Security Assessment Platform

Security Assessment

Configuration▸

Vision One API Key

Region / Endpoint

Time Interval

Data Sources

Network Activities Detection Events Endpoint Telemetry Email Activities Cloud Activities Identity Activities Container Activities Mobile Activities

Select which Vision One data sources to search. Network + Detections selected by default. Enable more for comprehensive results (slower).

Pre-built Searches

⏳

Loading searches...

Custom CSV Upload

CSV Format

Column	Required	Description	Example
`name`	Yes	Search display name	AI_Usage_OpenAI
`query`	Yes	TMV1 search query	`hostName:(*.openai.com)`
`description`	No	Description	Monitor OpenAI
`sorting`	No	Aggregation field	hostnameDNS, ruleName
`log_type`	No	API type	network, detections
`orientation`	No	Chart style	horizontal, vertical

Query syntax: hostName:(*.example.com) | app:(RDP OR SSH) | dstPort:(22 OR 3389) | ruleName:(*SSH*)

Templates:

📄

Drag & drop your CSV file here

or click to browse (max 2MB)

Manage Searches

Global Configuration config.json ▸

The base query is prepended to all searches. It filters which sensor data to search. (productCode:pdi OR productCode:xns) = NDR sensors only.

Base Query (prepended to all searches)

Search Definitions searches.csv 0 ▸

How searches work

Column	Description
`category`	Group name (Network, SSH, PUA, RDP, Geo, Vendor, Threats)
`name`	Display name (must be unique)
`sorting`	API field to count by: `suid`, `hostName`, `app`, `ruleName`, `serverPort`, `clientIp`, `serverIp`, `requestMethod`, `respCode`, `sslCertCommonName`, `fileName`, `fileType`, `respAppVersion`, `request`
`log_type`	`network` = /v3.0/search/networkActivities `detections` = /v3.0/search/detections `everything` = both endpoints
`ppt_slide`	Slide number in PowerPoint template (empty = Excel only)
`enabled`	`true` or `false`
`query_type`	`base` = just base query, no filter `filter` = base query AND query_value `domains` = base query AND hostName:(domain1 OR domain2...) from file `tlds` = base query AND hostName:(.tld1 OR .tld2...) from space-separated list `raw` = query_value used as-is (no base query)
`query_value`	Depends on query_type: filter expression, domain filename, TLD list, or raw query

Domain Lists templates/domains/ ▸

Domain list files are used by query_type=domains searches. One domain per line. Lines starting with # are comments.

AI Security Scan (TMAS)

Test LLM endpoints against OWASP LLM Top 10 and MITRE ATT&CK frameworks.

Scan Configuration▸

LLM Provider

Endpoint

Model

LLM API Key

Vision One API Key (TMAS)

Attack Preset

TMAS Region

Timeout (sec)

System Prompt (optional)

Workflow Runs

Auto

⚙

Loading...

Trigger Workflow

V1 API Key

Provider

Model

LLM API Key

Preset

Region

V1 API Key

Base URL

Time (hours)

POC Security Assessment Pipeline

Automated proof-of-concept assessment: validate searches, collect data, analyze findings, generate reports, and quality check - all in one pipeline.

1

Validate

Test all searches

→

2

Collect

Fetch all data

→

3

Analyze

Generate insights

→

4

Report

PPT + Excel

→

5

QA Check

Verify accuracy

POC Configuration▸

Vision One API Key

Region

Time Window

Step 1 Search Validator Agent ▸

Probes all 39 searches with countOnly to verify API connectivity, query validity, and estimated data volume per search.

Step 2 Data Collector Agent ▸

Runs the full assessment: 30-min time chunks, streaming aggregation, smart chunk sizing via countOnly probes. Generates Excel + PowerPoint.

Step 3 Data Analyzer Agent ▸

Analyzes collected data: identifies top findings per category, generates risk assessments, and creates insight summaries.

Step 4 Report Builder Agent ▸

Generates branded PowerPoint report (v2.0 template), Excel workbooks, and downloadable assessment package.

Run data collection first to generate reports.

Step 5 Quality Checker Agent ▸

Validates data completeness, cross-references record counts, checks for anomalies, and produces a QA scorecard.

Assessment Sessions

All assessment and scan sessions are saved on the server. You can close the browser and come back - running jobs continue in the background.

☰

Loading sessions...

History

📄

No history yet