Skip to content

Commit 82868bb

Browse files
authored
README polish: remove BuyMeACoffee, fix benchmark citations, upgrade ThreatRecall section, clean author block (#143)
1 parent b07e314 commit 82868bb

1 file changed

Lines changed: 16 additions & 33 deletions

File tree

README.md

Lines changed: 16 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,9 @@ It extracts CVEs, threat actors, IOCs, and ATT&CK techniques from analyst notes
1616
[![CI](https://github.com/rolandpg/zettelforge/actions/workflows/ci.yml/badge.svg)](https://github.com/rolandpg/zettelforge/actions)
1717
[![Open Issues](https://img.shields.io/github/issues/rolandpg/zettelforge?color=blue)](https://github.com/rolandpg/zettelforge/issues)
1818

19-
**[Star](https://github.com/rolandpg/zettelforge) · [`pip install zettelforge`](https://pypi.org/project/zettelforge/) · [Docs](https://docs.threatrecall.ai/) · [Hosted beta](https://threatrecall.ai) · [Roadmap](ROADMAP.md)**
19+
**[Star](https://github.com/rolandpg/zettelforge) · [`pip install zettelforge`](https://pypi.org/project/zettelforge/) · [Docs](https://docs.threatrecall.ai/) · [ThreatRecall (hosted)](https://threatrecall.ai) · [Changelog](CHANGELOG.md)**
2020

21-
<p align="center">
22-
<a href="https://www.buymeacoffee.com/xypher22pr0" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-green.png" alt="Buy Me a Coffee" style="height: 60px !important;width: 217px !important;" ></a>
23-
</p>
24-
25-
> **What's new in v2.6.2** (2026-04-27): the `/config` web editor now ships with working dropdowns for all enum fields (LLM provider, embedding provider, log level, governance PII action, synthesis format) and an Apply button that builds nested payloads against `/api/config`. Plus a new `[crewai]` extra exposes ZettelForge memory as CrewAI tools -- `pip install zettelforge[crewai]` and see [`examples/crewai_cti_crew.py`](examples/crewai_cti_crew.py). [Full changelog](CHANGELOG.md)
21+
> **v2.6.2** (2026-04-27): Config web editor ships with working dropdowns for all enum fields (LLM/embedding provider, log level, PII action, synthesis format) and a working Apply button. New `[crewai]` extra exposes ZettelForge as CrewAI tools -- `pip install zettelforge[crewai]`. [Full changelog](CHANGELOG.md)
2622
2723
<p align="center">
2824
<img src="https://raw.githubusercontent.com/rolandpg/zettelforge/master/docs/assets/demo.gif" width="720" alt="ZettelForge demo -- CTI agentic memory in action">
@@ -38,7 +34,7 @@ General-purpose AI memory systems don't fix this for security teams. They can't
3834

3935
ZettelForge was built for analysts who think in threat graphs. It extracts CVEs, threat actors, IOCs, and ATT&CK techniques automatically, resolves aliases across naming conventions, builds a knowledge graph with causal relationships, and retrieves memories using intent-aware blended search -- all in-process, with no external API dependency.
4036

41-
>"Memory augmentation closes 33% of the gap between small and large models on CTI tasks (CTI-REALM, Microsoft 2026)." [1]
37+
> Memory augmentation closes 33% of the gap between small and large models on CTI tasks ([CTI-REALM, Microsoft 2026](https://www.microsoft.com/en-us/security/blog/2026/03/20/cti-realm-a-new-benchmark-for-end-to-end-detection-rule-generation-with-ai-agents/), using GPT-4 as the large-model baseline). See [full benchmark report](benchmarks/BENCHMARK_REPORT.md) for methodology and comparisons.
4238
4339
| Capability | ZettelForge | Mem0 | Graphiti | Cognee |
4440
|---|---|---|---|---|
@@ -195,11 +191,11 @@ Evaluated against published academic benchmarks:
195191

196192
| Benchmark | What it measures | Score |
197193
|---|---|---|
198-
| **CTI Retrieval** | Attribution, CVE linkage, multi-hop | **75.0%** |
194+
| **CTI Retrieval** (CTIBench subset) | Attribution, CVE linkage, multi-hop | **75.0%** |
199195
| **RAGAS** | Retrieval quality (keyword presence) | **78.1%** |
200-
| **LOCOMO** (ACL 2024) | Conversational memory recall | **22.0%** *(with Ollama cloud models)* |
196+
| **LOCOMO** (ACL 2024) | Conversational memory recall | **22.0%** |
201197

202-
See the [full benchmark report](benchmarks/BENCHMARK_REPORT.md) for methodology and analysis.
198+
The **Score** column reports ZettelForge measurements run with Ollama-hosted models, with one exception: the LOCOMO row was re-measured at v2.1.1 using an Ollama cloud judge for evaluation grading (not local generation). See the [full benchmark report](benchmarks/BENCHMARK_REPORT.md) for benchmark-specific methodology, version history, and per-suite judge configuration.
203199

204200
## Detection Rules as Memory (Sigma + YARA)
205201

@@ -245,26 +241,18 @@ python examples/athf_bridge.py /path/to/hunts/
245241
See [examples/athf_bridge.py](examples/athf_bridge.py).
246242

247243

248-
## Extensions
244+
## ThreatRecall (Hosted)
249245

250-
ZettelForge ships a complete agentic memory core. Everything documented above works from a single `pip install`.
246+
[ThreatRecall](https://threatrecall.ai) is the commercial distribution of ZettelForge with enterprise extensions enabled. It is offered as managed SaaS by default, with optional self-hosted on-prem and air-gapped deployments for classified environments. Enterprise add-ons:
251247

252-
For teams that want TypeDB-scale graph storage, OpenCTI integration, or multi-tenant deployment, optional extensions are available:
248+
- **TypeDB STIX 2.1 backend** -- schema-enforced ontology with inference rules
249+
- **OpenCTI sync** -- bi-directional sync with your OpenCTI instance
250+
- **Multi-tenant auth** -- OAuth/JWT with per-tenant data isolation
251+
- **Sigma rule generation** -- detection rules from extracted IOCs (upcoming)
253252

254-
| Extension | What it adds |
255-
|---|---|
256-
| TypeDB STIX 2.1 backend | Schema-enforced ontology with inference rules |
257-
| OpenCTI sync | Bi-directional sync with OpenCTI instances |
258-
| Multi-tenant auth | OAuth/JWT with per-tenant isolation |
259-
| Sigma rule generation | Detection rules from extracted IOCs |
253+
SaaS deploys in minutes with no infrastructure to maintain. Self-hosted ships as a deployable bundle for environments where outbound network egress is restricted or prohibited.
260254

261-
Extensions install separately:
262-
263-
```bash
264-
pip install zettelforge-enterprise
265-
```
266-
267-
**Hosted (private beta):** [ThreatRecall](https://threatrecall.ai) is the managed SaaS version of ZettelForge with enterprise extensions enabled. Currently accepting waitlist signups and a limited number of design partners.
255+
**[Join the waitlist](https://threatrecall.ai)** -- currently onboarding design partners.
268256

269257
## Configuration
270258

@@ -284,15 +272,11 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup.
284272

285273
MIT -- See [LICENSE](LICENSE).
286274

287-
## About the author
288-
289-
Built by **Patrick Roland** -- Director of SOC Services at Summit 7 Systems, where he built the Vigilance MxDR practice from the ground up. Navy nuclear veteran, CISSP, CCP (CMMC 2.0 Professional). [LinkedIn](https://www.linkedin.com/in/patrickgroland/).
275+
Built by **Patrick Roland** -- [LinkedIn](https://www.linkedin.com/in/patrickgroland/) | Director of SOC Services, Summit 7 Systems | Navy nuclear veteran | CISSP, CCP (CMMC 2.0 Professional)
290276

291277
## Support the Project
292278

293-
ZettelForge is MIT-licensed. If it's useful in your workflow and you'd like to help keep it maintained:
294-
295-
<a href="https://www.buymeacoffee.com/xypher22pr0" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-green.png" alt="Buy Me a Coffee" style="height: 40px !important;width: 145px !important;" ></a>
279+
ZettelForge is MIT-licensed. Star the repo, open issues, and submit PRs — all contributions are welcome.
296280

297281
## Acknowledgments
298282

@@ -302,4 +286,3 @@ ZettelForge is MIT-licensed. If it's useful in your workflow and you'd like to h
302286
- Benchmarked against [LOCOMO](https://snap-research.github.io/locomo/) (ACL 2024) and [CTIBench](https://arxiv.org/abs/2406.07599) (NeurIPS 2024)
303287
- [LanceDB](https://lancedb.com) | [fastembed](https://github.com/qdrant/fastembed) | [Pydantic](https://pydantic.dev) | [TypeDB](https://typedb.com)
304288

305-
[1]: https://www.microsoft.com/en-us/security/blog/2026/03/20/cti-realm-a-new-benchmark-for-end-to-end-detection-rule-generation-with-ai-agents/

0 commit comments

Comments
 (0)