Instructions to use radheneev/socpilot-0.5b with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use radheneev/socpilot-0.5b with Transformers:

# Use a pipeline as a high-level helper
from transformers import pipeline

pipe = pipeline("text-generation", model="radheneev/socpilot-0.5b")
messages = [
    {"role": "user", "content": "Who are you?"},
]
pipe(messages)

# Load model directly
from transformers import AutoTokenizer, AutoModelForCausalLM

tokenizer = AutoTokenizer.from_pretrained("radheneev/socpilot-0.5b")
model = AutoModelForCausalLM.from_pretrained("radheneev/socpilot-0.5b")
messages = [
    {"role": "user", "content": "Who are you?"},
]
inputs = tokenizer.apply_chat_template(
	messages,
	add_generation_prompt=True,
	tokenize=True,
	return_dict=True,
	return_tensors="pt",
).to(model.device)

outputs = model.generate(**inputs, max_new_tokens=40)
print(tokenizer.decode(outputs[0][inputs["input_ids"].shape[-1]:]))

Notebooks
Google Colab
Kaggle
Local Apps

vLLM

How to use radheneev/socpilot-0.5b with vLLM:

Install from pip and serve model

# Install vLLM from pip:
pip install vllm
# Start the vLLM server:
vllm serve "radheneev/socpilot-0.5b"
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:8000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "radheneev/socpilot-0.5b",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker

docker model run hf.co/radheneev/socpilot-0.5b

SGLang

How to use radheneev/socpilot-0.5b with SGLang:

Install from pip and serve model

# Install SGLang from pip:
pip install sglang
# Start the SGLang server:
python3 -m sglang.launch_server \
    --model-path "radheneev/socpilot-0.5b" \
    --host 0.0.0.0 \
    --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "radheneev/socpilot-0.5b",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker images

docker run --gpus all \
    --shm-size 32g \
    -p 30000:30000 \
    -v ~/.cache/huggingface:/root/.cache/huggingface \
    --env "HF_TOKEN=<secret>" \
    --ipc=host \
    lmsysorg/sglang:latest \
    python3 -m sglang.launch_server \
        --model-path "radheneev/socpilot-0.5b" \
        --host 0.0.0.0 \
        --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "radheneev/socpilot-0.5b",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Docker Model Runner
How to use radheneev/socpilot-0.5b with Docker Model Runner:
```
docker model run hf.co/radheneev/socpilot-0.5b
```

SOCPilot-0.5B: Your AI Copilot for Security Operations

Open-source SIEM-specialized AI model | Production ready

Overview

SOCPilot is the open-source AI model specialized for SIEM alert triage. Built on Qwen2.5-0.5B and fine-tuned on 100,000 real security alerts, it automates Security Operations Center workflows with production-grade accuracy.

Use Cases

Current (v1.0)

Automated Suricata IDS/IPS alert triage
Reduce alert fatigue by 70-80%
Speed up incident response
Identify critical threats vs noise
SOC analyst training and validation

Basic Usage

The model can be loaded using Hugging Face Transformers:

AutoModelForCausalLM.from_pretrained("radherackbank/socpilot-0.5b")
AutoTokenizer.from_pretrained("radherackbank/socpilot-0.5b")

Technical Details

Model Architecture

Base Model: Qwen2.5-0.5B-Instruct (494M parameters)
Fine-tuning Method: LoRA (Low-Rank Adaptation)
- Rank: 16
- Alpha: 32
- Target modules: q_proj, k_proj, v_proj, o_proj, gate_proj, up_proj, down_proj
- Trainable parameters: 8.8M (1.78% of total)
Quantization: 4-bit NF4
Precision: BFloat16 mixed precision

Training Details

Dataset: 100,000 real Suricata eve.json alerts
Split: 90,000 training, 10,000 validation
Framework: HuggingFace Transformers + PEFT
Optimizer: PagedAdamW (8-bit)

Limitations

Trained specifically on Suricata eve.json format
May not generalize to other SIEM formats
Small model size (0.5B parameters) - larger versions planned
Requires GPU for optimal performance
May hallucinate on very rare or novel attack patterns
Accuracy is reported on an internal validation dataset and should not be interpreted as a guarantee of performance in all environments.

License

Apache License 2.0 - Free for commercial and research use

This license includes an explicit grant of patent rights from contributors.

Acknowledgments

Built on Qwen2.5-0.5B-Instruct (Apache 2.0)
Fine-tuned on 100K real security alerts

Contributing

Interested in contributing? We welcome:

Additional SIEM format support
Evaluation datasets and benchmarks
Bug reports and fixes
Documentation improvements
Integration examples

Intended Use

This model is intended to assist SOC analysts with alert triage and prioritization. It is designed as a decision-support tool.

Not Intended Use

This model is not intended to replace human analysts or perform autonomous incident response.

Making SOC operations intelligent, one alert at a time

Downloads last month: 16

Safetensors

Model size

0.5B params

Tensor type

F32

Model tree for radheneev/socpilot-0.5b

Base model

Qwen/Qwen2.5-0.5B

Finetuned

Qwen/Qwen2.5-0.5B-Instruct

Adapter

(582)

this model

Evaluation results

Priority Classification
self-reported

99.990