Skip to main content
Use these samples when you need a concrete investigation flow instead of a conceptual playbook. Each example shows the starting prompt or scenario, the API or MCP sequence, representative response excerpts, and a final answer shape.

CVE investigation

Resolve a CVE, retrieve exploitation evidence, pivot relationships, and run a CVE assessment.

IOC assessment

Preserve exact IOC strings while checking evidence, relationships, and disposition.

Actor lookup

Resolve actor aliases, pivot campaigns and malware, and return actor-focused guidance.

Domain and malware pivot

Start from a domain, discover related malware or campaigns, and validate claims with evidence.

Environment prioritization

Rank current threats for a described environment and validate the top signals.

MCP sessions

Prompt patterns and representative tool sequences for Kyberis-enabled agents.

REST scripts

Runnable cURL and Python-oriented examples for direct API integrations.

How to use the Examples

  • Use the workflow pages in Threat investigations to understand the investigation model.
  • Use these sample pages to copy request structure, agent_context, and final answer shape.
  • Treat response excerpts as representative. Live responses can vary as intelligence changes.
  • Preserve request_id, run_id, step_id, evidence IDs, confidence, and caveats in demos and user-facing summaries.

Safety Notes

  • Never paste live API keys, bearer tokens, or connect tokens into examples.
  • Do not present relationship pivots as proof without evidence.
  • Separate facts from inference in every final recommendation.