CYBER3.AI
RO · EN · ES · IT · DE · FR · RU · ZH

CYBER3 Security Copilot

Your friendly, expert Security Copilot — it doesn't just answer: it writes rules, scripts, playbooks and does forensics, all grounded in your real environment.

🛡️ Defensive · 🇪🇺 EU sovereignty · ⚖️ Human-in-the-loop

💬 Analyste

Grounded answers to security questions, from proprietary threat-intel and your scan, with source citation — not generic opinions.

🛡️ Code & règles

Ready-to-use defensive security code, on your environment: detection rules (Sigma/YARA/Suricata), hardening/remediation scripts, firewall config, SIEM queries (KQL/SPL).

title: Detectare utilizare SMBv1 (EternalBlue-risk)
logsource: { product: windows, service: smb }
detection:
  sel: { EventID: 0x72 }   # SMB1 Negotiate
  condition: sel
level: high

📋 Playbook de réponse à incident

Step-by-step procedures per incident type (ransomware, phishing, compromised host…), on the NIST/SANS lifecycle, with commands — containment steps marked ‘review before executing’.

1. DETECT   — confirm the alert, scope it (hosts, VLAN).
2. CONTAIN  — [review] isolate the switch port; block IOCs on the firewall.
3. ERADICATE— remove persistence, reset exposed credentials.
4. RECOVER  — restore from clean backup; watch for re-infection.
5. LESSONS  — report + new detection rules.

🔬 Forensique

Reconstruct a timeline from artifacts, find root cause, extract IOCs — with integrity: marks what is proven vs. inferred. No fabrication.

Timeline (proven from the journal):
  01:59:16  journal cut abruptly, no shutdown   → POWER LOSS (proven)
  02:01:26  boot                                → reboot (proven)
Likely cause (inferred): inline sensor without bypass → dead segment ~2 min.

Strictly defensive (exploit/malware/attack = refused). Code ships with ‘review before running’, no auto-execution on your systems. No credentials in code. AI with human oversight (EU AI Act).

Commencer avec CYBER3 Security Copilot →

← Retour à CYBER3.AI