Analyst workspace
A single pane for investigations, entity resolution, and correlation scoring—designed so analysts spend time on judgment, not tab switching.
Reference map of primary areas in the analyst UI. Deeper API fields are listed in the integration guide (available under NDA for Enterprise).
| Module | Purpose | Key actions |
|---|---|---|
| Investigations | Case workspace for pivots, notes, and collaborators. | Create case, attach IOCs, set priority, export bundle. |
| Link graph | Visual exploration of entities and confidence-weighted edges. | Pan/zoom, filter by type, expand neighbors, snapshot PNG. |
| IOCs & files | Structured list with hash, reputation, and sighting history. | Pivot to investigation, push to SIEM webhook, tag campaign. |
| Reports | Executive and technical PDF/Markdown from graph + timeline. | Templates, redaction rules, scheduled digest (Business+). |
High-level matrix—exact quotas are set in your order form.
| Capability | Team | Business | Enterprise |
|---|---|---|---|
| Analyst seats | ≤ 10 | ≤ 40 | Custom / fair use |
| Graph API & bulk export | Read-only | Full | Full + dedicated |
| SSO (SAML) | — | Yes | Yes |
| On-prem / VPC deployment | — | — | Optional |
Base URL pattern: https://api.cybersec0x.com/v1 (placeholder). Authenticate with Authorization: Bearer <token> issued per tenant.
GET /investigations — list and filter cases.POST /entities/correlate — submit pivots; returns merged entities + scores.GET /graph/{id} — adjacency for a case (rate limits apply on Team).OpenAPI specification is provided to Business and Enterprise customers.
Correlation graph
Duplicate identities and aliases are merged into canonical entities. Every observation keeps provenance so you can trace back to the original source or ticket.
One-click exports summarize the graph, key findings, and open questions—ready for leadership briefings or case handover.
Read the analyst workflow →