π‘οΈ Security Workflows¶
Siyarix is designed to handle the heavy lifting of your day-to-day security operations. From initial reconnaissance to incident response and compliance, here are the core workflows you can run right out of the box.
π Network Reconnaissance¶
Before you can secure a network, you have to understand it. Siyarix offers multiple ways to map your environment.
# β‘ Quick Scan: Find live hosts and check the top 100 ports
siyarix scan-quick 10.0.0.0/24
# π Full Scan: Scan all 65,535 ports and detect service versions
siyarix scan-full target.example.com
# π΅οΈ Deep Scan: A 4-pass scan (discovery β fingerprint β vuln β enumeration)
siyarix scan-deep target.example.com
# πΊοΈ Discovery: Basic asset and service mapping
siyarix discover example.com
# π§ AI-Powered Recon: Just ask!
siyarix run "enumerate all subdomains and live hosts for example.com"
# π΄ Offline Recon: Scan without relying on an AI provider
siyarix scan 10.0.0.0/24 --mode offline
π― Vulnerability Assessment¶
Once you know what's out there, find out where it's weak.
# π£οΈ Natural Language Scan
siyarix run "scan target.example.com for common vulnerabilities"
# π Web App Scan: Specialized multi-tool preset for web targets
siyarix scan-web https://target.com
# π€ Agent-Driven Assessment: Let the AI handle the complex logic
siyarix agent "find all vulnerabilities on the web server and categorize by severity"
# πΎ Deep Scan & Save: Run a deep scan and persist results
siyarix scan-deep 10.0.0.1 --save
πΈοΈ Web Application Testing¶
Web apps are often the weakest link. Siyarix chains together standard tools (like Nikto, Nuclei, WPScan, and WhatWeb) dynamically based on what it fingerprints.
# π¨ OWASP Top 10 automated scan
siyarix run "scan web application at https://target.com for OWASP Top 10"
# π οΈ Standard Web Preset
siyarix scan-web https://target.com
π¨ Incident Response¶
When things go wrong, Siyarix helps you manage the chaos.
# π View the high-level security dashboard
siyarix security dashboard
# π List all currently active incidents
siyarix security incidents
# π Drill down into a specific incident
siyarix security incident INC-001
# π Manually create a new incident ticket
siyarix security incident-create --title "SQLi on login" --description "Blind SQL injection detected" --category intrusion --severity high
# π List your pre-defined incident response playbooks
siyarix security playbooks
# π Execute a playbook to contain a threat
siyarix playbook run response-playbook.yml
π₯· Exploitation and Red Team Campaigns¶
(For authorized engagements only!) Siyarix can help manage multi-phase red team operations.
# πΊοΈ Plan a complex campaign using natural language
siyarix run "plan campaign: recon -> scan -> enumerate -> exploit"
# Track your campaign's progress interactively via the /campaign command in the REPL!
π΅οΈ Threat Hunting and Intelligence¶
Proactively hunt for bad actors in your environment.
# π― Execute a predefined hunt query
siyarix security hunt q_ps_exec
# π View all available threat hunt queries
siyarix security queries
# π Filter queries by specific MITRE tactics
siyarix security queries --mitre-tactic execution
# π See your overall MITRE ATT&CK coverage
siyarix security mitre-coverage
π Compliance and Governance¶
Prepare for your audits automatically.
# ποΈ Run SOC 2 compliance checks against a specific target
siyarix compliance run SOC2 10.0.0.1
# π Generate a beautiful, HTML compliance report
siyarix report generate --format html --output compliance-report.html
Note
Siyarix is building support for major frameworks including: SOC 2, ISO 27001, NIST 800-53, GDPR, HIPAA, and PCI-DSS.
π€ Autonomous Agent Workflows¶
Let the AI take the wheel. The agent decomposes objectives, assigns sub-tasks, executes them, and aggregates the final results.
# π§ Full autonomous multi-step objective
siyarix agent "enumerate all services, find vulnerabilities, generate a report"
# β οΈ Force autonomous mode (No confirmation prompts!)
siyarix agent "scan network" --mode autonomous
π Audit Trail Verification¶
Every single command run by Siyarix is logged using a cryptographic SHA-256 hash chain. This provides tamper-evident proof of your actions for compliance and review.