CVE investigation
Resolve a CVE, retrieve exploitation evidence, pivot relationships, and run a CVE assessment.
IOC assessment
Preserve exact IOC strings while checking evidence, relationships, and disposition.
Actor lookup
Resolve actor aliases, pivot campaigns and malware, and return actor-focused guidance.
Domain and malware pivot
Start from a domain, discover related malware or campaigns, and validate claims with evidence.
Environment prioritization
Rank current threats for a described environment and validate the top signals.
MCP sessions
Prompt patterns and representative tool sequences for Kyberis-enabled agents.
REST scripts
Runnable cURL and Python-oriented examples for direct API integrations.
How to use the Examples
- Use the workflow pages in Threat investigations to understand the investigation model.
- Use these sample pages to copy request structure,
agent_context, and final answer shape. - Treat response excerpts as representative. Live responses can vary as intelligence changes.
- Preserve
request_id,run_id,step_id, evidence IDs, confidence, and caveats in demos and user-facing summaries.
Safety Notes
- Never paste live API keys, bearer tokens, or connect tokens into examples.
- Do not present relationship pivots as proof without evidence.
- Separate facts from inference in every final recommendation.
