key findings
This commit is contained in:
@@ -211,6 +211,63 @@ def get_controls_for_risk(risk, organization):
|
||||
break
|
||||
return selected_controls if len(selected_controls) == 10 else []
|
||||
|
||||
def generate_key_findings(document, top_10_risks):
|
||||
|
||||
client = OpenAI(api_key=settings.OPENAI_API_KEY)
|
||||
|
||||
|
||||
def extract_organization_details(organization):
|
||||
excluded_fields = {"email"}
|
||||
risk_data = {}
|
||||
|
||||
for field in organization._meta.get_fields():
|
||||
if field.name not in excluded_fields and hasattr(organization, field.name):
|
||||
value = getattr(organization, field.name)
|
||||
if value:
|
||||
help_text = getattr(field, 'help_text', '').strip()
|
||||
key = help_text if help_text else field.name
|
||||
risk_data[key] = value
|
||||
return risk_data
|
||||
|
||||
organization_details = extract_organization_details(document.organization)
|
||||
|
||||
prompt = f"""
|
||||
You are an AI assistant tasked with generating a "Key Findings" section for a cybersecurity assessment report. Your output must be structured precisely, extracting and presenting the top 3 risks.
|
||||
|
||||
From the following list of risks, select the 3 most critical for the organization and generate the as specified.
|
||||
|
||||
List of risks:
|
||||
{top_10_risks}
|
||||
Organization details:
|
||||
{organization_details}
|
||||
|
||||
Introduction: The description field must begin with the following exact text:
|
||||
"The assessment revealed several areas where { document.organization.name } faces heightened cybersecurity risks. These risks pose significant threats to operational continuity, sensitive data, and regulatory compliance. The top risks identified are:"
|
||||
|
||||
Risk Presentation:
|
||||
Identify the top 3 risks from the list above.
|
||||
For each of these top 3 risks, present it as a bulleted item within the description field, following this format:
|
||||
"- [Risk Name]: [Concise, professionally phrased description of the risk's significance in context of the organization, likelihood, or impact.]"
|
||||
|
||||
Description Derivation:
|
||||
The [Risk Name] part should be the actual name of the risk from the input data (e.g., {{ item.risk.name }}).
|
||||
The [Concise, professionally phrased description] part must be synthesized from the provided risk_description field (e.g., {{ item.risk_description }}) associated with that risk. Aim to create a polished, impactful summary that clearly explains the risk's context, severity, or contributing factors.
|
||||
|
||||
Return it as plain text in the following format:
|
||||
Example Output Format:
|
||||
Introduction
|
||||
- Risk 1: Brief description of Risk 1
|
||||
- Risk 2: Brief description of Risk 2
|
||||
- Risk 3: Brief description of Risk 3
|
||||
"""
|
||||
|
||||
response = client.chat.completions.create(
|
||||
model="gpt-4o-mini",
|
||||
messages=[{"role": "system", "content": prompt}]
|
||||
)
|
||||
key_findings = response.choices[0].message.content.strip()
|
||||
return key_findings
|
||||
|
||||
|
||||
def generate_pdf(document):
|
||||
document_link = f"{site_domain}/document/{document.id}/"
|
||||
|
||||
Reference in New Issue
Block a user