AbuseIPDB IP reputation lookups for SOC alert triage via Analysi. Use when checking IP abuse confidence scores, investigating brute force or scanning activity, or enriching alerts with crowd-sourced threat intelligence.
Active Directory LDAP user attribute lookups and identity context queries during SOC alert triage. Use when investigating user accounts, group memberships, authentication anomalies, lockouts, privileged access, or correlating alerts with AD data via Analysi.
Write and debug Cy language scripts for automation and workflow composition. Use when working with .cy files, Security Tasks, writing Cy programs, or debugging Cy syntax errors.
Investigate security alerts, analyze IOCs, triage incidents, and perform threat analysis. Covers SIEM alerts, SOC workflows, malware, phishing, brute force, web attacks, network traffic, and log analysis. Use when building cybersecurity Tasks/Workflows or performing incident response.
Echo EDR endpoint detection and response for SOC alert triage. Use when investigating endpoint threats, checking process activity, retrieving host attributes, analyzing behavioral indicators, or correlating endpoint telemetry with alert data via Analysi.
DNS resolution, reverse lookups, and mail/TXT/NS/SOA queries via Analysi's Global DNS for SOC triage. Use when investigating suspicious domains, resolving IPs to hostnames, checking SPF/DKIM/DMARC in phishing analysis, or correlating network indicators with domain infrastructure.
Build hypothesis generation tasks for security investigation workflows. Use when creating tasks that form investigation hypotheses from runbooks. These tasks combine static hypotheses (baked in at Kea-time) with dynamic LLM augmentation (at runtime).
MAC address OUI vendor lookup via Analysi mac_vendors integration for device identification during SOC investigations. Use when triaging alerts involving MAC addresses, identifying device manufacturers, detecting rogue/unauthorized hardware, or enriching network-layer IOCs with vendor context.