Response playbooks

Automated threat response

Four default rules cover the most common cloud attack patterns. Encode your own by mapping an asset tag and severity floor to the right action — e.g.critical brute-force @ database → block + alertis a one-click rule with no code change required.

No playbooks yet.

Recent action logs
Persisted record of every dispatched action — confirms execution.

No actions dispatched yet.

Recent threat events
All synthetic events recorded for audit and replay.

No threat events captured yet.