How-to Guides
Task-oriented guides that answer “how do I accomplish X?” Pick the guide for your goal — no need to read them in order.
| Guide | Description |
|---|---|
| Connect to Platforms | Authenticate and query ThreatQ, VirusTotal, ShadowServer, Rapid7, Nucleus, and more |
| Use Abuse.ch Feeds | Query URLhaus, MalwareBazaar, ThreatFox, Feodo Tracker, and SSLBL through the unified abusech connector |
| Work with STIX Objects | Create, relate, and serialize STIX 2.1 objects using the GNAT ORM |
| Run the Ingest Pipeline | Pull data from blocklists, TAXII feeds, CSV files, and Splunk |
| Use Workspaces | Manage investigation workspaces and a global context registry |
| Export Indicators | Deliver indicators to Palo Alto EDLs, Netskope CE, and STIX bundle files |
| Schedule Feeds | Configure recurring ingest and export jobs with FeedScheduler |
| Use AI Agents | Run AI-assisted research, parsing, and M365 content ingestion |
| Use the Research Library | Cache, curate, and reuse threat research results |
| Generate Reports | Create PDF/HTML/DOCX reports with or without AI assistance |
| Visualize Data | Render graphs, timelines, risk heatmaps, and tables |
| Use the Async Client | Gather data from multiple platforms concurrently |
| Use the Analysis Layer | Confidence scoring, TLP, analyst investigations, correlation, timelines, graph queries, and AI-assisted drafting |
| Build Cross-Platform Investigations | Collect and correlate evidence from multiple platforms into a unified evidence graph |
| Create Intelligence Reports | Author structured intelligence products with a formal lifecycle and STIX 2.1 export |
| Disseminate Intelligence | Export, webhook notifications, TAXII 2.1 serving, and REST API gateway |
| Phase 4 — Control, Reasoning, Safety | |
| Use the Execution Context | Create and propagate ExecutionContext; enforce domain boundaries and trust levels; track query budgets |
| Use the Reasoning Engine | Score and rank observables; propose, evaluate, and close hypotheses; track negative evidence |
| Agent Governance | Permission checks, rate limiting, HITL review, XSOAR escalation, and agent audit trails |
| Authoring Rules | Write hypothesis evaluation rules in Hy, YAML, or Prolog |
Diataxis note: How-to guides are task-oriented. For background understanding, see the Explanation docs. For exact API details, see the Reference docs.
Licensed under the Apache License, Version 2.0