Merge pull request #174 from NVIDIA/security-analyst-digital-human

Security analyst digital human

community/README.md

@@ -55,6 +55,11 @@ Community examples are sample code and deployments for RAG pipelines that are no
 
   This example demonstrates how NVIDIA Morpheus, NIM microservices, and RAG pipelines can be integrated to create LLM-based agent pipelines. These pipelines will be used to automatically and scalably traige and detect Common Vulnerabilities and Exposures (CVEs) in Docker containers using references to source code, dependencies, and information about the CVEs.
 
+* [Digital Human Security Analyst with NVIDIA Morpheus](./digital-human-security-analyst/)
+
+  In this example, we create a RAG enabled co-pilot for Security Operation Center analysts, with speech and facial animation. This tutorial can be applied to any use case where data retrieval and synthesis can be simple but tedious (ie. writing reports from multiple numerical datasources, or customer service requiring data lookup). We cover data ingestion, multi-step agentic reasoning, RAG, speech input/output, and digital human face animation using the [Morpheus cybersecurity SDK](https://developer.nvidia.com/morpheus-cybersecurity), [LLM NIMs](https://build.nvidia.com/meta/llama-3_1-8b-instruct), [NeMo Retriever](https://www.nvidia.com/en-us/ai-data-science/products/nemo/), [Riva Speech Services](https://developer.nvidia.com/riva), and [ACE Audio2Face](https://build.nvidia.com/nvidia/audio2face) respectively.
+
+
 * [NVIDIA Knowledge Graph RAG](./knowledge_graph_rag)
 
   This example implements a GPU-accelerated pipeline for creating and querying knowledge graphs using Retrieval-Augmented Generation (RAG). The approach leverages NVIDIA's AI technologies and RAPIDS ecosystem to process large-scale datasets efficiently. It allows users to interact through a chat interface and also visualize the corresponding knowledge graph, and perform evaluations against synthetic data generated with NVIDIA's Nemotron-4 340B model.

community/digital-human-security-analyst/.env

@@ -0,0 +1,5 @@
+NGC_API_KEY="YOUR API KEY"
+
+EMBED_KEY=${NGC_API_KEY}
+RERANK_KEY=${NGC_API_KEY}
+

community/digital-human-security-analyst/conda_env.yml

@@ -0,0 +1,38 @@
+# SPDX-FileCopyrightText: Copyright (c) 2021-2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: morpheus
+channels:
+    - rapidsai
+    - nvidia
+    - nvidia/label/dev # For pre-releases of MRC. Should still default to full releases if available
+    - conda-forge
+dependencies:
+    ####### Morpheus Dependencies (keep sorted!) #######
+    - boto3
+    - dask
+    - dill
+    - distributed
+    - kfp
+    - librdkafka
+    - mlflow>=2.10.0,<3
+    - nodejs=18.*
+    - nvtabular=23.06
+    - papermill
+    - s3fs>=2023.6
+
+    ##### Pip Dependencies (keep sorted!) #######
+    - pip:
+        - python-logging-loki

community/digital-human-security-analyst/docker-compose.yml

@@ -0,0 +1,101 @@
+# SPDX-FileCopyrightText: Copyright (c) 2022-2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+version: '3.3'
+
+services:
+
+  mlflow:
+    restart: always
+    build: ./mlflow
+    image: mlflow_server
+    container_name: mlflow_server_security_analyst
+    ports:
+      - "5000:5000"
+    networks:
+      - frontend
+      - backend
+    command: mlflow server --gunicorn-opts "--log-level debug" --backend-store-uri sqlite:////opt/mlflow/dbdata/mlflow.db --serve-artifacts --artifacts-destination /opt/mlflow/artifacts --host 0.0.0.0
+    # Run the container with this command to upgrade if needed: mlflow db upgrade sqlite:////opt/mlflow/dbdata/mlflow.db
+    volumes:
+      - db_data:/opt/mlflow/dbdata
+      - mlflow_data:/opt/mlflow/artifacts
+
+  # nim-llm:
+  #   image: nvcr.io/nim/meta/llama3-8b-instruct:1.0.0
+  #   runtime: nvidia
+  #   ulimits: 
+  #     memlock: -1
+  #     stack: 67108864
+  #   environment:
+  #     - NGC_API_KEY=${NGC_API_KEY}
+  #     - CUDA_VISIBLE_DEVICES=4
+  #   ports:
+  #     - 8000:8000
+  #   networks:
+  #     - frontend
+  #     - backend
+  #   volumes:
+  #     - type: bind
+  #       source: /raid/nim/cache
+  #       target: /nim/.cache
+
+  jupyter:
+    restart: always
+    build:
+      context: ./
+      dockerfile: ./docker/Dockerfile.morpheus
+      args:
+        - MORPHEUS_CONTAINER=${MORPHEUS_CONTAINER:-nvcr.io/nvidia/morpheus/morpheus}
+        - MORPHEUS_CONTAINER_VERSION=${MORPHEUS_CONTAINER_VERSION:-v24.03.02-runtime}
+    deploy:
+      resources:
+        reservations:
+          devices:
+          - driver: nvidia
+            device_ids: ['2']
+            capabilities: [gpu]
+    image: morpheus_jupyter
+    container_name: jupyter_security_analyst
+    ports:
+      - "8888:8888"
+    networks:
+      - frontend
+      - backend
+    command: jupyter-lab --no-browser --allow-root --ip='*'
+    volumes:
+      - .:/workspace/examples/digital_fingerprinting/production/morpheus
+    depends_on:
+      - mlflow
+      # - nim-llm
+    profiles:
+      - dev
+    cap_add:
+      - sys_nice
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    environment:
+      - OPENAI_API_KEY=${NGC_API_KEY}
+
+networks:
+  frontend:
+    driver: bridge
+  backend:
+    driver: bridge
+
+volumes:
+  db_data:
+  mlflow_data:

community/digital-human-security-analyst/docker/Dockerfile.morpheus

@@ -0,0 +1,21 @@
+ARG MORPHEUS_CONTAINER=nvcr.io/nvidia/morpheus/morpheus
+ARG MORPHEUS_CONTAINER_VERSION=v24.03.00-runtime
+
+FROM ${MORPHEUS_CONTAINER}:${MORPHEUS_CONTAINER_VERSION} as base
+
+# Install the jupyter specific requirements
+RUN source activate morpheus \
+   && mamba install -y -c conda-forge \
+        ipywidgets=8.0.7 \
+        nb_conda_kernels=2.3.1 \
+    && pip install flask[async]==3.0.0 progress==1.6 \
+        graphviz==0.10 jupyterlab \
+    && apt update \
+    && apt install -y graphviz libgraphviz-dev \
+    && conda clean -afy \
+    && rm -rf /var/lib/apt/lists/*
+
+ENTRYPOINT [ "/opt/conda/bin/tini", "--", "/workspace/docker/entrypoint.sh" ]
+
+SHELL ["/bin/bash", "-c"]
+

community/digital-human-security-analyst/docker/entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Activate "morpheus" conda environment
+. /opt/conda/etc/profile.d/conda.sh
+conda activate morpheus
+
+# Run whatever user wants
+exec "$@"

community/digital-human-security-analyst/docker/start_jupyter.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+nohup jupyter-lab --allow-root --ip=0.0.0.0 --port=8888 --no-browser --NotebookApp.token='' > /dev/null 2>&1 &

community/digital-human-security-analyst/mlflow/Dockerfile

@@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: Copyright (c) 2021-2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM python:3.10-slim-buster
+
+# Install curl for health check
+RUN apt update && \
+    apt install -y --no-install-recommends \
+        curl libyaml-cpp-dev libyaml-dev && \
+    apt autoremove -y && \
+    apt clean all && \
+    rm -rf /var/cache/apt/* /var/lib/apt/lists/*
+
+# Install python packages
+RUN pip install "mlflow >=2.10.0,<3" boto3 pymysql pyyaml
+
+# We run on port 5000
+EXPOSE 5000
+
+HEALTHCHECK CMD curl -f http://localhost:5000/health || exit 1

community/digital-human-security-analyst/workspace/dfp/__init__.py

@@ -0,0 +1,13 @@
+# Copyright (c) 2022-2024, NVIDIA CORPORATION.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.