Skip to content

v2.3.4 Polish: visuals, donuts+heatmap, evidence CSV, README/CHANGELOG #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LuCamachoJr merged 2 commits into from
Nov 3, 2025
Merged

v2.3.4 Polish: visuals, donuts+heatmap, evidence CSV, README/CHANGELOG #2

LuCamachoJr merged 2 commits into from
Nov 3, 2025

Conversation

@LuCamachoJr
Copy link
Owner

@LuCamachoJr LuCamachoJr commented Nov 3, 2025

Pull Request — ForenSynth AI v2.3.4 (Polish)

Summary

This PR delivers v2.3.4 (Polish) — a visual and UX refresh, improved runtime stability, and evidence export enhancements for large detection hunts.

Changes

🖥️ Visuals

  • Added 3× donut charts by MITRE ATT&CK phase (counts + percentages).
  • Introduced “Unmapped / Multiple” segment for detections outside canonical phase mapping.
  • Updated heatmap with caption, legend, and consistent blue palette for visual continuity.
  • Added EventID footnote — quick reference for common IDs
    (e.g., 1 = Sysmon Process Create, 13 = Registry, 4104 = PowerShell ScriptBlock).

📊 Reporting

  • New Evidence CSV export (IOCs + entity tables for pivoting).
  • Displays actual OpenAI billing usage tokens (input/output) in the cost section for accuracy.
  • Added micro-cap governor + “Selected micros: N / M” banner for bounded cost and predictable runtime.
  • Inline billing summary with live token and dollar conversion.

📘 Documentation

  • Updated README.md with new CLI flags and quick-start usage examples.
  • Added CHANGELOG.md entry for v2.3.4.
  • Added new run artifacts under examples/2025-10-26-polish-run/.

Motivation

Improves executive readability and visual appeal while stabilizing runtime and cost performance for large detection datasets (1k–3k+ detections).
Provides reproducible, pivotable evidence tables and cost transparency for DFIR analysts.

Run Example

python3 src/forensynth_ai_v2_3_4_polish.py \
  --two-pass --micro-workers 3 --rpm 90 --chunk-size 90 \
  --llm-timeout 60 --llm-retries 2 --stream off \
  --make-html --branding on --toc on --chart-style both \
  --max-input-tokens 60000 --integrity on \
  --limit-detections 1000 --sample-step 3

Testing

  • Verified full HTML rendering with legend, captions, and donut charts.

  • Token cost validated against OpenAI dashboard usage data.

  • Confirmed CSV export and runtime stability with 1k – 2.7k detection samples.

  • Tested both single- and two-pass summarization modes under --integrity on.

Notes

  • Backward compatible: previous versions run unchanged unless new flags are used.

  • No sensitive data in sample artifacts.

  • CSV / JSON / HTML outputs stored under examples/2025-10-26-polish-run/.

CHANGELOG.md Snippet

[2.3.4] – 2025-10-26

Added

  • Evidence CSV export with IOC + entity data.
  • Three MITRE-phase donut charts (counts + percentages) with “Unmapped / Multiple” bucket.
  • Heatmap caption + legend; EventID reference footnote.
  • Actual OpenAI usage tokens and cost breakdown in report footer.

Changed

  • Introduced micro-cap governor + Selected-micros banner to stabilize runtime and cost.
  • Updated README with new flags / usage examples.
  • Added new example artifacts and screenshots.

Fixed

  • Minor HTML truncation and legend readability on low-DPI systems.

Artifacts

  • 📄 examples/2025-11-2-polish-run/forensynth_summary_2025-11-02.md

  • 🌐 examples/2025-11-2-polish-run/forensynth_report_2025-11-02.html

  • 📊 examples/2025-11-2-polish-run/evidence_2025-11-02.csv

  • 🧩 examples/2025-11-2-polish-run/detections.json

  • 🖼️ Screenshots under samples/runs/

@LuCamachoJr LuCamachoJr merged commit 2abaa4c into main Nov 3, 2025
0 of 2 checks passed
LuCamachoJr added a commit that referenced this pull request Nov 4, 2025
@LuCamachoJr
This PR tracks the v2.3.4 polish release. (#4)
7f62d34 
* v2.3.4 Polish: visuals, donuts+heatmap, evidence CSV, README/CHANGELOG (#2)

* POC: add post-hunt sampling (--limit-detections, --sample-step) to bound runtime/cost

* v2.3.4: add polish.py, examples (md/html/csv/json), screenshots; update README & CHANGELOG

* fix: remove stray Unicode banner line; format v2.3.3 for CI

* chore: auto-fix with ruff/black and remove unicode banner (#3)

* POC: add post-hunt sampling (--limit-detections, --sample-step) to bound runtime/cost

* v2.3.4: add polish.py, examples (md/html/csv/json), screenshots; update README & CHANGELOG

* fix: remove stray Unicode banner line; format v2.3.3 for CI

* chore: auto-fix with ruff/black and remove unicode banner causing syntax error

* Update ForenSynth_ai_v2_3_3_visual.py

* style: apply ruff/black after rebase
LuCamachoJr added a commit that referenced this pull request Nov 4, 2025
@LuCamachoJr
feat: sampling POC (merged with main)" -b "Merge main into feature br…
9cbd4e5 
…anch; resolves drift. (#5)

* v2.3.4 Polish: visuals, donuts+heatmap, evidence CSV, README/CHANGELOG (#2)

* POC: add post-hunt sampling (--limit-detections, --sample-step) to bound runtime/cost

* v2.3.4: add polish.py, examples (md/html/csv/json), screenshots; update README & CHANGELOG

* fix: remove stray Unicode banner line; format v2.3.3 for CI

* chore: auto-fix with ruff/black and remove unicode banner (#3)

* POC: add post-hunt sampling (--limit-detections, --sample-step) to bound runtime/cost

* v2.3.4: add polish.py, examples (md/html/csv/json), screenshots; update README & CHANGELOG

* fix: remove stray Unicode banner line; format v2.3.3 for CI

* chore: auto-fix with ruff/black and remove unicode banner causing syntax error

* Update ForenSynth_ai_v2_3_3_visual.py

* style: apply ruff/black after rebase
@LuCamachoJr LuCamachoJr mentioned this pull request Nov 4, 2025
Merged
LuCamachoJr added a commit that referenced this pull request Nov 4, 2025
@LuCamachoJr
feat: sampling POC (merged with main)" -b "Merge main into feature br…
322283c 
…anch; resolves drift. (#5) (#7)

* v2.3.4 Polish: visuals, donuts+heatmap, evidence CSV, README/CHANGELOG (#2)

* POC: add post-hunt sampling (--limit-detections, --sample-step) to bound runtime/cost

* v2.3.4: add polish.py, examples (md/html/csv/json), screenshots; update README & CHANGELOG

* fix: remove stray Unicode banner line; format v2.3.3 for CI

* chore: auto-fix with ruff/black and remove unicode banner (#3)

* POC: add post-hunt sampling (--limit-detections, --sample-step) to bound runtime/cost

* v2.3.4: add polish.py, examples (md/html/csv/json), screenshots; update README & CHANGELOG

* fix: remove stray Unicode banner line; format v2.3.3 for CI

* chore: auto-fix with ruff/black and remove unicode banner causing syntax error

* Update ForenSynth_ai_v2_3_3_visual.py

* style: apply ruff/black after rebase
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LuCamachoJr