Analyst workflow — CyberSec0x

Pipeline stages

Operational view of how data moves through CyberSec0x. SLAs are contractual; numbers below are documentation defaults.

Stage	Owner	Primary output	Typical tooling
Ingestion	Analyst / automation	Normalized pivots + case ID	UI paste, CSV, SOAR webhook
Correlation	Platform	Entity graph + confidence	Core engine, optional ML assist
Analysis	CTI / SOC	Decision + narrative	Console, timeline, comments
Delivery	CTI / IR lead	Report + IOC package	PDF export, SIEM push, API

Deliverables & formats

Artifact	Format	Best for
Executive one-pager	PDF (branded)	Leadership, steering committees
Technical annex	Markdown / PDF	IR handover, peer CTI review
IOC bundle	JSON, STIX 2.1 (roadmap)	Detection engineering, SIEM import
Graph snapshot	PNG, SVG	Slides, knowledge base

Roles & permissions (recommended)

Map your IdP groups to platform roles. Custom roles are available on Enterprise.

Analyst — create/edit investigations, run correlation, export reports.
Reviewer — read-only across tenant; comment allowed.
Admin — user provisioning, API keys, audit log export.

1
Ingestion Enter or import pivots from OSINT, internal streams, or ticketing—structured fields or bulk upload.
2
Correlation Automatic linking across people, accounts, domains, URLs, and file artifacts with scoring.
3
Analysis Graph, timeline, and confidence to decide: ignore, enrich, or escalate to incident response.
4
Deliverable Export PDF or Markdown; webhooks and APIs for SIEM and case management tools.

Alerts processed vs. open investigations (illustrative)

Integrations

CyberSec0x is built to sit next to your existing stack. Connect ticketing for case IDs, push high-confidence IOCs to your SIEM, or archive finalized reports to your document store—without duplicating raw intelligence in unsecured channels.

Discuss integration options →