Server.Enrichment.Ollama :: Velociraptor

Server.Enrichment.Ollama

This artifact allows enrichment using Ollama AI.

Paramaters:

PrePrompt - Is initial prompt default is: “You are a Cyber Incident Responder and need to analyze data. You have an eye for detail and like to use short precise technical language. Analyze the following data and provide summary analysis:”
Prompt - Is secondary prompt, good practice is add some strings related to the type of data for analysis or artifact name to provide context.
PromptData - add object to be serialized and added to the prompt.
Model - Model to use for your request.
TargetUri - Ollama target URI
MaxPromptSize - If set will cut the final prompt to this size in bytes to assist maintaining context limits

This artifact can be called from within another artifact (such as one looking for files) to enrich the data made available by that artifact.


name: Server.Enrichment.Ollama
author: Matt Green - @mgreen27
description: |
  This artifact allows enrichment using Ollama AI. 
  
  Paramaters:
  
  * `PrePrompt` - Is initial prompt default is: "You are a Cyber Incident 
  Responder and need to analyze data. You have an eye for detail and like to use 
  short precise technical language. Analyze the following data and provide 
  summary analysis:"  
  * `Prompt` - Is secondary prompt, good practice is add some strings related to 
  the type of data for analysis or artifact name to provide context.
  * `PromptData` - add object to be serialized and added to the prompt.
  * `Model` - Model to use for your request.
  * `TargetUri` - Ollama target URI
  * `MaxPromptSize` - If set will cut the final prompt to this size in bytes to 
  assist maintaining context limits
  
  This artifact can be called from within another artifact (such as one looking 
  for files) to enrich the data made available by that artifact.

type: SERVER

parameters:
    - name: PrePrompt
      type: string
      description: A prefix to be used with the prompt. For example, when asking a question, then providing data separately
      default: 'You are a Cyber Incident Responder and need to analyze data. You have an eye for detail and like to use short precise technical language. Analyze the following data and provide summary analysis:  '
    - name: Prompt
      type: string
      description: A prompt - added to the middle of an AI request.
      default: "Add name of data here - e.g Windows.Forensics.Prefetch"
    - name: PromptData
      type: string
      description: The data sent to Ollama - this data is serialised and added to the prompt
    - name: Model
      type: string
      description: The model used for processing the prompt
      default: 'mistral'
    - name: TargetUri
      type: string
      description: TargetUri to send request
      default: "http://127.0.0.1:11434/api/generate"
    - name: MaxPromptSize
      type: int
      description: Will limit your prompt to this size in bytes. Helps maintain context sizes.


sources:
  - query: |
        LET FinalPrompt = if(condition= MaxPromptSize, 
            then = (PrePrompt + " " + Prompt + " " + serialize(item=PromptData))[:MaxPromptSize],
            else= PrePrompt + " " + Prompt + " " + serialize(item=PromptData) )
        
        SELECT FinalPrompt AS Prompt, 
            parse_json(data=Content).response AS ResponseText,
            parse_json(data=Content) AS ResponseDetails
        FROM http_client(
            url=TargetUri,
            headers=dict(`Content-Type`="application/json"),
            method="POST",
            data=dict(model=Model, prompt=FinalPrompt, stream=false)
        )