card:hover {
-    transform: translateY(-3px);
-    box-shadow: 0 8px 25px rgba(0, 0, 0, 0.12);
-}
-
-.stat-number {
-    font-size: 2rem;
-    font-weight: 700;
-    color: #667eea;
-    margin-bottom: 0.5rem;
-}
-
-.stat-label {
-    color: #6c757d;
-    font-weight: 500;
-    text-transform: uppercase;
-    font-size: 0.85rem;
-    letter-spacing: 0.5px;
+.status-box {
+    background: #d4edda !important;
+    border: 1px solid #c3e6cb !important;
+    color: #155724 !important;
+    padding: 10px !important;
+    border-radius: 6px !important;
+    margin: 10px 0 !important;
 }
 """
 
-# Global variables for model management
-model = None
-tokenizer = None
-model_status = "🔄 Initializing..."
+# Global model variables
+pipe = None
+model_status = "🔄 Loading model..."
 
 @spaces.GPU
-def initialize_gpt_oss_safe():
-    """Initialize GPT-OSS-20B with multiple fallback strategies"""
-    global model, tokenizer, model_status
-    
-    strategies = [
-        {
-            "model_id": "openai/gpt-oss-20b",
-            "name": "GPT-OSS-20B (Original)",
-            "config": {
-                "torch_dtype": "auto",
-                "device_map": "auto",
-                "trust_remote_code": True,
-                "low_cpu_mem_usage": True,
-                "use_safetensors": True
-            }
-        },
-        {
-            "model_id": "openai/gpt-oss-20b", 
-            "name": "GPT-OSS-20B (BF16)",
-            "config": {
-                "torch_dtype": torch.bfloat16,
-                "device_map": "auto", 
-                "trust_remote_code": True,
-                "low_cpu_mem_usage": True
-            }
-        },
-        {
-            "model_id": "microsoft/DialoGPT-large",
-            "name": "DialoGPT-Large (Fallback)",
-            "config": {
-                "torch_dtype": torch.float16 if torch.cuda.is_available() else torch.float32,
-                "device_map": "auto" if torch.cuda.is_available() else None
-            }
-        }
+def load_model():
+    """Load the best available model"""
+    global pipe, model_status
+    
+    models_to_try = [
+        "openai/gpt-oss-20b",
+        "microsoft/DialoGPT-large",
+        "microsoft/DialoGPT-medium",
+        "gpt2-large"
     ]
     
-    device = "cuda" if torch.cuda.is_available() else "cpu"
-    
-    for i, strategy in enumerate(strategies):
+    for model_name in models_to_try:
         try:
-            model_id = strategy["model_id"]
-            config = strategy["config"]
-            name = strategy["name"]
+            print(f"🔄 Loading {model_name}...")
             
-            print(f"🔄 Trying {name}...")
-            
-            tokenizer = AutoTokenizer.from_pretrained(
-                model_id, 
-                trust_remote_code=True,
-                use_fast=True
-            )
-            
-            if tokenizer.pad_token is None:
-                tokenizer.pad_token = tokenizer.eos_token
-            
-            model = AutoModelForCausalLM.from_pretrained(
-                model_id,
-                **config
-            )
-            
-            # Test generation
-            test_messages = [{"role": "user", "content": "Test"}]
-            test_pipe = pipeline(
+            pipe = pipeline(
                 "text-generation",
-                model=model,
-                tokenizer=tokenizer,
-                torch_dtype=config.get("torch_dtype", "auto"),
-                device_map="auto" if torch.cuda.is_available() else None
+                model=model_name,
+                torch_dtype="auto",
+                device_map="auto" if torch.cuda.is_available() else None,
+                trust_remote_code=True
             )
             
-            test_pipe(test_messages, max_new_tokens=5, do_sample=False)
+            # Test the model
+            pipe("Test", max_new_tokens=5, do_sample=False)
             
-            model_status = f"✅ {name} loaded successfully on {device}"
-            return f'<div class="status-success">🎉 {model_status}</div>'
+            model_status = f"✅ {model_name} ready"
+            print(model_status)
+            return model_status
             
         except Exception as e:
-            print(f"❌ Strategy {i+1} failed: {str(e)[:100]}")
-            model, tokenizer = None, None
+            print(f"❌ {model_name} failed: {str(e)[:50]}")
             if torch.cuda.is_available():
                 torch.cuda.empty_cache()
             continue
     
-    model_status = "⚠️ Using fallback analysis mode"
-    return f'<div class="status-warning">{model_status}</div>'
+    model_status = "⚠️ Using fallback mode"
+    return model_status
 
-# Enhanced attack scenarios
-ATTACK_SCENARIOS = {
-    "🔄 Lateral Movement": {
-        "description": "Advanced Persistent Threat (APT) - Attacker moving laterally through network after initial compromise",
-        "severity": "Critical",
-        "icon": "🔄",
-        "color": "#dc3545",
-        "alerts": [
-            {
-                "id": "ALR-001",
-                "timestamp": "2025-08-10 14:30:45",
-                "source_ip": "192.168.1.100",
-                "destination_ip": "192.168.1.25", 
-                "user": "corp\\john.doe",
-                "alert_type": "Suspicious Process Execution",
-                "severity": "High",
-                "description": "Unusual PowerShell execution with encoded commands detected",
-                "raw_log": "Process: powershell.exe -WindowStyle Hidden -enc ZXhlYyBjYWxjLmV4ZQ== Parent: winword.exe",
-                "threat_intel": "Base64 encoded PowerShell commonly used by APT29 (Cozy Bear) for initial access",
-                "mitre_tactic": "T1059.001 - PowerShell",
-                "confidence": 85
-            },
-            {
-                "id": "ALR-002", 
-                "timestamp": "2025-08-10 14:35:12",
-                "source_ip": "192.168.1.100",
-                "destination_ip": "192.168.1.50",
-                "user": "corp\\john.doe",
-                "alert_type": "Credential Dumping Attempt",
-                "severity": "Critical",
-                "description": "LSASS memory access detected - possible credential harvesting",
-                "raw_log": "Process: rundll32.exe comsvcs.dll MiniDump [PID] lsass.dmp full",
-                "threat_intel": "LSASS dumping technique associated with credential theft operations",
-                "mitre_tactic": "T1003.001 - LSASS Memory",
-                "confidence": 92
-            },
-            {
-                "id": "ALR-003",
-                "timestamp": "2025-08-10 14:42:18", 
-                "source_ip": "192.168.1.100",
-                "destination_ip": "10.0.0.15",
-                "user": "SYSTEM",
-                "alert_type": "Abnormal Network Connection",
-                "severity": "Medium", 
-                "description": "Connection to unusual internal subnet using stolen credentials",
-                "raw_log": "TCP connection established to 10.0.0.15:445 from 192.168.1.100:51234",
-                "threat_intel": "SMB connections to sensitive subnets often indicate lateral movement",
-                "mitre_tactic": "T1021.002 - SMB/Windows Admin Shares",
-                "confidence": 78
-            }
-        ]
-    },
-    "📧 Phishing Campaign": {
-        "description": "Email-based social engineering attack leading to credential theft and data exfiltration",
-        "severity": "High",
-        "icon": "📧",
-        "color": "#fd7e14",
-        "alerts": [
-            {
-                "id": "ALR-004",
-                "timestamp": "2025-08-10 09:15:30",
-                "source_ip": "203.0.113.50",
-                "destination_ip": "192.168.1.75",
-                "user": "corp\\sarah.wilson",
-                "alert_type": "Malicious Email Detected", 
-                "severity": "High",
-                "description": "Suspicious email with credential harvesting link detected",
-                "raw_log": "From: [email protected] Subject: URGENT: Account Suspended - Verify Now",
-                "threat_intel": "Domain registered 48 hours ago, hosted on bulletproof hosting provider",
-                "mitre_tactic": "T1566.002 - Spearphishing Link",
-                "confidence": 88
-            },
-            {
-                "id": "ALR-005",
-                "timestamp": "2025-08-10 09:45:22",
-                "source_ip": "192.168.1.75", 
-                "destination_ip": "203.0.113.50",
-                "user": "corp\\sarah.wilson",
-                "alert_type": "Credential Submission",
-                "severity": "Critical",
-                "description": "User credentials submitted to suspicious external site",
-                "raw_log": "HTTPS POST to https://203.0.113.50/login.php - Credentials: username=sarah.wilson&password=[REDACTED]",
-                "threat_intel": "IP address hosting multiple phishing kits targeting financial institutions",
-                "mitre_tactic": "T1056.003 - Web Portal Capture",
-                "confidence": 95
-            }
-        ]
-    },
-    "🔒 Ransomware Attack": {
-        "description": "File encryption attack with ransom demand - likely REvil/Sodinokibi variant",
-        "severity": "Critical",
-        "icon": "🔒",
-        "color": "#dc3545",
-        "alerts": [
-            {
-                "id": "ALR-006",
-                "timestamp": "2025-08-10 16:20:10",
-                "source_ip": "192.168.1.85",
-                "destination_ip": "192.168.1.85",
-                "user": "corp\\admin.backup",
-                "alert_type": "Mass File Encryption",
-                "severity": "Critical", 
-                "description": "Rapid file modifications detected across multiple directories",
-                "raw_log": "Files encrypted: 1,247 in C:\\Users\\Documents\\ Extensions changed to: .locked2025",
-                "threat_intel": "Encryption pattern and extension match REvil ransomware family signatures",
-                "mitre_tactic": "T1486 - Data Encrypted for Impact",
-                "confidence": 97
-            },
-            {
-                "id": "ALR-007",
-                "timestamp": "2025-08-10 16:25:33",
-                "source_ip": "192.168.1.85",
-                "destination_ip": "45.33.22.11", 
-                "user": "SYSTEM",
-                "alert_type": "Command and Control Communication",
-                "severity": "High",
-                "description": "Encrypted communication to known ransomware C2 infrastructure",
-                "raw_log": "TLS 1.3 connection established to 45.33.22.11:8443 - Data exchanged: 2.3KB",
-                "threat_intel": "IP address previously associated with REvil ransomware C2 operations",
-                "mitre_tactic": "T1071.001 - Web Protocols",
-                "confidence": 91
-            }
-        ]
-    }
-}
+@spaces.GPU
+def analyze_threat(threat_description, analyst_level):
+    """Simple threat analysis"""
+    
+    if not threat_description.strip():
+        return "Please enter a threat description first.", ""
+    
+    start_time = time.time()
+    
+    # Create simple prompt
+    prompt = f"""As a {analyst_level} cybersecurity analyst, analyze this threat:
 
-def get_severity_class(severity):
-    """Get CSS class for severity level"""
-    classes = {
-        "Critical": "severity-critical",
-        "High": "severity-high", 
-        "Medium": "severity-medium",
-        "Low": "severity-low"
-    }
-    return classes.get(severity, "severity-medium")
+THREAT: {threat_description}
 
-def create_confidence_meter(confidence):
-    """Create a visual confidence meter"""
-    return f"""
-    <div class="confidence-meter">
-        <div class="confidence-fill" style="width: {confidence}%"></div>
-    </div>
-    <small style="color: #6c757d;">{confidence}% Confidence</small>
-    """
+Provide a {analyst_level} level security analysis including:
+- Threat assessment
+- Potential impact
+- Recommended actions
 
-@spaces.GPU
-def generate_analysis_safe(alert_data, analyst_level):
-    """Generate analysis with safe error handling"""
+ANALYSIS:"""
     
-    if not model or not tokenizer:
-        return get_beautiful_fallback(alert_data, analyst_level)
+    if pipe:
+        try:
+            result = pipe(
+                prompt,
+                max_new_tokens=300,
+                do_sample=True,
+                temperature=0.3,
+                top_p=0.9,
+                repetition_penalty=1.1
+            )
+            
+            analysis = result[0]['generated_text'][len(prompt):].strip()
+            
+            if len(analysis) < 30:
+                analysis = get_simple_fallback(threat_description, analyst_level)
+                
+        except Exception as e:
+            analysis = f"AI Error: {str(e)[:100]}\n\n{get_simple_fallback(threat_description, analyst_level)}"
+    else:
+        analysis = get_simple_fallback(threat_description, analyst_level)
     
-    security_prompts = {
-        "L1": f"""As a Level 1 SOC analyst, provide immediate triage for this security alert:
+    processing_time = round(time.time() - start_time, 2)
+    status = f"✅ Analysis completed in {processing_time}s | {model_status}"
+    
+    return analysis, status
 
-Alert: {alert_data['alert_type']} | Severity: {alert_data['severity']}
-Source: {alert_data['source_ip']} → {alert_data['destination_ip']}
-User: {alert_data['user']}
-Evidence: {alert_data['raw_log']}
-MITRE: {alert_data['mitre_tactic']}
+def get_simple_fallback(threat_description, analyst_level):
+    """Simple fallback analysis"""
+    
+    if analyst_level == "L1":
+        return f"""🚨 L1 TRIAGE ANALYSIS
 
-Provide: immediate actions, risk assessment, escalation decision.""",
+THREAT SUMMARY:
+{threat_description}
 
-        "L2": f"""As a Level 2 SOC analyst, investigate this cybersecurity incident:
+IMMEDIATE ACTIONS:
+• Assess severity and scope
+• Document all available evidence  
+• Isolate affected systems if needed
+• Escalate to L2 if severity is high
 
-Alert: {alert_data['alert_type']} | Severity: {alert_data['severity']}
-Network: {alert_data['source_ip']} → {alert_data['destination_ip']}
-User: {alert_data['user']}
-Evidence: {alert_data['raw_log']}
-Intel: {alert_data['threat_intel']}
-MITRE: {alert_data['mitre_tactic']}
-Confidence: {alert_data['confidence']}%
+PRIORITY: Immediate containment and escalation decision required"""
 
-Provide: root cause analysis, investigation steps, threat assessment.""",
+    elif analyst_level == "L2":
+        return f"""🔍 L2 INVESTIGATION ANALYSIS
 
-        "L3": f"""As a senior cybersecurity expert, analyze this sophisticated threat:
+THREAT DETAILS:
+{threat_description}
 
-Attack: {alert_data['description']}
-Evidence: {alert_data['raw_log']}
-Attribution: {alert_data['threat_intel']}
-MITRE: {alert_data['mitre_tactic']}
-Confidence: {alert_data['confidence']}%
+INVESTIGATION STEPS:
+1. Collect and preserve evidence
+2. Analyze attack vectors and methods
+3. Determine scope of compromise
+4. Identify indicators of compromise (IOCs)
+5. Assess potential data exposure
 
-Provide: strategic assessment, attribution analysis, response plan."""
-    }
-    
-    try:
-        prompt = security_prompts.get(analyst_level, security_prompts["L2"])
-        
-        pipe = pipeline(
-            "text-generation",
-            model=model,
-            tokenizer=tokenizer,
-            torch_dtype="auto",
-            device_map="auto" if torch.cuda.is_available() else None
-        )
-        
-        messages = [{"role": "user", "content": prompt}]
-        
-        result = pipe(
-            messages,
-            max_new_tokens=400,
-            do_sample=True,
-            temperature=0.3,
-            top_p=0.9,
-            repetition_penalty=1.1,
-            pad_token_id=tokenizer.eos_token_id
-        )
-        
-        analysis = result[0]["generated_text"][-1]["content"]
-        
-        if len(analysis.strip()) < 50:
-            return get_beautiful_fallback(alert_data, analyst_level)
-        
-        return f"""
-        <div class="analysis-container">
-            <div class="gpt-oss-badge">
-                🤖 OpenAI GPT-OSS-20B Analysis
-            </div>
-            <div style="margin-top: 1rem; line-height: 1.6;">
-                {analysis.strip()}
-            </div>
-            <div style="margin-top: 1rem; padding-top: 1rem; border-top: 1px solid #dee2e6; color: #6c757d; font-size: 0.9rem;">
-                ⚡ Generated using GPT-OSS-20B • 21B parameters • 3.6B active per token
-            </div>
-        </div>
-        """
-        
-    except Exception as e:
-        print(f"Generation error: {e}")
-        return get_beautiful_fallback(alert_data, analyst_level)
+CONTAINMENT:
+• Implement network segmentation
+• Deploy additional monitoring
+• Review authentication logs
+• Check for lateral movement
 
-def get_beautiful_fallback(alert_data, analyst_level):
-    """Beautiful fallback analysis with enhanced styling"""
-    
-    severity_class = get_severity_class(alert_data['severity'])
-    confidence_meter = create_confidence_meter(alert_data['confidence'])
-    
-    templates = {
-        "L1": f"""
-        <div class="alert-card">
-            <div class="section-header">
-                🚨 L1 SOC Triage Analysis
-            </div>
-            
-            <div style="margin: 1rem 0;">
-                <span class="{severity_class}">{alert_data['severity']} Severity</span>
-                <span class="mitre-tag" style="margin-left: 0.5rem;">{alert_data['mitre_tactic']}</span>
-            </div>
-            
-            <div class="network-flow">
-                <div class="network-node">{alert_data['source_ip']}</div>
-                <div class="network-arrow">→</div>
-                <div class="network-node">{alert_data['destination_ip']}</div>
-            </div>
-            
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">⚡ Immediate Actions Required</h4>
-            <div style="background: #fff3cd; padding: 1rem; border-radius: 8px; border-left: 4px solid #ffc107;">
-                <strong>🔒 Containment:</strong> Isolate system {alert_data['source_ip']}<br>
-                <strong>👤 User Action:</strong> Disable account {alert_data['user']}<br>
-                <strong>🌐 Network:</strong> Block connections to {alert_data['destination_ip']}<br>
-                <strong>📝 Documentation:</strong> Preserve logs and evidence
-            </div>
-            
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">📊 Threat Assessment</h4>
-            {confidence_meter}
-            
-            <div style="background: #f8d7da; padding: 1rem; border-radius: 8px; border-left: 4px solid #dc3545; margin-top: 1rem;">
-                <strong>⬆️ Escalation Required:</strong> {alert_data['severity']} severity warrants L2 investigation
-            </div>
-        </div>
-        """,
+NEXT STEPS:
+• Continue monitoring for related activity
+• Update security controls as needed
+• Consider L3 escalation for complex threats"""
 
-        "L2": f"""
-        <div class="alert-card">
-            <div class="section-header">
-                🔍 L2 Investigation Analysis
-            </div>
-            
-            <div style="margin: 1rem 0;">
-                <span class="{severity_class}">{alert_data['severity']} Severity</span>
-                <span class="mitre-tag" style="margin-left: 0.5rem;">{alert_data['mitre_tactic']}</span>
-            </div>
-            
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">🎯 Attack Vector Analysis</h4>
-            <div style="background: #e2e3e5; padding: 1rem; border-radius: 8px;">
-                <strong>Technique:</strong> {alert_data['mitre_tactic']}<br>
-                <strong>Evidence:</strong> {alert_data['raw_log']}<br>
-                <strong>Context:</strong> {alert_data['description']}
-            </div>
-            
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">🔬 Investigation Roadmap</h4>
-            <div class="timeline-item">
-                <strong>1.</strong> Timeline correlation: ±30min window analysis
-            </div>
-            <div class="timeline-item">
-                <strong>2.</strong> User behavior baseline: {alert_data['user']} comparison
-            </div>
-            <div class="timeline-item">
-                <strong>3.</strong> Network flow analysis: {alert_data['source_ip']} → {alert_data['destination_ip']}
-            </div>
-            <div class="timeline-item">
-                <strong>4.</strong> Process tree examination and artifact collection
-            </div>
-            <div class="timeline-item">
-                <strong>5.</strong> Similar IOC hunting across environment
-            </div>
-            
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">📊 Threat Intelligence</h4>
-            {confidence_meter}
-            <div style="background: #d1ecf1; padding: 1rem; border-radius: 8px; border-left: 4px solid #17a2b8; margin-top: 1rem;">
-                <strong>Attribution Context:</strong> {alert_data['threat_intel']}
-            </div>
-        </div>
-        """,
+    else:  # L3
+        return f"""🎯 L3 EXPERT ANALYSIS
 
-        "L3": f"""
-        <div class="alert-card">
-            <div class="section-header">
-                🎯 L3 Expert Strategic Analysis
-            </div>
-            
-            <div style="margin: 1rem 0;">
-                <span class="{severity_class}">{alert_data['severity']} Severity</span>
-                <span class="mitre-tag" style="margin-left: 0.5rem;">{alert_data['mitre_tactic']}</span>
-            </div>
-            
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">🎭 Adversary Assessment</h4>
-            <div style="background: #f8d7da; padding: 1rem; border-radius: 8px;">
-                <strong>Sophistication:</strong> Advanced (based on {alert_data['mitre_tactic']})<br>
-                <strong>Campaign Context:</strong> {alert_data['threat_intel']}<br>
-                <strong>Success Probability:</strong> {alert_data['confidence']}%
-            </div>
-            
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">💼 Business Impact</h4>
-            {confidence_meter}
-            <div style="background: #fff3cd; padding: 1rem; border-radius: 8px; margin-top: 1rem;">
-                <strong>🔴 Executive Notification:</strong> Required for {alert_data['severity']} severity<br>
-                <strong>📋 Regulatory Impact:</strong> Under compliance review<br>
-                <strong>⏰ Response Timeline:</strong> Immediate action required
-            </div>
-            
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">🛡️ Strategic Response Plan</h4>
-            <div class="timeline-item" style="background: #d4edda;">
-                <strong>Immediate:</strong> Threat hunting deployment across infrastructure
-            </div>
-            <div class="timeline-item" style="background: #cce5ff;">
-                <strong>Short-term:</strong> Enhanced monitoring and detection rules
-            </div>
-            <div class="timeline-item" style="background: #e2e3e5;">
-                <strong>Medium-term:</strong> Security architecture review
-            </div>
-            <div class="timeline-item" style="background: #f8d7da;">
-                <strong>Long-term:</strong> Threat intelligence integration
-            </div>
-        </div>
-        """
-    }
-    
-    return templates.get(analyst_level, templates["L2"])
+STRATEGIC THREAT ASSESSMENT:
+{threat_description}
 
-def analyze_alert_beautiful(scenario_name, alert_index, analyst_level):
-    """Enhanced analysis function with beautiful output"""
-    start_time = time.time()
-    
-    if scenario_name not in ATTACK_SCENARIOS:
-        return "❌ Invalid scenario selected.", "", "Error: Invalid scenario"
-    
-    scenario = ATTACK_SCENARIOS[scenario_name]
-    alerts = scenario["alerts"]
-    
-    if alert_index >= len(alerts):
-        return "❌ Invalid alert index.", "", "Error: Invalid alert index"
-    
-    selected_alert = alerts[alert_index]
-    
-    # Generate analysis
-    analysis = generate_analysis_safe(selected_alert, analyst_level)
-    
-    # Create beautiful alert details
-    severity_class = get_severity_class(selected_alert['severity'])
-    confidence_meter = create_confidence_meter(selected_alert['confidence'])
-    
-    alert_details = f"""
-    <div class="alert-card">
-        <div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 1.5rem;">
-            <h3 style="margin: 0; color: #2d3436;">🎫 ALERT {selected_alert['id']}</h3>
-            <small style="color: #6c757d;">🕐 {selected_alert['timestamp']}</small>
-        </div>
-        
-        <div class="network-flow" style="margin: 1rem 0;">
-            <div class="network-node">{selected_alert['source_ip']}</div>
-            <div class="network-arrow">→</div>
-            <div class="network-node">{selected_alert['destination_ip']}</div>
-        </div>
-        
-        <div style="margin: 1rem 0;">
-            <strong>👤 User Account:</strong> {selected_alert['user']}<br>
-            <strong>🎯 Alert Type:</strong> {selected_alert['alert_type']}<br>
-        </div>
-        
-        <div style="margin: 1.5rem 0;">
-            <span class="{severity_class}">{selected_alert['severity']}</span>
-            <span class="mitre-tag" style="margin-left: 0.5rem;">{selected_alert['mitre_tactic']}</span>
-        </div>
-        
-        <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">📝 Description</h4>
-        <div style="background: #f8f9fa; padding: 1rem; border-radius: 8px; border-left: 4px solid #6c757d;">
-            {selected_alert['description']}
-        </div>
-        
-        <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">🔍 Technical Evidence</h4>
-        <div style="background: #2d3436; color: #ffffff; padding: 1rem; border-radius: 8px; font-family: 'Courier New', monospace; font-size: 0.9rem; overflow-x: auto;">
-            {selected_alert['raw_log']}
-        </div>
-        
-        <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">🧠 Threat Intelligence</h4>
-        <div style="background: #d1ecf1; padding: 1rem; border-radius: 8px; border-left: 4px solid #17a2b8;">
-            {selected_alert['threat_intel']}
-        </div>
-        
-        <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">📊 Confidence Assessment</h4>
-        {confidence_meter}
-    </div>
-    """
-    
-    processing_time = round(time.time() - start_time, 2)
-    device_info = "GPU" if torch.cuda.is_available() else "CPU"
-    status = f"""
-    <div class="status-success">
-        ✅ {analyst_level} analysis completed in {processing_time}s | Device: {device_info} | {model_status}
-    </div>
-    """
-    
-    return alert_details, analysis, status
+ADVANCED ANALYSIS:
+• Threat actor attribution assessment
+• Campaign analysis and TTPs
+• Business impact evaluation
+• Risk quantification
 
-def get_beautiful_scenario_info(scenario_name):
-    """Create beautiful scenario information display"""
-    if scenario_name in ATTACK_SCENARIOS:
-        scenario = ATTACK_SCENARIOS[scenario_name]
-        
-        info = f"""
-        <div class="content-card">
-            <div class="section-header">
-                {scenario['icon']} Attack Scenario: {scenario_name}
-            </div>
-            
-            <div style="margin: 1.5rem 0;">
-                <div class="stat-card" style="display: inline-block; margin-right: 1rem; min-width: 150px;">
-                    <div class="stat-number">{len(scenario['alerts'])}</div>
-                    <div class="stat-label">Security Events</div>
-                </div>
-                <span class="{get_severity_class(scenario['severity'])}" style="vertical-align: top;">
-                    {scenario['severity']} Severity
-                </span>
-            </div>
-            
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">📋 Scenario Description</h4>
-            <div style="background: #f8f9fa; padding: 1.5rem; border-radius: 12px; border-left: 5px solid {scenario.get('color', '#667eea')};">
-                {scenario['description']}
-            </div>
-            
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">🔍 Alert Timeline</h4>
-        """
-        
-        for i, alert in enumerate(scenario['alerts']):
-            severity_class = get_severity_class(alert['severity'])
-            info += f"""
-            <div class="timeline-item" style="margin: 0.5rem 0;">
-                <div style="display: flex; justify-content: space-between; align-items: center;">
-                    <div>
-                        <strong>[{i+1}] {alert['timestamp']}</strong> - {alert['alert_type']}
-                    </div>
-                    <div>
-                        <span class="{severity_class}" style="font-size: 0.7rem; padding: 2px 8px;">
-                            {alert['severity']}
-                        </span>
-                        <span style="margin-left: 0.5rem; color: #6c757d; font-size: 0.8rem;">
-                            {alert['confidence']}% confidence
-                        </span>
-                    </div>
-                </div>
-            </div>
-            """
-        
-        info += """
-            <h4 style="color: #2d3436; margin: 1.5rem 0 1rem 0;">🤖 AI Analysis Capabilities</h4>
-            <div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1rem; margin-top: 1rem;">
-                <div class="stat-card">
-                    <div style="font-size: 1.5rem; margin-bottom: 0.5rem;">🧠</div>
-                    <div class="stat-label">GPT-OSS-20B Reasoning</div>
-                </div>
-                <div class="stat-card">
-                    <div style="font-size: 1.5rem; margin-bottom: 0.5rem;">⚡</div>
-                    <div class="stat-label">Multi-Strategy Loading</div>
-                </div>
-                <div class="stat-card">
-                    <div style="font-size: 1.5rem; margin-bottom: 0.5rem;">🛡️</div>
-                    <div class="stat-label">Robust Error Handling</div>
-                </div>
-                <div class="stat-card">
-                    <div style="font-size: 1.5rem; margin-bottom: 0.5rem;">🎯</div>
-                    <div class="stat-label">Expert Templates</div>
-                </div>
-            </div>
-        </div>
-        """
-        
-        return info
-    return '<div class="status-warning">⚠️ No scenario selected. Please choose an attack scenario to begin analysis.</div>'
+STRATEGIC RESPONSE:
+• Coordinate incident response team
+• Executive briefing preparation
+• Regulatory compliance review
+• Long-term security posture improvements
+
+RECOMMENDATIONS:
+• Implement advanced threat hunting
+• Enhance detection capabilities
+• Review security architecture
+• Consider external forensics support"""
 
-# Create beautiful Gradio interface
-with gr.Blocks(title="SOC Assistant - Beautiful Edition", theme=gr.themes.Soft(), css=beautiful_css) as demo:
+# Create simple interface
+with gr.Blocks(title="Simple SOC Analyzer", theme=gr.themes.Soft(), css=simple_css) as demo:
     
-    # Header
-    gr.HTML("""
-    <div class="header-container">
-        <div style="text-align: center;">
-            <h1 style="margin: 0; font-size: 2.5rem; background: linear-gradient(135deg, #667eea, #764ba2); -webkit-background-clip: text; -webkit-text-fill-color: transparent; font-weight: 700;">
-                🛡️ SOC LLM Assistant
-            </h1>
-            <p style="margin: 0.5rem 0 0 0; font-size: 1.2rem; color: #6c757d; font-weight: 400;">
-                Beautiful Edition • Powered by GPT-OSS-20B
-            </p>
-            <div class="gpt-oss-badge" style="margin-top: 1rem;">
-                🚀 Multi-Strategy AI Model Loading • Enhanced UI/UX
-            </div>
-        </div>
-    </div>
+    # Simple header
+    gr.Markdown("""
+    # 🛡️ SOC Threat Analyzer
+    **Simple • Fast • Effective**
+    
+    Enter any security threat and get instant AI analysis.
     """)
     
-    # Model status display
-    status_display = gr.HTML('<div class="status-warning">🔄 Initializing AI models...</div>')
+    # Model status
+    status_display = gr.Textbox(
+        value="🔄 Loading model...",
+        label="System Status",
+        interactive=False,
+        elem_classes=["status-box"]
+    )
     
+    # Main interface
     with gr.Row():
-        # Left Panel - Controls
-        with gr.Column(scale=1, min_width=350):
-            gr.HTML('<div class="section-header">🎮 Attack Simulation Control</div>')
-            
-            scenario_dropdown = gr.Dropdown(
-                choices=list(ATTACK_SCENARIOS.keys()),
-                label="🎭 Select Attack Scenario",
-                value="🔄 Lateral Movement",
-                interactive=True,
-                elem_classes=["custom-input"]
-            )
-            
-            scenario_info = gr.HTML()
-            
-            gr.HTML('<div style="margin: 2rem 0 1rem 0; height: 2px; background: linear-gradient(90deg, #667eea, #764ba2); border-radius: 2px;"></div>')
-            gr.HTML('<div class="section-header">⚙️ Analysis Configuration</div>')
-            
-            alert_slider = gr.Slider(
-                minimum=0,
-                maximum=2,
-                step=1,
-                value=0,
-                label="📋 Alert Selection",
-                info="Choose which alert from the scenario to analyze",
-                elem_classes=["custom-input"]
+        with gr.Column(scale=1):
+            
+            # Threat input
+            threat_input = gr.Textbox(
+                label="🚨 Describe the Security Threat",
+                placeholder="Example: Suspicious PowerShell execution detected on user workstation with encoded commands...",
+                lines=5,
+                elem_classes=["threat-input"]
             )
             
+            # Analysis level
             analyst_level = gr.Radio(
                 choices=["L1", "L2", "L3"],
-                label="👤 Analyst Experience Level",
                 value="L2",
-                info="🔹 L1: Triage • 🔹 L2: Investigation • 🔹 L3: Expert Analysis",
-                elem_classes=["custom-input"]
+                label="Analysis Level",
+                info="L1: Quick Triage • L2: Detailed Investigation • L3: Strategic Analysis"
             )
             
+            # Analyze button
             analyze_btn = gr.Button(
-                "🚀 Analyze Alert with AI", 
+                "🔍 Analyze Threat",
                 variant="primary",
                 size="lg",
-                elem_classes=["primary-button"]
+                elem_classes=["analyze-btn"]
             )
             
-            init_btn = gr.Button(
-                "🔄 Reinitialize Models",
-                variant="secondary",
-                elem_classes=["secondary-button"]
-            )
-            
-            gr.HTML('<div style="margin: 2rem 0 1rem 0; height: 2px; background: linear-gradient(90deg, #667eea, #764ba2); border-radius: 2px;"></div>')
-            gr.HTML("""
-            <div class="content-card">
-                <div class="section-header">🔧 System Features</div>
-                <div style="margin-top: 1rem;">
-                    <div class="timeline-item" style="background: rgba(102, 126, 234, 0.1);">
-                        <strong>🧠 GPT-OSS-20B:</strong> OpenAI's latest reasoning model
-                    </div>
-                    <div class="timeline-item" style="background: rgba(40, 167, 69, 0.1);">
-                        <strong>⚡ Multi-Strategy:</strong> Automatic model fallback
-                    </div>
-                    <div class="timeline-item" style="background: rgba(253, 126, 20, 0.1);">
-                        <strong>🛡️ Error Recovery:</strong> Robust failure handling  
-                    </div>
-                    <div class="timeline-item" style="background: rgba(220, 53, 69, 0.1);">
-                        <strong>🎯 Expert Analysis:</strong> High-quality templates
-                    </div>
-                </div>
-            </div>
+            # Quick examples
+            gr.Markdown("""
+            ### 📝 Quick Examples:
+            - Suspicious email with malicious attachment
+            - Unusual network traffic to external IP
+            - User account showing signs of compromise
+            - Ransomware indicators detected on server
+            - Failed login attempts from multiple locations
             """)
         
-        # Right Panel - Results
         with gr.Column(scale=2):
-            gr.HTML('<div class="section-header">📋 Security Alert Details</div>')
-            alert_output = gr.HTML(
-                '<div class="content-card"><p style="text-align: center; color: #6c757d; padding: 2rem;">Alert details will appear here after analysis...</p></div>'
-            )
             
-            gr.HTML('<div class="section-header">🤖 AI-Powered Security Analysis</div>')
-            analysis_output = gr.HTML(
-                '<div class="content-card"><p style="text-align: center; color: #6c757d; padding: 2rem;">AI analysis will appear here after processing...</p></div>'
+            # Analysis output
+            analysis_output = gr.Textbox(
+                label="🤖 Security Analysis",
+                lines=20,
+                interactive=False,
+                elem_classes=["analysis-output"],
+                placeholder="Analysis will appear here..."
             )
             
-            status_output = gr.HTML()
+            # Processing status
+            process_status = gr.Textbox(
+                label="Processing Status",
+                interactive=False,
+                lines=1
+            )
     
-    # Footer
-    gr.HTML("""
-    <div class="content-card" style="margin-top: 2rem; text-align: center;">
-        <h3 style="color: #2d3436; margin-bottom: 1rem;">🎯 Enhanced Features</h3>
-        <div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(250px, 1fr)); gap: 1rem;">
-            <div class="stat-card">
-                <div style="font-size: 2rem; margin-bottom: 0.5rem;">🎨</div>
-                <div class="stat-label">Beautiful Design</div>
-                <p style="margin-top: 0.5rem; font-size: 0.8rem; color: #6c757d;">Modern, responsive UI with glassmorphism effects</p>
-            </div>
-            <div class="stat-card">
-                <div style="font-size: 2rem; margin-bottom: 0.5rem;">🚀</div>
-                <div class="stat-label">GPT-OSS Integration</div>
-                <p style="margin-top: 0.5rem; font-size: 0.8rem; color: #6c757d;">Latest OpenAI open-weight reasoning model</p>
-            </div>
-            <div class="stat-card">
-                <div style="font-size: 2rem; margin-bottom: 0.5rem;">🔧</div>
-                <div class="stat-label">Smart Fallbacks</div>
-                <p style="margin-top: 0.5rem; font-size: 0.8rem; color: #6c757d;">Automatic error recovery and model switching</p>
-            </div>
-            <div class="stat-card">
-                <div style="font-size: 2rem; margin-bottom: 0.5rem;">📊</div>
-                <div class="stat-label">Rich Analytics</div>
-                <p style="margin-top: 0.5rem; font-size: 0.8rem; color: #6c757d;">Visual confidence meters and threat timelines</p>
-            </div>
-        </div>
-        <div style="margin-top: 2rem; padding-top: 1.5rem; border-top: 1px solid #dee2e6; color: #6c757d;">
-            <strong>👨‍🎓 Research:</strong> Abdullah Alanazi | <strong>🏛️ Institution:</strong> KAUST | <strong>👨‍🏫 Supervisor:</strong> Prof. Ali Shoker
-        </div>
-    </div>
+    # Quick action buttons
+    with gr.Row():
+        gr.Button("💾 Save Analysis", variant="secondary", size="sm")
+        gr.Button("📧 Email Report", variant="secondary", size="sm") 
+        gr.Button("🔄 Clear All", variant="secondary", size="sm")
+    
+    # Simple footer
+    gr.Markdown("""
+    ---
+    **💡 Tips:** Be specific about what you observed, include timestamps, IP addresses, user accounts, or file names when available.
     """)
     
     # Event handlers
-    scenario_dropdown.change(
-        fn=get_beautiful_scenario_info,
-        inputs=[scenario_dropdown],
-        outputs=[scenario_info]
-    )
-    
-    def update_slider_max(scenario_name):
-        if scenario_name in ATTACK_SCENARIOS:
-            max_alerts = len(ATTACK_SCENARIOS[scenario_name]["alerts"]) - 1
-            return gr.Slider(maximum=max_alerts, value=0)
-        return gr.Slider(maximum=2, value=0)
-    
-    scenario_dropdown.change(
-        fn=update_slider_max,
-        inputs=[scenario_dropdown], 
-        outputs=[alert_slider]
-    )
-    
     analyze_btn.click(
-        fn=analyze_alert_beautiful,
-        inputs=[scenario_dropdown, alert_slider, analyst_level],
-        outputs=[alert_output, analysis_output, status_output]
-    )
-    
-    init_btn.click(
-        fn=initialize_gpt_oss_safe,
-        outputs=[status_display]
-    )
-    
-    # Initialize on startup
-    demo.load(
-        fn=get_beautiful_scenario_info,
-        inputs=[scenario_dropdown],
-        outputs=[scenario_info]
+        fn=analyze_threat,
+        inputs=[threat_input, analyst_level],
+        outputs=[analysis_output, process_status]
     )
     
+    # Initialize model on startup
     demo.load(
-        fn=initialize_gpt_oss_safe,
+        fn=load_model,
         outputs=[status_display]
     )
 
 if __name__ == "__main__":
-    demo.launch(
-        share=True,
-        server_name="0.0.0.0",
-        server_port=7860,
-        show_error=True
-    )
+    demo.launch(share=True)